While Android typically gets all the negative attention when it comes to mobile security, the recent release of iOS 7 shows that Apple devices can be vulnerable, too.
The latest version of Apple’s mobile operating system, iOS 7, promises some big security improvements over the company’s previous software.
In fact, iOS patched 80 security vulnerabilities. While many probably wouldn’t have affected most users, the issues fixed include a flaw in the lock screen that could allow unauthorized people to make calls on a device without entering the phone’s passcode.
The other vulnerabilities addressed include a bug that could allow a malicious app to uncover a device’s passcode, as well as flaws involving buffer overflows and background apps accessing software in the foreground.
In addition to those fixes, iOS 7 also adds new security features, including an enhanced remote security tool that can lock a lost or stolen device and require additional authentication.
New iOS 7 vulnerabilities discovered
For organizations with iPhone or iPad users, company data will likely be safer if those devices are updated to iOS 7. However, the new software isn’t free from all security issues, and two big ones have been found so far in the new software.
One of the iOS 7 vulnerabilities involves yet another lock screen flaw, Forbes reports. A user discovered that anyone can gain access to parts of an iOS device by going into the new Control Center on the lock screen, opening the alarm clock and holding down the phone’s sleep button. When that brings up an option to swipe in order to power down the device, the person can double-tap the home button to open the device’s multitasking menu. That provides access to the device’s photo gallery, which in turn gives access to the user’s email and social networking accounts.
Apple says it’s working on a fix for the issue. In the meantime, users can protect themselves by disabling the lock screen Control Center.
Security researchers also discovered another way to bypass an iPhone’s lock screen: using Siri, iOS’s voice activation feature. From the lock screen, anyone can hold the phone’s home button to activate Siri. Then the person can use voice commands to place calls or send messages with the user’s identity, retrieve saved addresses, view calling history, and other actions.
To protect themselves, users can go into their passcode settings and disable Siri when the phone is locked.