The Apple iOS 7 'security flaw' is only a problem if you make it so

Sep 20, 2013 by Bruce Baer Arnold, The Conversation
It didn’t take long for someone to figure out how to get around the lock screen on Apple’s newest operating system. Credit: Janitors

Are you worried about reporting that the new Apple iOS 7 update – officially released on Wednesday – already has a "security flaw"?

If you're overwhelmingly concerned about security, write your secrets on a piece of paper, place the paper in a safe, wrap the safe in a ton of concrete and then drop it in the deepest part of the ocean. Comfort yourself with the unlikelihood of disclosure and ignore the inconvenience of a trip to the Marianas Trench every time you want to update the secret information.

Don't ever confide information. Don't ever share with the National Security Agency (NSA), the British Government Communications Headquarters (GCHQ) and other government agencies by using telecommunications. Don't use a bank account, given the potential for unwanted disclosure.

Few people will go to those lengths to protect information. Instead many people seek to identify and thereby manage risk. In the we need to recognise that absolute security equals absolute unusability.

What's the flaw?

The user-friendliness that makes mobile phones, pads, laptops and other handy devices so useful results in potential dangers. Not all dangers are equally severe. Some are readily fixed. We thus shouldn't be too frightened by hyperbole about the iOS, the software used in the latest generation of iPhones.

Exploiting the flaw is actually quite complicated. While the steps are easily found online, they require a series of quick, specific actions to access a phone's apps from behind the lock screen.

Easy if you're Rubik Cube expert. More difficult if you're an ordinary human … and Apple's coming to the rescue with a fix.

Technology watchers and enthusiasts have warned that the flaw allows people to illicitly bypass the "lock" on the iPhone screen and thereby gain access to photos stored on the device.

The bypass also enables unauthorised access to the email and social network service accounts (for example Facebook) that the phone's owner uses to share those images. Not everyone has linked their phone to Twitter, Facebook, Tumblr or other services.

Bypassing will thus often result in embarrassment – you really didn't want anyone to see that selfie – but not allow an offender to hijack your email and Facebook page.

An easy fix

The isn't "new". Instead it is a software fault that has been discovered by enthusiasts and will presumably be fixed by Apple, in the same way that flaws in software for a range of devices are detected and fixed.

The reality of consumer software development is that users are part of a security ecosystem. They discover problems – sometimes accidentally, sometimes deliberately. Many software vendors welcome that discovery, but others do not, such as controversy about vehicle protection software.

The iOS 7 flaw reflects the complexity of the software, attributable to Apple's emphasis on usability. It is regrettable but such flaws are inevitable.

Does the flaw pose a fundamental threat? Is it time to throw your new phone in the ocean or ask for your money back? We should be wary about hyperbole.

If you are truly concerned about mobile phone security a simple and practical solution is don't leave the device unattended. Keep it in your pocket or desk or in a bag that isn't accessible without your knowledge.

In the security ecosystem, safety involves you sharing responsibility. Don't expect Apple or government to come to the rescue if you are careless and ask for trouble.

Explore further: Web users reward Palestinian who exposed Facebook flaw

add to favorites email to friend print save as pdf

Related Stories

Georgia Tech uncovers iOS security weaknesses

Jul 31, 2013

Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications ...

Recommended for you

Review: 'Hearthstone' card game is the real deal

3 hours ago

Video game publishers don't take many risks with their most popular franchises. You know exactly what you are going to get from a new "Call of Duty" or "Madden NFL" game—it will probably be pretty good, ...

Microsoft expands ad-free Bing search for schools

Apr 23, 2014

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

gopher65
5 / 5 (1) Sep 22, 2013
What a ridiculous article. Putting aside the issues with the author's philosophical stance on information sharing, the issue isn't that there is a flaw with iOS (flaws happen), it's that Apple takes so bloody long to put out fixes for these problems.

Months, sometimes years go by with no fix issued for serious issues. Can you imagine the enraged screams if Google or Microsoft went that long without issuing a fix for a problem like this? And people would be right to call out those companies. Don't jump to Apple's defense on an issue like this. Fixing *any* security flaw should be top priority for them... and it clearly isn't.
Sinister1811
1 / 5 (4) Sep 22, 2013
It still isn't out on the 4S yet :/

What I've heard from a few people is that it looks like the Android.

More news stories

Facebook buys fitness app Moves

Facebook has bought the fitness app Moves, which helps users monitor daily physical activity and their calorie counts on a smartphone.

Cell resiliency surprises scientists

New research shows that cells are more resilient in taking care of their DNA than scientists originally thought. Even when missing critical components, cells can adapt and make copies of their DNA in an alternative ...