If you’re overwhelmingly concerned about security, write your secrets on a piece of paper, place the paper in a safe, wrap the safe in a ton of concrete and then drop it in the deepest part of the ocean. Comfort yourself with the unlikelihood of disclosure and ignore the inconvenience of a trip to the Marianas Trench every time you want to update the secret information.
Don’t ever confide information. Don’t ever share with the National Security Agency (NSA), the British Government Communications Headquarters (GCHQ) and other government agencies by using telecommunications. Don’t use a bank account, given the potential for unwanted disclosure.
Few people will go to those lengths to protect information. Instead many people seek to identify and thereby manage risk. In the digital environment we need to recognise that absolute security equals absolute unusability.
What’s the flaw?
The user-friendliness that makes mobile phones, pads, laptops and other handy devices so useful results in potential dangers. Not all dangers are equally severe. Some are readily fixed. We thus shouldn’t be too frightened by hyperbole about the iOS, the software used in the latest generation of iPhones.
Exploiting the flaw is actually quite complicated. While the steps are easily found online, they require a series of quick, specific actions to access a phone’s apps from behind the lock screen.
Easy if you’re Rubik Cube expert. More difficult if you’re an ordinary human … and Apple’s coming to the rescue with a fix.
Technology watchers and enthusiasts have warned that the flaw allows people to illicitly bypass the “lock” on the iPhone screen and thereby gain access to photos stored on the device.
The bypass also enables unauthorised access to the email and social network service accounts (for example Facebook) that the phone’s owner uses to share those images. Not everyone has linked their phone to Twitter, Facebook, Tumblr or other services.
Bypassing will thus often result in embarrassment – you really didn’t want anyone to see that selfie – but not allow an offender to hijack your email and Facebook page.
An easy fix
The security flaw isn’t “new”. Instead it is a software fault that has been discovered by enthusiasts and will presumably be fixed by Apple, in the same way that flaws in software for a range of devices are detected and fixed.
The reality of consumer software development is that users are part of a security ecosystem. They discover problems – sometimes accidentally, sometimes deliberately. Many software vendors welcome that discovery, but others do not, such as controversy about vehicle protection software.
The iOS 7 flaw reflects the complexity of the software, attributable to Apple’s emphasis on usability. It is regrettable but such flaws are inevitable.
Does the flaw pose a fundamental threat? Is it time to throw your new phone in the ocean or ask for your money back? We should be wary about hyperbole.
If you are truly concerned about mobile phone security a simple and practical solution is don’t leave the device unattended. Keep it in your pocket or desk or in a bag that isn’t accessible without your knowledge.
In the security ecosystem, safety involves you sharing responsibility. Don’t expect Apple or government to come to the rescue if you are careless and ask for trouble.
Bruce Baer Arnold does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. This article was originally published at The Conversation. Read the original article.