What can you tell me about these iOS security flaws?
/Over the past week or so many online publications have been writing lots of articles about how the "iPhone has been hacked." As you might imagine, it has caused some people a lot of concern. There are essentially 3 main stories you'll read about online. I'll summarize them here and you can decide how concerned you should be.
Siri allows access to data on your device
If you read the headlines, you'll see titles like There's A Huge Password Security Flaw In iOS 7 That Lets Siri Control Your iPhone or Siri Hacks Locked iPhones To Use Basic Features that attempt to whip people into a frenzy. The fact of the matter is that Siri is doing exactly what it was programmed to do. iOS 7 extends Siri functionality so that it can now make setting changes; display basic calendar, email, or text information; or retrieve information from passbook or social networking services like Facebook or Twitter.
While Siri can be a useful digital assistant, disabling it on the lock screen goes a long way to keeping your information from being shared with whomever happens to be holding your iPhone or iPad.
[Settings > General > Passcode & Fingerprint > Allow Access When Locked > Siri]
Control Center bypass flaw
Apple released a patch for a flaw that was discovered shortly after the release of iOS 7. The flaw allowed a hacker to — with a series of complex taps and swipes — gain access to photos and texts on a locked iPhone. You can read more in this article from The Guardian.
Before the patch, the fix was to disable Control Center on the lock screen to avoid even the possibility of this hack. However, you can now run the software update instead. This update is for iPhone 4 and later, iPad 2 and later, iPad mini, and iPod touch (5th generation).
[Settings > General > Software Update]
Touch ID has been fooled
There have been any number of articles claiming that Apple's new Touch ID scanner has been hacked, which isn't strictly true. It's more accurate to say that the Touch ID scanner has been fooled by long-used techniques involving "lifting a fingerprint," similar to what you may have seen in popular spy movies over the years. The bottom line: it's unlikely that a person who obtains your iPhone 5s will have either the expertise or the equipment available to take advantage of this "hack."
Read more about the implications of the Touch ID "hack":
- TouchID defeated: what does it mean? — Errata Security
- Touch ID fooled - not hacked - by a lifted fingerprint — imore.com
A recent post on this site suggests a few things you can do to strengthen your mobile device security.
No system is completely secure, but there are precautions you can take to reduce risk.