iOS 8 Security Flaw

[algoat]

This is a feature that's been around since at least IOS 7, but it is something that 95% of the iPhone users are unaware of. My coworkers and I know about it since it's pretty much our job, but my friends were blown away that I was able to post on their Facebook and Twitter accounts with their lock code enabled. This 'feature' should be opt-in not a default.

I do agree that there are people on this board that like to make fun of apple because I guess it's the cool thing to do. But there are others who defend them like it's their job and go just a little too hard doing it.

[ShadowCaptain]

Here is an idea

 

Why cant Siri only work if it detects your fingerprint on the Touch ID sensor (on the new phones)

 

Since you have to hold the button to speak to Siri it should only talk to authorised users, and it can say "sorry you are not authroised for access"

 

I think I should work for Apple now and they should pay me all of their money

[LAwLz]

Here is an idea

 

Why cant Siri only work if it detects your fingerprint on the Touch ID sensor (on the new phones)

 

Since you have to hold the button to speak to Siri it should only talk to authorised users, and it can say "sorry you are not authroised for access"

 

I think I should work for Apple now and they should pay me all of their money

That's a very good idea. It adds the security I am asking for (unauthorized people should not be able to read your messages, post on your facebook and so on) without removing any functionality or ease of use.

It would not work on the iPhone 4S but they could just leave it off by default on that one.

[ShadowCaptain]

That's a very good idea. It adds the security I am asking for (unauthorized people should not be able to read your messages, post on your facebook and so on) without removing any functionality or ease of use.

It would not work on the iPhone 4S but they could just leave it off by default on that one.

 

Exactly, and iPhones before that do not have siri anyway as they cannot get iOS 7/8, so really it would only effect 4s and 5 users, and 5s, 6 and 6+ users would have security and no inconvenience, it would't even effect the way they access siri, it would be completely invisible to the user other than blocking unauthorised access

Win-Win, pretty much!

[elan2468]

sigh, at least have it be disabled at the start, since most people who use apple products wont know how to turn off the feature.

[ZeroBreaker]

I wouldn't touch apple with a ten foot pole if they thought being able to read my private notes, call logs and messages without entering my pin was a 'feature'.

 

Its clearly something that has been overlooked. Not something intentional. They will fix it if it gets enough publicity. Thats all there is to it. Don't understand why there has to be this cult mindset of Apple can do no wrong, it was clearly a feature. They fucked up. They will fix. No one has posted 'Oh well it's good I have an android' or anything bashing apple, and yet Apple fans seem to be pissed off in mere anticipation of the shitposting which hasn't happened.

[Techhog]

It only becomes a "0-shit show" because people are defending them so hard. It's as if they are uncriticizable and never does anything wrong.

There is a way to bypass the PIN code on your phone? Not a security issue, it's a feature! It's the users fault for not turning it off!  It's the users fault for losing their phone in the first place!

 

I would be just as harsh about the same security issue in Android, but I am pretty sure some other people in this thread would not have the same reaction as they do since it's about Apple this time.

You're holding it wrong!

[flibberdipper]

I think there was a flaw like this before...

[dalekphalm]

something something NSA

 

Just like to point out that Microsoft's record with the NSA and the US Government lately has been just as good as Google and Apple. They even went to court over a warrant to access data in another Country (Ireland in this case, which violates that country's sovereignty).

 

Not saying they haven't done some dumbass, shit, or anti-competitive things in the past, but then so has Google and Apple. I think it's safe to say that all 3 companies don't want NSA to have direct access to their customers files. Could there be secret back doors? Who knows! There's no proof either way at this point.

[dalekphalm]

At least you're honest about something...

You were making some at least decently constructed arguments before, but now you've fallen completely off the truck so to speak. Whether it's a "Bug" or not is completely irrelevant. It is without a doubt a security hole - intended or not.

 

The problem here is that 99% of iOS users - just like 99% of Android users and 99% of WP users, are just regular people. They don't know FUCK ALL about cyber security practices and best practices for personal privacy. They don't even know half the features that their respective OS supports. Only a "power user" is likely to even know that this feature can be disabled or enabled at will, and only a "power user" is likely to immediately understand the potential security and privacy issues this "feature" presents.

 

Basically there is one major flaw in this feature. On by default. You say that anyone who wants it off will turn it off? Wrong. If properly explained what this "exploit" is capable of, the average person would most definitely want to disable it. However, the average person likely doesn't even know you can disable it.

 

If they want a feature that enables more lax security for the sake of convenience? Then sure, fine, no problem. BUT IT SHOULD BE DISABLED BY DEFAULT! It should also give a suitable warning message when you enable the feature that goes along the lines of "If you enable this feature, it may decrease the security and privacy of your device".

 

I don't understand why there is even an argument about this? You say that only a CEO is likely to need this? Well I personally don't want some random joe who found my phone to be able to make posts on Facebook, or check my recent call logs. And I don't know anyone who would be alright with that. Yeah this is potentially much more damaging for a person is a position of power or authority, but regular people can suffer greatly from this too.

