Everyone Likes To Point Out Apple’s Security Issues – But What About The Other Guy?

bth_Apple-logo

 

All last week (I’ll also assume this upcoming week), people have been chiming and laughing over security vulnerabilities in IOS7.   The main reason this is in the news is the operating systems has just been released.   They should have also learned from past mistakes.

The “Big 3″ Issues:

Access to Social Network Information and Data on the Phone – This problem is not necessarily a vulnerability.  It is a problem of default settings and user awareness.   The locked screen issue is something that Apple has been fighting for years.   I remember on my 3s the debate of the emergency call button.  Back then you could choose the emergency call, go to contacts, and get to the standard IOS system.  This is just a repeat, but one that is easy to mitigate.  Go to settings -> control center ->  set the access on Lock Screen toggle to off.   Done.   You are no longer vulnerable.   In theory with the historical lock screen issues this should have been the default setting.

Thwart the “Find My Phone” feature – Since you can turn airplane mode on and off within the Control Center, this actually is the same issue as the accessing data.  Someone just thought they wanted to seem a little more clever by throwing this highlight in as a second vulnerability.   It really isn’t.  You can mitigate this risk the way.

Bypassing the fingerprint reader on the 5S – Seriously?   Who didn’t think this was going to be compromised?  Unfortunately most people don’t know anyone that could pull this off (I do!).   What really is just a security theater performance and response somehow makes it to be big news.  It really isn’t.  Biometrics have a long history of being fallible.  Since I don’t have a 5s yet, I don’t know if you have the option to use a fingerprint and a pin number.  If you can, this gives you at least a poor man’s two factor authentication.  This scenario will be significantly more secure than the competitors.   If you think someone is going to steal your phone and get your fingerprints to unlock it, use a pin.  As an FYI – they can either lock your phone or plant your prints at a crime scene.   Which scenario is more advantageous for them and worse for you?

The main thing about all three of these issues is that they require physical access to your phone.   If you have lost physical access to your device and someone else has it – consider the device already compromised.   There are ways to lock the device, but for every method there is some other way to get at the information.   The real concern with mobile phones and computers in general are remote exploits.   So far nothing on this front has been reported for IOS7.

Because of my friend list, there are two types of people pointing out what amounts to the three issues listed above.  The first is IT security professionals.   These users are completely expected to point out the flaws.  The other type?  Most of them are Apple haters who think they have something to chime about.  Sadly they seem to ignore their own vulnerabilities.

Android vulnerabilities don’t get spread around the social network scene for some reason.  It’s not as funny to the apple haters.   The Apple users on the other hand, really don’t care enough to point out that in June the Galaxy S4 had a remote attack that could cause your phone to send fraudulent text messages.   We also don’t point out the Galaxy Note 2 also had a lock screen bypass issue that is the similar to the IOS7 one.

The real problem with Android is how the manufacturers deploy it.    Phone makers decide when you get to upgrade your operating system (if at all).  In a single day 35% of all IOS devices were upgraded to the latest release.   After three days the adoption rate was 50%.  The largest threat to any Android is not being upgraded to the latest version.   Back in July 35% of Android devices were still running “Ginger Bread”.  The problem isn’t that users don’t want to upgrade, the companies are just not certifying the latest release for their devices.

Can we all stop with the high and mighty crap?  I’ve given up on the IOS is better than Android for everyone schtick. It isn’t.   It is however better for me.  I will defend my usage and post back to the people bragging, yet not understanding the issue.  I will also take deserving lumps when I need to.

It is Apple vs. Microsoft all over again.   I was a Microsoft defender for years.    The thing is, Apple changed.   By combining BSD with an Apple UI – that made the argument swing the other way.  Unfortunately the Microsoft users were using the same arguments that no longer applied.   OSX is the more powerful system these days (not as power of *nix or pure BSD).   For the flexibility – I moved to a Mac Book Pro for my main machine.   I’ll never look back.

 

 

 

 

 

  • Micke

    Really interesting post :) I mostly agree with you.

    Btw, im trying out that “Merge two lastfm accounts” thingy i found here, but i cant get it to work. Im stuck at generating the scrobble log from python. Whenever i type in “./lastexport.py –user USERNAME”, i get a syntax error and i have no idea of what to do since im not really good at things like this. I was wondering maybe if you could help me out just a little bit and tell me exactly how to generate the log with python correctly, and where to save the script and so on.

  • http://creeva.com creeva

    after -user it should be your username. That might be it. Also make sure you have python installed. The real problem is that I wrote up the blog article the night I got it to work, and I haven’t ever done it again.

  • Micke

    I do have Python installed, and i am typing in my last.fm username after -user, still no work :/. Do i have to store the lastexport.py script at a certain location in my hardrive?