Back in 2016, Apple engineers proudly announced that they had the most effective security organization on Earth — citing the iPhone as the perfect example of an impregnable smartphone. Just three years later and Apple has seen their security situation take a turn for the worst, with one costly mistake after another this year.
However, it would be unfair to isolate Apple, as other companies seem to be going through similar issues. In the past few months alone, Special Counsel notes that the likes of Facebook and First American have suffered massive data breaches at the hands of cybercriminals, who exposed 540 million and 885 million user records, respectively. This comes at a time when governments around the world have been tightening privacy and data protection regulations, further highlighting the need for a more comprehensive way to approach cybersecurity — a lesson that Apple had to learn the hard way. So while Apple isn’t the only company at fault, read on to learn about why 2019 may just be the worst year for iPhone security since its debut back in 2007.
Software updates are usually implemented to fix existing issues, but this was not the case with iOS 12.4. With this release, Apple accidentally restored a vulnerability that they had previously patched out with iOS 12.3. This bug — which was discovered, ironically enough, by a Google researcher — was responsible for the first public jailbreak release for the iPhone in many years. CBC reports that this blunder led to many security experts claiming that Apple’s pristine reputation for software security was merely a myth. And considering the items to follow on this list, these claims may not be as farfetched as they seem.
A report on CNN provides the details on the FaceTime bug that first surfaced on January 29, which allowed people to listen in on the audio from the iPhone or Mac device of the person they were trying to call. A new group call feature caused the flaw. People could exploit this bug by simply starting a call with someone and adding themselves to the call, prompting a group FaceTime call to begin even if the person you were initially calling hadn’t accepted the call yet. This bug was a major blunder, considering how seriously Apple supposedly treats its users’ privacy. Once news of the bug reached media outlets, Apple suspended the group FaceTime function and rolled out a permanent fix 9 days later with the iOS 12.1.4 and macOS Mojave 10.14.3 updates.
Around the same time as the FaceTime debacle, Google’s Project Zero security researchers revealed that they had found several hacked websites that slipped malware into people’s iPhones. The malware allowed hackers to access the messages, photos, and location data from compromised devices. What’s even more worrying is that these attacks were indiscriminate, as everyone who visited the sites were prone to these attacks. To add to this, the malware siphoned the victim’s personal information without encryption. This means that anyone on the same Wi-Fi network could, in theory, access all of the victim’s stolen content. Further reports have revealed an even more alarming fact: These hackers have been targeting iPhone users for two years, at the very least. Apple patched these vulnerabilities out less than a week after they were made aware of the problem, but the damage to an unknown number of iPhone users has undoubtedly been done.
So, What Can Be Done?
Aside from the solutions Apple was quick to offer in addressing the emergencies listed above, the company also made some noise recently by announcing a bug bounty prior to the release of the iPhone 11. A bug bounty program is when an organization or software developer offers compensation to anyone that reports bugs, exploits, and other vulnerabilities in certain systems and technologies. Apple’s new program is offering $1 million to anyone who can find a hack that exploits the new iOS source code.
But while Apple has taken steps to address various security issues, those who want to keep using their iPhones and do not want to switch to other devices will need to know how to better protect themselves. Third-party applications such as the Onion Browser will ensure that you can browse securely as it automatically blocks scripts, doesn’t store cookies, and allows for further tweaks depending on individual security requirements.
But there’s more to security than software, as a constant sense of vigilance is also important in avoiding disaster. Our writer Alexander Fox details how you can avoid threats such as phishing by being skeptical of suspicious links, texts, and websites that you come across on the internet. These often hide malicious code or trick you into providing your personal information, which can then be used for fraud or otherwise sold on the dark web. Remember, if it’s too good to be true, then it probably is.
There’s no way to make do without technology as it’s become ingrained into our daily lives. The best thing to do would be to take the necessary precautions — be critical, be vigilant, and all should work out in the end.