Apple Security Updates for iOS 9
Apple again takes a leap for better security of their devices with security updates for iOS 9 anticipated for later this year. iOS 9 is Apple’s next-generation mobile operating system. During the keynote address at the 2015 Worldwide Developers Conference, Apple introduced a bunch of new security features that is set for release when the iOS 9 debuts in the fall. With each new release of iOS, Apple has been consistently improving the security of their mobile operating system. Apple tends to add new security features, insert exploit mitigations, and take away avenues of attack in new iOS releases which makes it harder and harder for hackers to hack into their Apple devices.
Apple currently has a slew of security protections on their devices including encryption and personal data protection protocols like Activation Lock and two factor authentication and ICloud encryption. The celebrity photo hacking scandal that involved targeted attacks on iCloud accounts led to Apple enabling two-factor authentication for the cloud storage service. Apple also has turned it on for ITunes purchases.
For security updates for iOS 9, Apple is now enabling 2 factor-authentication for users when they sign into their Apple accounts from a new device or new browser. Apple specified in their release notes for the iOS 9: “A password alone is not always enough to keep your account secure. With two-factor authentication, when you sign in from a new browser or on a new device, you’ll be prompted for a verification code. This code is automatically displayed on your other Apple devices or sent to your phone. Enter the code and you’re quickly signed in — and any unauthorized users are kept out.”
For iOS 9, Apple will add a six digit passcode support. In previous blog post on Smartphone Security Tips, I recommended that mobile users turn off the simple passcode feature which is the 4 digit number, and at the minimum set up and use a 5 or 6 digit passcode for their device. Well, I was happy to see that apple will implement a six-digit passcode feature which makes cracking the code exponentially more difficult for brute force attacks. The 6 digit passcode provides one million possible combinations, instead of the 10,000 you get with a four digit passcode.
Now, don’t get me wrong, these are probably not significant improvements for security for the attacker who is smart enough to mount an offline bruteforce attack on your phone. But, the fact is the Apple forces you to input a 6 digit passcode or select another passcode option with the new iOS9. Hopefully with the passcode in place, this would influence more users to keep the passcode lock on their phone instead of going with no passcode at all.
Also, during the conference keynote speech, it was made really clear that Apple seriously don’t want to know your personal information. This is one of the reason I prefer Apple over Android, which gathers a great amount of user’s date directly into their Google Servers. Apple is introducing a “News” app that aggregates newsfeeds but is built private from the ground up, and what you read off of this service is not linked to other Apple services. Also, individual data from this app is not shared with third parties.
Therefore, my recommendation is that once iOS9 becomes available, make sure you upgrade to the new iOS and begin using the 6 digit passcode for access to your mobile devices. This will be a minor inconvenience to the 4 digit passcode, but it can be easily done by double tapping the first or last digit of your current passcode two more times which takes a fraction of a second to do, but will be exponentially more difficult to attack. Also, make use of the 2 factor authentication to know when someone tries to log in to your apple account from a different device. The key for all home users is always update and use the security features that are made available so that you are less vulnerable to compromise.