 

Yeah, if your phone gets stolen then it's your fault... I'm usually the one doing the victim blaming but come on, losing your phone is a very common problem and not something you can do much about.

You have a responsibility to keep track of your stuff, but if you put a PIN on your phone then people shouldn't be able to get access to a bunch of personal stuff such as messages, notes, contacts, your calender, Facebook/Twitter and so on.

 

Like I said before this should not be turned on by default if you got a PIN enabled. It's just very bad from a security and privacy standpoint.

I 100% agree with everything you've said in this entire thread.

[Techhog]

You were making some at least decently constructed arguments before, but now you've fallen completely off the truck so to speak. Whether it's a "Bug" or not is completely irrelevant. It is without a doubt a security hole - intended or not.

 

The problem here is that 99% of iOS users - just like 99% of Android users and 99% of WP users, are just regular people. They don't know FUCK ALL about cyber security practices and best practices for personal privacy. They don't even know half the features that their respective OS supports. Only a "power user" is likely to even know that this feature can be disabled or enabled at will, and only a "power user" is likely to immediately understand the potential security and privacy issues this "feature" presents.

 

Basically there is one major flaw in this feature. On by default. You say that anyone who wants it off will turn it off? Wrong. If properly explained what this "exploit" is capable of, the average person would most definitely want to disable it. However, the average person likely doesn't even know you can disable it.

 

If they want a feature that enables more lax security for the sake of convenience? Then sure, fine, no problem. BUT IT SHOULD BE DISABLED BY DEFAULT! It should also give a suitable warning message when you enable the feature that goes along the lines of "If you enable this feature, it may decrease the security and privacy of your device".

 

I don't understand why there is even an argument about this? You say that only a CEO is likely to need this? Well I personally don't want some random joe who found my phone to be able to make posts on Facebook, or check my recent call logs. And I don't know anyone who would be alright with that. Yeah this is potentially much more damaging for a person is a position of power or authority, but regular people can suffer greatly from this too.

 

I 100% agree with everything you've said in this entire thread.

Builder isn't the type of guy you want to spend time arguing with on topics concerning Apple or competitors to Apple. Trust me.

[The_Evenger]

it's a good day for cortana on WP

[StareX]

Turn off the "Allow access when phone is locked" -> Siri = Off

 

Turn it off and you wont have this issue.

[dalekphalm]

Turn off the "Allow access when phone is locked" -> Siri = Off

 

Turn it off and you wont have this issue.

Of course. And that's stupid obvious to any of us... But we're the 1% of users. Hell we're the 0.1% of users. Only "Power Users" would know to look for a feature like that.

 

The issue is that it shouldn't be on by default. It should be an Opt-In feature. It should also show a disclaimer that a regular person can understand giving a brief summary of the privacy and security risks of using Siri with the phone locked.

[Gentleman_Sandwich]

actually, thats a carrot ▲

A horse posting about a carrot? I certainly hope it's not a fixation.

 

I giggled a little when I read it...

[Builder]

-snip-

Whatever "fallen off a truck means," if there was a lapse in the coherency of my argument it's because I simply don't care. I just don't see this as a security issue per se, plain and simple. Everyone I know that uses Siri uses it from the lock screen, and has since it came out. The fact that everyone is only getting mad about it now shows just how stupid this argument is.

 

What you miss is realizing that 99% of users just don't care about security, period. Until you're the victim, nobody does. I will agree that it's not optimal from a security perspective, but think of how many users would be frustrated if they couldn't use Siri from the lock screen and had to figure out how to turn it on instead of figuring out how to turn it off? As I've said many times before now, it's all about tradeoffs. How many pissed off people do you think there would be if it wasn't on by default? Decisions like this one are made by balancing that amount of people with the amount of people that would care about it being on by default, and I think that the problem with your argument is believing that the latter is the majority.

 

The issue is that it shouldn't be on by default. It should be an Opt-In feature. It should also show a disclaimer that a regular person can understand giving a brief summary of the privacy and security risks of using Siri with the phone locked.

This is all in your opinion, which hasn't been developed from the standpoint of the average user you claim to be representing. Neither was mine, but I don't pretend to think they care about security.

[Snickerzz]

A horse posting about a carrot? I certainly hope it's not a fixation.

 

I giggled a little when I read it...

i didnt even think of that, but seriously im 90% sure ^^^^^^^ are called carrots

[Builder]

i didnt even think of that, but seriously im 90% sure ^^^^^^^ are called carrots

No, carets. Not carrots. Carrots are the orangish root vegetables that have a slightly bittersweet taste and a delightful crunch in the mouth.

[Snickerzz]

No, carets. Not carrots. Carrots are the orangish root vegetables that have a slightly bittersweet taste and a delightful crunch in the mouth.

same thing to a horse >:3