Increased developer access to iOS 8 could actually result in lower security
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
September 9, 2014
Cyber security experts are warning the public that increased app developer access to Apple's iOS 8 operating system could actually result in lower user security on mobile devices.
Apple's expected iPhone 6 with its iOS 8 OS announcement later today is expected to include adding a number of new features to iOS 8 for app developers.
This will involve opening up more of the underlying architecture, thus greatly increasing the risk of a security breach and eroding one of the key differentiators between iOS and Android, according to Andersen Cheng, chief executive of mobile startup SRD Wireless.
Mobile app designers are likely to get more options to increase the accountability and authenticity but for iOS users this could mean that, without care, the environment may become a lot less secure.
Whether paying more attention to security and encryption, or simply what they record and store, users will need to be aware that Apple’s walled garden now has additional doors that can be opened in it, according to Cheng.
"Apple has made a simple trade-off," Cheng explained. "Increasing access to the inner workings of its iOS can allow developers to create better, and maybe even more secure mobile apps. Yet any potential security vulnerabilities in these workings could be more easily identified and exploited."
Apple is effectively adding extra pathways and doors into its operating system and those risk eroding the security of iOS, according to the security expert.
"One reason iOS is more secure than Android has been Apple’s Walled Garden approach – quite simply, the less access developers have to the inner workings of the technology, the less opportunity there is for potential attackers to discover security vulnerabilities. Now, if there is even the smallest possible security flaw in camera controls, touch ID or other newly available functionality, you can guarantee that someone will eventually find it and then expoit it to its maximum potential," he added.
iOS users would be well advised to pay closer attention to privacy settings and consider the use of third-party tools following the upcoming iOS 8 upgrade, Cheng concluded.
"Opening up access to its inner workings should help Apple gain market share, but with the best will in the world, companies such as Apple and Google cannot account for every potential combination of technology exploit and human engineering that could leave users wide open to abuse and security breaches," he added.
"Consumers today need to take extra care to keep their private information just that, along with other security protection such as passwords with at least 12 characters, involving upper and lower case characters, numerals and ponctuation marks.”
“For instance,” Cheng continued, “wherever possible, they should use methods of communication that guarantee levels of encryption and authentication over and above the operating system, meaning that potential attackers have more obstacles in their way. Similarly, they should be wary of their passwords, how they are created and how they record them. Users must keep close control over what they do on their phones, and pay attention to just how and what they record and share.”
For its part, SRD Wireless is developing encryption technology and authentication products such as PQ Chat, a secure instant messaging platform, so it has a vested interest in talking up the underlying insecurity of platforms it wants to sell security add-ons onto.
This doesn't mean its warning is misplaced however, only that we ought to bear in mind that it stands to benefit from specific warnings that some platforms could be more insecure than previously thought.
Home Depot has confirmed yesterday that hackers did broke into its payment systems, and probably as far back as April of this year.
Home Depot's hackers attack might be even larger and more extended than Target's was last year.
In Target's case, hackers slipped in for three weeks and grabbed 40 million debit and credit cards. Worse, hackers remained in Home Depot's payment systems unnoticed for about five months.
Hackers stole debit and credit card data from shoppers in the United States and Canada. The question now is how many millions of shoppers are affected.
Home Depot said it's still investigating the security breach, but said there's still "no evidence" debit card PINs were exposed.
In a statement, Home Depot CEO Frank Blake said-- "We do apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue."
The company says it first became aware of the breach on Sept. 2nd, after receiving calls from banks and law enforcement. Home Depot said it's working with the U.S. Secret Service to determine the scope of the security breach.
So far, Home Depot thinks that only customers who shopped at brick-and-mortar stores in the U.S. and Canada were affected. Online customers -- and those who shopped in its Mexico stores -- were apparently spared.
The company is taking measures that are now typical of retailers victimized by cyberthieves. It's offering free identity protection and credit monitoring to anyone who shopped there since April, and the store is replacing its card swiping terminals with machines that accept the more secure chip-enabled EMV cards.
Home Depot now joins the growing list of companies that have lost your data in the past year-- Albertson's, Target, Michaels, Neiman Marcus, P.F. Chang's and SuperValu.
Source: SRD Wireless.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!