Microsoft™ isn’t the only software vendor that’s getting some bad PR lately. Apple’s latest and greatest iteration of its iPhone operating system, which is featured on the new iPhone 5s and 5c models, was released just last week, but it was almost immediately plagued with rumors of security flaws and other bugs. This didn’t deter Apple fans from buying 9 million of the new phones over launch weekend, though, and owners of older phones flocked to upgrade to iOS 7, with 200 million phones reported running the new OS within three days of its release.
Right out of the gate, the new fingerprint authentication feature became the subject of controversy. Apple calls it Touch ID and touts it as a big innovation (although fingerprint recognition has been available for smartphones for years and was a feature of the Motorola ATRIX). However, privacy and security advocates have raised concerns. U.S. senator Al Franken noted that fingerprints, unlike passwords and PINs, can’t be changed if they’re compromised. A few days later, a group of hackers in Germany claimed to have successfully hacked the Touch ID fingerprint reader.
Meanwhile, Apple was hit with another security issue that has nothing to do with biometrics. This time it’s a vulnerability that allows a knowledgeable person to bypass the lock screen on iOS 7-based phones. All you need to do is swipe up on the lock screen, open the alarm clock, hold down the sleep button, tap Cancel and then double click the Home button. That sequence will take you into the screen that displays running programs, where you can access any of those apps and read email, post to Facebook or Twitter and access photos, contacts, history, etc.
Shortly after this little secret was publicized, Pete Babb over on InfoWorld posted a video showing how an unauthorized person could use Siri, Apple’s voice command “personal assistant,” to bypass security and post to the iPhone owner’s Facebook account without unlocking the phone. And that’s not all; yet another bypass method will allow the attacker to make phone calls on a supposed locked iPhone.
Apple has acknowledged the lock screen problem and has made a promise to release a fix for it in “a future software update.” There is no indication yet of when that will occur. However, Apple already released a patch (iOS 7.01) to address “bug fixes.” It became available last Friday, and buyers of new iPhones were prompted to update as soon as they activated their phones. Various sources have reported that this update is primarily aimed at a problem with using Touch ID for iTunes purchases. It’s likely we’ll be seeing more patches for iOS 7.x in the near future.
Meanwhile, owners of iPhones that are running iOS 7.x may want to take steps to protect against the lock screen exploit. To do so, you’ll need to go to Settings | Control Center | Notification Center and disable Siri on the lock screen, as suggested by Ed Hurley on Twitter.
Tune back in next Monday for the end-of-month wrap-up of prominent third-party patches here on Patch Central for more news about non-Microsoft updates.
Like our posts? Subscribe to our RSS feed or email feed (on the right hand side), and be the first to get them!