Hi, Chris. Sorry, I ought to have, in the last message, dealt with physical security issues like those fixed in the latest 7.02. I didn't because I don't think that sort of security is very important. If you've lost physical control over your phone, to paraphrase a group of security rules I read some years ago, it's not your phone any more. That is, if someone has physical access to your device, and the will to bypass the passcode/trust relations on that device, the device is going to cough up all your data, and you're going to have to rely on any encryption you have already put in place to save it from being read. The passcode is not really of very much value against anyone with a modicum of knowledge and more than a few minutes of time. Evidence for this is all over the web, indeed, both closed and open source programs boast of their ability to bypass the passcode lock and extract the data, not to mention turning on packet sniffing functionality, possibly enabling the remote recording of calls, and so on. There have been suggestions that scans of phones at national borders would, in a minute or two, be able to compromise phones and extract their data for later review. This may not be happening, but it’s just a question of speed, that is, even people who don’t have government power behind them can extract the data given a fairly small amount of time and knowledge, though not in a minute or two. There are some programs which claim to be able to do this over Wi-Fi, but they generally require physical access to the phone to start with and, once the phone is compromised, the attack can then be done without physical access. The passcode, I think, serves three functions, first, as what I’ve heard called security theatre, to make the phone look secure and to personalize the phone, secondly, to prevent idle curiosity, and thirdly to indicate to courts and the law generally that the data is supposed to be private. Any blocked curiosity would, as I said, have to be very idle, anyone who can use Google and has a USB cable can get into most phones easily enough. It may well be that there is greater security in iOS 7 than in 6, though there may also be less, as some people have commented that enterprises may have a backdoor into their own phones. Given that Apple is in the United States, I wouldn’t trust their security in any case. All that is to say that I don’t think much of the type of security fixes that are made in 7.02, they don’t change very much. If, however, a person has people who are mildly curious about his phone around him, he may find it worthwhile to consider that sort of passcode issue when upgrading. Aman
On Sep 29, 2013, at 10:29 AM, Christopher Chaltain <[email protected]> wrote: > > IOS 7.0.2 was a security fix for IOS 7. It kept people from by passing your > pass code screen. There's still a known security bug in IOS 6.1.4, where in a > few rare instances someone could also get past your log in screen to your > data without logging in. Apparently this security flaw isn't going to be > resolved, and I doubt any further security issues with IOS 6 will be > addressed by Apple. > > If an App Developer comes out with an update to their app, I find it very > unlikely that they'll spend a lot of time regression testing their changes to > work on prior versions of IOS. The app may continue to work, but it may not, > and I doubt the developer will do much to fix their app to run on older > versions of IOS. > -- You received this message because you are subscribed to the "VIPhone" Google Group. Post a new message to VIPhone by emailing [email protected]. Search and view the VIPhone archives by visiting http://www.mail-archive.com/[email protected]/. Reach the VIPhone owner and moderators by emailing [email protected]. Unsubscribe and leave VIPhone by emailing [email protected]. More VIPhone group options can be found by visiting http://groups.google.com/group/viphone?hl=en. --- You received this message because you are subscribed to the Google Groups "VIPhone" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
