from bbc.co.uk Two security vulnerabilities have been discovered in Apple's new mobile operating system, less than 24
hours after its launch.
One flaw concerns a user's ability to recover their data if a device has been stolen. The much-vaunted "Find my iPhone" feature can be disabled be a thief simply by putting the iPhone or iPad into airplane mode, preventing the device from communicating.
In iOS7 this can be done even when the phone is locked with a passcode, as the voice-activated assistant Siri can be instructed to carry out the task.
The other flaw is potentially even more serious - allowing users' email and social networking accounts to be hijacked even when the user has locked and password-protected their phone,
In this video the BBC's North America technology correspondent Richard Taylor explains the security glitch and a way to prevent it.
Apple has said it takes security "very seriously" and will issue a fix in a future software update.
- Yeah right.
Vulnerabilities in Apple’s iOS lock screens have become a fixture of new iOS releases over the past few years, and iOS 7 is not exempt. A new method for bypassing the passcode on a lock screen has been discovered by idle hands and reported by Forbes’ Andy Greenberg. Update below.
The lock screen bypass method involves sliding up Control Center, tapping on the timer button and holding down the power button until the cancel option comes up. You then tap on the cancel button then double-tap the home button. This gives you access to the multitasking UI. While most apps are locked out, the Camera option is accessible.
This allows you to access the camera interface, but with the ability to scroll through all of the owner’s photos, not just the ones shot in the time since the phone was last locked — in the manner that the camera has worked for some time now.
Not only can you scroll through the photos, but you can also tap on the share button to send photos out via email or social channels like Twitter or Facebook. So once you’re in you can post photos to Flickr or send them via email. Though Greenberg characterizes this as ‘hijacking’ those accounts, that seems a bit dramatic. Still, there is potential for embarrassment or harm if sensitive (ahem) photos get stolen or shared out through your social accounts.
The bypass method has been verified by us to work properly and to not be overly difficult to execute. It took me about three tries to get it right on an iPhone 5 running iOS 7. As Greenberg notes, it’s hard to tell whether this works on an iPhone 5c or iPhone 5s as of yet. Of note: once you’re on the share sheet, you can choose a contact to send the item to, technically gaining access to the contact list (but not their details) of the device’s owner.
Note that this vulnerability is incredibly easy to prevent for now. Just visit Settings>Control Center and toggle off ‘Access on Lock Screen’ to patch it up.
The discovery was made by Jose Rodriguez, a soldier in Spain’s Canary Islands, who has a history of discovering these tricky bypass methods. His secret? Plenty of time waiting in cars in his former job as a driver for government officials.
With past vulnerabilities, a software fix has come in a ‘point’ release of iOS 7. iOS 7.0.1 is already floating out there and contains a fix for Apple’s TouchID fingerprint scanner. So any fix for this would likely come in iOS 7.0.2 or later.
Apple has added a variety of security features to iOS 7, including Activation Lock, which renders stolen phones unusable, even if they’re wiped. But it looks like it needs another lock screen audit just to be sure.
Update: Apple Spokesperson Trudy Muller told TechCrunch that “Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.”
So, yes, the fix for this little bug will come in a future point release of iOS 7. (Always in a future release...)
Apple's new iPhone 5S features the latest in phone-unlocking security: a fingerprint scanner.
The company announced that its Touch ID fingerprint sensor would read fingerprints at a highly detailed level, boasting a capacitive sensor at 170 microns thin and a 500 ppi resolution. It's James Bond-level technology that could revolutionize lock screens.
While some rejoiced at the advancement in phone security, one Reddit user's clever daughter knew there was a simple flaw in this new tech.
"You call that security?"
Redditor iZeeHunter posted the image Wednesday, along with the caption: "The new iPhone 5S provides unmatched security with its new Fingerprint lock, which makes your personal data even harder to reach!"
Apple should probably hire the little girl pictured, who is wearing a mischievously adorable grin, to examine future products for security breaches.
The release of a new version of Apple’s iPhone was once a big deal. But that was when Apple was setting the agenda. Now it is playing catchup – and failing.
Apple’s two new iPhones, announced this morning Australian time, have been greeted with an underwhelming response, and rightly so.
As widely predicted, there are two new iPhones, the 5C and the 5S. The 5C was to have been a lower cost version of the existing iPhone 5, but it is nothing more than the existing phone with a shiny plastic (sorry – polycarbonate) case and a new version of the operating system. And it is still expensive.
The new 5S, the premium model, is an even bigger disappointment – same screen size, same Lightning connector, same memory, same ridiculously high price. It gets a faster processor (of course) new colour (gold, known as “champagne”), the new 64 bit iOS (which will make no immediate difference), and a slightly better camera (not more pixels, but bigger pixels) with a smart flash that makes skin tones better.
And more games – just what we need.
That’s it. No bigger screen, no amazing new features, no Android killer. What was Apple thinking? Does it really believe these minor improvements are sufficient? It’s hard to imagine it doing less than it has. Yawn.
With these disappointing devices Apple will continue to lose market share, and deservedly so. It knows it is facing a great challenge from Android, and especially Samsung. But it has done nothing. Has its arrogance turned to hubris? Has it learnt nothing?
"Wait, wasn't Apple cool at one point?"
These new phones are very disappointing. Apple defined the iPhone market, then set the agenda with
successive new and impressive models. Now it is boring. Sorry Steve.