Can Apple’s New Features Expose You to New Mobile Security Risks?
With the iCloud scandal seemingly in its past, Apple announced new iPhones, updates to iPad and Macbooks as well as news on OSX Yosemite. Although consumers will have to wait to get their hands on some of that new stuff, what they can get is the latest release of iOS 8 which Apple made available for most in-market iPhones and iPads today.
Originally announced at WWDC (Apple’s annual developers conference) in June, iOS 8 seems to spearhead Apple’s newfound focus upon greater integration of their products into everyday tasks, cross-platform mobility and self-monitoring.
But before you update your device, here is a look at some of the new features and things you may want to consider from a mobile security perspective:
HealthKit and HomeKit:
HealthKit is a new framework which aggregates numerous healthcare and fitness apps, such as blood pressure and heart rate monitors through partner apps including Nike, and allows them to communicate with each other. And digital assistant Siri has received an iOS 8 makeover and been given a role in HomeKit, Apple’s new connected home app. In a similar vein to HealthKit, it will streamline your smart devices to control them in one place.
Considering the recent iCloud hack, and the potential for iOS devices to be vulnerable to malware through iCloud, it’s critical to look at the implications of keeping personal health information on devices and, presumably, synced with iCloud. Same goes for HomeKit. It’s becoming increasingly apparent that there is no such thing as a completely secure mobile device, app or service.
In iOS 8, if cybercriminals are successful in penetrating a device, they might access private and confidential health information, or smarthome controls such as lights, windows and even doors.
Much like the previous point, with Apple looking for us to share even more private details with their devices, can users afford to do so without implementing dedicated security solutions? It’s also worth mentioning that mobile wallets aren’t new and neither are their security issues. There are already several different mobile wallet apps that have been hacked or targeted by malware. With Apple’s services not looking very fortified at the moment, having personal financial information on a device and access to things like bank and credit card account numbers could be a huge risk.
Introduced in the iPhone 5s last September, the Touch ID fingerprint scanner was previously used to unlock the phone and as identity verification when making purchases through the App Store. In iOS 8, Touch ID will be integrated into third party apps for the first time, more than likely replacing password security and for facilitating quicker purchases.
With all the criticism that has surrounded both Apple’s and Samsung’s first attempts at biometrics are users ready to being further integration of these systems into our lives? Putting aside the fact the first fingerprint scanner was easily hacked just days after it’s release, many enterprises are starting to implement their own biometric solutions. As a result, the theft or recording of a user’s fingerprint is now even more of a hazard to enterprise security.
Jailbreaks for iOS8?
Naturally, the jailbreak community awaits the release of iOS with excitement as well as trepidation. Although the beta version of iOS is rumoured (nothing more) to have been jailbroken, the final version should pose much more of a challenge to break down. We wouldn’t be surprised if jailbreaking the upcoming release of iOS8 takes some time, but if history is any lesson, one thing’s for certain – it’s probably inevitable.
As we said, both from a personal and from an enterprise’s point of view, these and several of the other new features in iOS 8 require attention from a security standpoint. This isn’t a simple equation – millions of devices will be using iOS 8 within days, so ignoring it isn’t an option. Instead, we recommend creating clear guidelines on how, when and where to use the new features of iOS with a BYOD enterprise
environment. Furthermore, implementing a dedicated mobile security platform that can detect and analyze existing and unidentified threats to mobile devices is critical.