Sunday, February 11, 2018

It's time to dump those old iPhones and iPads

The leak of Apple's iBoot source code onto GitHub is likely to turn older devices into a toxic hellstew of vulnerabilities.



If you're running an older iPhone or iPad that's stuck on iOS 9, then you need to plan some sort of escape strategy following this week's leak of Apple's iBoot source code to GitHub.

Apple was quick to downplay the effect of this leak:

"Old source code from three years ago appears to have been leaked, but by design, the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections."
However, there are iPhone and iPad users who should be worried - people who are still using iOS 9. According to Apple's own usage share figures, seven percent of active iOS devices are currently running iOS 9 or below.

Doesn't seem like a lot, but with over a billion active iOS devices in circulation, that small percentage expands out to around 70 million devices.

And now that the iBoot source code is in the hands of anyone who wants a copy, it's likely to give hackers ideas, inspiration, and above all, vulnerabilities to allow them to crack open older devices.

Here are my recommendations:

  • Recognize that devices running iOS 9 are now on borrowed time
  • Consider phasing them out, especially if they are home to information that is valuable -- emails, banking, health, and so on
  • If you insist on continuing to use them, consider removing important information of the device
  • The end of iOS updates means that built-in apps such as Safari and Mail will no longer receive updates, and running outdated web browsers and email apps is a bad idea (you might want to start shifting to third-party apps -- yes, I know this is a hassle, but this is the work you have to put into keeping your device safe)
  • If your Wi-Fi router has a "guest network" feature, then consider setting this up and only connecting your obsolete device to this, because it will go some way to preventing any security vulnerabilities on your device and from giving hackers access to other devices on your networks (although this is far from perfect and can cause some features -- such as streaming to another device -- to stop working)
  • Since a common route for vulnerabilities is web browsing, it might also be worthwhile to install a VPN tool (such as Freedom) that offers the ability to filter out harmful websites


The bottom line is that anything still running iOS 9 is already vulnerable (there have been loads of iOS security fixes released since iOS 9 support ended) so you're already skating on thin ice.

This iBoot code release just made the ice a bit thinner.



No comments:

Post a Comment