Apple released an update to the
iOS 7 operating system Friday. It seemed like a minor one, and it barely
made a ripple on the Internet. But a closer look reveals
that the update was prompted by a coding error that left iPhones and
iPads (iOS), as well as Macs (OS X), very vulnerable to attacks. In
other words, if you want your online information to remain secure,
update your phone. Like, right now. And pray for a fix for OS X soon.
That’s the short story. The long story begins with the brief explanatory note on “Data Security” that Apple released alongside the iOS 7.06 update Friday:
“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.”
If you’re a normal person, you probably have no idea what that means. Let’s translate:
SSL is short for Secure Sockets Layer. It’s a tool that keeps all the communication between your browser and your websites’ servers private and secure. TLS, or Transport Layer Security, does pretty much the same thing. As you browse, the two work together as cryptographic protocols to
make sure the browser and website servers you’re interacting with are
legit. They’re sort of like a Secret Service detail for your online
activity.
SSL/TLS are actively working in
the background of your browsing, paving the way for secure transactions
whenever you log into BankofAmerica.com or make a PayPal payment. You
can tell these systems are working when a little padlock symbol appears
in your browser bar to the left of the website URL you’re visiting, like
so:
The security breach that Apple so
nonchalantly revealed on Friday allows “attackers with privileged
network positions” to steal any information during your usually
protected online banking sessions, or Facebooking, emailing or
OkCupiding.
Just how “privileged” does a
wrongdoer’s “network position” have to be? Well. In order to eavesdrop
on your online activity — otherwise known as launching a
“man-in-the-middle” attack — she just needs to be on the same cafe’s
WiFi network as you. Not cool.
And while Apple has just released
a fix for this error in iOS, there’s nothing to stop a
man-in-the-middle attack from happening if you’re using OS X. We do
expect that very soon, however.
Apple hasn’t offered details on how this actually happened and thus can’t speak to the specific apps affected, but cryptology experts have warned OS X
users to avoid using Safari, iCal or any other app that relies on this
security system to keep data secure. The only thing you can do to avoid
an attack while we wait for an update is to remain on secure networks.
You might want to avoid connecting to cafe networks and other WiFi
hotspots not in your complete control.
If you’re using a 3GS or an old
iPod Touch and don’t have access to the iOS 7 updater, you can download
iOS 6.1.6. And, for all of you with iOS 7 Apple devices, here’s a
reminder of how to get the update right now:
Go to Settings.
Make sure your device is
connected to WiFi and plugged in. Then choose the option to update your
software. The update might take a while, and like usual updates, it’ll
make the device go blank and look dead. Don’t freak out and interrupt
it. Let it do its thing.
Godspeed.
No comments:
Post a Comment