Do we put too much faith in Apple (and others’) security features?
One of the highlight features of Apple’s latest iPhone, the 5S, is the inclusion of a unique fingerprint scanner – futuristically hidden underneath the device’s iconic “home” button. But are we putting too much faith in Apple (and others') security features?
According to an NBC survey, iPhones make up 58% of usage within the House of Representatives in the US – important positions; which require high security.
Yet the U.S. military did not authorise the use of Apple’s iPhones and iPads until May this year; despite previously permitting Samsung-made Android handsets due to their specialised “Knox” security.
Hackers from the Chaos Computer Club in Germany report they successfully circumvented the new fingerprint scanner – despite Apple claiming it can't be fooled through use of a deep skin fingerprint – by a simple print demonstrated off a glass; the same which tricks any scanner.
A quote from the team states: “The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.”
Of course for the 3 in 10 users (according to a Motorola infographic) who choose not to use PIN locks on their smartphones; a simple fingerprint scanner is better security than none. But for those with sensitive data they need to preserve from prying partners eyes; it’s not enough.
An improved system, suggested by many, would to at least have the option of a secondary PIN code once your finger has been authorised – but this takes the time which people find inconvenient. The most secure (and convenient) implementation; would be to have a secondary Bluetooth or NFC device to act as your secondary lock.
Let’s hope these are the kind of small, but impactful features being lined-up for iOS 7.1.
Talking of iOS7 - to chuck Apple some credit their way – new enterprise features include “third party app protection” and “Single sign on functionality” which really help to boost security. You can read more on our sister-site Enterprise Apps.
In fact the NYPD (New York Police Department) has issued a “Public Awareness Notice” for Apple users to upgrade to iOS7 so “it cannot be reprogrammed without an Apple ID”.
Ok, that’s enough of the positives; this article is here to ever-so-slightly scaremonger you into demanding better privacy from all your devices, from any manufacturer.
You know after all those NSA revelations? Which Apple was a part of; alongside Microsoft, Google, Yahoo and almost every other large US tech giant? Due to how much information was freely available through the PRISM programme, Apple was quick to assure the public how iMessage is encrypted end-to-end and cannot even be accessed by Cupertino themselves.
The exact statement was: “Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.”
Two security researchers are to talk about how this is false, and how Apple could - but not necessarily does - intercept messages and read them if they wish. The researchers, who go by the names of ‘GG’ and ‘Pod2G’, claim that they have discovered a method to perform a man-in-the-middle (MITM) attack; which can intercept these messages and allow them to be read.
Do you think there are cases we rely too much on Apple (and other manufacturers) built-in security features?
- » Huawei founder says the company is ready 'to withstand' further US actions
- » How a Zero Trust security model can be applied to 5G networks
- » Telefonica launches blockchain pilot in APTE partnership – reports
- » Five major US telcos are vulnerable to 'SIM swapping' attacks
- » US Homeland Security issues rare alert warning of cyber attacks from Iran