The Apple iOS 7 'security flaw' is only a problem if you make it so

Sep 20, 2013 by Bruce Baer Arnold, The Conversation
It didn’t take long for someone to figure out how to get around the lock screen on Apple’s newest operating system. Credit: Janitors

Are you worried about reporting that the new Apple iOS 7 update – officially released on Wednesday – already has a "security flaw"?

If you're overwhelmingly concerned about security, write your secrets on a piece of paper, place the paper in a safe, wrap the safe in a ton of concrete and then drop it in the deepest part of the ocean. Comfort yourself with the unlikelihood of disclosure and ignore the inconvenience of a trip to the Marianas Trench every time you want to update the secret information.

Don't ever confide information. Don't ever share with the National Security Agency (NSA), the British Government Communications Headquarters (GCHQ) and other government agencies by using telecommunications. Don't use a bank account, given the potential for unwanted disclosure.

Few people will go to those lengths to protect information. Instead many people seek to identify and thereby manage risk. In the we need to recognise that absolute security equals absolute unusability.

What's the flaw?

The user-friendliness that makes mobile phones, pads, laptops and other handy devices so useful results in potential dangers. Not all dangers are equally severe. Some are readily fixed. We thus shouldn't be too frightened by hyperbole about the iOS, the software used in the latest generation of iPhones.

Exploiting the flaw is actually quite complicated. While the steps are easily found online, they require a series of quick, specific actions to access a phone's apps from behind the lock screen.

Easy if you're Rubik Cube expert. More difficult if you're an ordinary human … and Apple's coming to the rescue with a fix.

Technology watchers and enthusiasts have warned that the flaw allows people to illicitly bypass the "lock" on the iPhone screen and thereby gain access to photos stored on the device.

The bypass also enables unauthorised access to the email and social network service accounts (for example Facebook) that the phone's owner uses to share those images. Not everyone has linked their phone to Twitter, Facebook, Tumblr or other services.

Bypassing will thus often result in embarrassment – you really didn't want anyone to see that selfie – but not allow an offender to hijack your email and Facebook page.

An easy fix

The isn't "new". Instead it is a software fault that has been discovered by enthusiasts and will presumably be fixed by Apple, in the same way that flaws in software for a range of devices are detected and fixed.

The reality of consumer software development is that users are part of a security ecosystem. They discover problems – sometimes accidentally, sometimes deliberately. Many software vendors welcome that discovery, but others do not, such as controversy about vehicle protection software.

The iOS 7 flaw reflects the complexity of the software, attributable to Apple's emphasis on usability. It is regrettable but such flaws are inevitable.

Does the flaw pose a fundamental threat? Is it time to throw your new phone in the ocean or ask for your money back? We should be wary about hyperbole.

If you are truly concerned about mobile phone security a simple and practical solution is don't leave the device unattended. Keep it in your pocket or desk or in a bag that isn't accessible without your knowledge.

In the security ecosystem, safety involves you sharing responsibility. Don't expect Apple or government to come to the rescue if you are careless and ask for trouble.

Explore further: Messaging app seeks to bring voices back to phones

add to favorites email to friend print save as pdf

Related Stories

Georgia Tech uncovers iOS security weaknesses

Jul 31, 2013

Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications ...

Recommended for you

Where's the app for an earthquake warning?

16 hours ago

Among the many things the Bay Area learned from the recent shaker near Napa is that the University of California, Berkeley's earthquake warning system does indeed work for the handful of people who receive its messages, but ...

Hit 'Just Dance' game goes mobile Sept. 25

Sep 18, 2014

Smartphone lovers will get to show off moves almost anywhere with the Sept. 25 release of a free "Just Dance Now" game tuned for mobile Internet lifestyles.

Indie game developers sprouting at Tokyo Game Show

Sep 18, 2014

Nestled among the industry giants at the Tokyo Game Show Thursday are a growing number of small and independent games developers from Asia and Europe, all hoping they are sitting on the next Minecraft.

Review: Ambitious 'Destiny' lacks imagination

Sep 18, 2014

Midway through "Destiny," the new science fiction epic from "Halo" creators Bungie, a smug prince is musing on the hero's desire to visit a mysterious site on Mars.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

gopher65
5 / 5 (1) Sep 22, 2013
What a ridiculous article. Putting aside the issues with the author's philosophical stance on information sharing, the issue isn't that there is a flaw with iOS (flaws happen), it's that Apple takes so bloody long to put out fixes for these problems.

Months, sometimes years go by with no fix issued for serious issues. Can you imagine the enraged screams if Google or Microsoft went that long without issuing a fix for a problem like this? And people would be right to call out those companies. Don't jump to Apple's defense on an issue like this. Fixing *any* security flaw should be top priority for them... and it clearly isn't.
Sinister1811
1 / 5 (4) Sep 22, 2013
It still isn't out on the 4S yet :/

What I've heard from a few people is that it looks like the Android.