Skip to main content

Posts

Showing posts from September, 2013

iOS security vulnerability

My post earlier today about hacking the iPhone 5S's TouchID was talking about something major: access to everything in the phone. But that post mattered to you only if you have an iPhone 5S (the brand new, higher-end model). There is another vulnerability that affects just about everybody with an iPhone, at least if you've upgraded to iOS 7.

If the phone you're trying to get allows access to the Control Center from the lock screen, it's possible for someone who knows a fairly simple trick to get into your photos and some other parts of your phone's content. You can read about it here:

Forbes/Andy Greenburg: 
iOS 7 Bug Lets Anyone Bypass iPhone's Lockscreen To Hijack Photos, Email, Or Twitter
I just confirmed that this is possible using my own iPhone 5. I'm writing this on 9/23/13 and using the current (latest) version of iOS 7 (11A465).

Unauthorized access to your email is the biggest danger here. Remember, somebody with access to your email may be able to ch…

iPhone 5S's fingerprint authentication hacked

Well, that was quick The iPhone 5S was just released, and already its highly-touted fingerprint authentication scheme has been hacked. The Chaos Computer Club, a European confederacy of hackers, has managed to hack an iPhone 5S's fingerprint authentication, and to do it without breaking a sweat.

Chaos Computer Club breaks Apple TouchID

Links from that article will show you how it's done. How easy is it? It's not a cakewalk, but I'm pretty sure I could do it.

I'm not too surprised by this. The security experts I've read generally don't regard fingerprint authentication as a very good way to secure anything very valuable. You can't change your fingerprints and you leave them all over the place. And it appears to be far easier to fake the tip of your finger than I would have thought.

It's complicated Should you worry about this? I would, at least a little. [See addendum below.] Don't have a 5S here and I'm actually not quite sure what other optio…

iPhone 5's fingerprint authentication and the law

Very interesting article by Marcia Hoffman at WIRED about the possible legal ramifications of the fingerprint authentication scheme used by the new iPhone 5S: "Apple's Fingerprint ID May Mean You Can't 'Take the Fifth'".

I don't plan to upgrade as my original iPhone 5 is working just fine. But I'm hoping that Apple has indeed done fingerprint ID right. In the past, it's been problematic.