The Apple iOS 7 'security flaw' is only a problem if you make it so

Sep 20, 2013 by Bruce Baer Arnold, The Conversation
It didn’t take long for someone to figure out how to get around the lock screen on Apple’s newest operating system. Credit: Janitors

Are you worried about reporting that the new Apple iOS 7 update – officially released on Wednesday – already has a "security flaw"?

If you're overwhelmingly concerned about security, write your secrets on a piece of paper, place the paper in a safe, wrap the safe in a ton of concrete and then drop it in the deepest part of the ocean. Comfort yourself with the unlikelihood of disclosure and ignore the inconvenience of a trip to the Marianas Trench every time you want to update the secret information.

Don't ever confide information. Don't ever share with the National Security Agency (NSA), the British Government Communications Headquarters (GCHQ) and other government agencies by using telecommunications. Don't use a bank account, given the potential for unwanted disclosure.

Few people will go to those lengths to protect information. Instead many people seek to identify and thereby manage risk. In the we need to recognise that absolute security equals absolute unusability.

What's the flaw?

The user-friendliness that makes mobile phones, pads, laptops and other handy devices so useful results in potential dangers. Not all dangers are equally severe. Some are readily fixed. We thus shouldn't be too frightened by hyperbole about the iOS, the software used in the latest generation of iPhones.

Exploiting the flaw is actually quite complicated. While the steps are easily found online, they require a series of quick, specific actions to access a phone's apps from behind the lock screen.

Easy if you're Rubik Cube expert. More difficult if you're an ordinary human … and Apple's coming to the rescue with a fix.

Technology watchers and enthusiasts have warned that the flaw allows people to illicitly bypass the "lock" on the iPhone screen and thereby gain access to photos stored on the device.

The bypass also enables unauthorised access to the email and social network service accounts (for example Facebook) that the phone's owner uses to share those images. Not everyone has linked their phone to Twitter, Facebook, Tumblr or other services.

Bypassing will thus often result in embarrassment – you really didn't want anyone to see that selfie – but not allow an offender to hijack your email and Facebook page.

An easy fix

The isn't "new". Instead it is a software fault that has been discovered by enthusiasts and will presumably be fixed by Apple, in the same way that flaws in software for a range of devices are detected and fixed.

The reality of consumer software development is that users are part of a security ecosystem. They discover problems – sometimes accidentally, sometimes deliberately. Many software vendors welcome that discovery, but others do not, such as controversy about vehicle protection software.

The iOS 7 flaw reflects the complexity of the software, attributable to Apple's emphasis on usability. It is regrettable but such flaws are inevitable.

Does the flaw pose a fundamental threat? Is it time to throw your new phone in the ocean or ask for your money back? We should be wary about hyperbole.

If you are truly concerned about mobile phone security a simple and practical solution is don't leave the device unattended. Keep it in your pocket or desk or in a bag that isn't accessible without your knowledge.

In the security ecosystem, safety involves you sharing responsibility. Don't expect Apple or government to come to the rescue if you are careless and ask for trouble.

Explore further: Web users reward Palestinian who exposed Facebook flaw

add to favorites email to friend print save as pdf

Related Stories

Georgia Tech uncovers iOS security weaknesses

Jul 31, 2013

Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications ...

Recommended for you

Researchers jailbreak iOS 7.1.2

8 hours ago

Security researchers at the Georgia Tech Information Security Center (GTISC) have discovered a way to jailbreak current generation Apple iOS devices (e.g., iPhones and iPads) running the latest iOS software.

Smartphones as a health tool for older adults

9 hours ago

A team of researchers from the Universitat Politècnica de Catalunya · BarcelonaTech (UPC) and the Universitat Autònoma de Barcelona (UAB) is creating a smartphone app that will help older adults to understand ...

Can you trust that app?

9 hours ago

You're on your smartphone, browsing through Facebook. In a fit of productivity, you search for, say, a project management app to help you use your non-Instagram and cat video time more effectively. You download ...

Facebook's expands in Zambia

Jul 31, 2014

(AP)—Facebook's project is taking another step toward its goal of bringing the Internet to people who are not yet online with an app launching Thursday in Zambia.

Body by smartphone

Jul 30, 2014

We love our smartphones. Since they marched out of the corporate world and into the hands of consumers about 10 years ago, we've relied more and more on our iPhone and Android devices to organize our schedules, ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Sep 22, 2013
What a ridiculous article. Putting aside the issues with the author's philosophical stance on information sharing, the issue isn't that there is a flaw with iOS (flaws happen), it's that Apple takes so bloody long to put out fixes for these problems.

Months, sometimes years go by with no fix issued for serious issues. Can you imagine the enraged screams if Google or Microsoft went that long without issuing a fix for a problem like this? And people would be right to call out those companies. Don't jump to Apple's defense on an issue like this. Fixing *any* security flaw should be top priority for them... and it clearly isn't.
1 / 5 (4) Sep 22, 2013
It still isn't out on the 4S yet :/

What I've heard from a few people is that it looks like the Android.