New Apple Software Bug Renders iPhone Wipe Feature Useless (AAPL)
Another day, another Apple (NASDAQ: AAPL) glitch.
This one, discovered by Berlin’s Security Research Labs and reported by Reuters, involves thwarting a safeguard that supposedly allows victims remotely to wipe their stolen iPhone of data.
The problem, according to the company (also known as SRL) is that if the thief puts the stolen phone in airplane mode, it cannot be ‘wiped’ since iCloud could not communicate with the phone in order to delete its content.
Of course, an iPhone in airplane mode is not a very useful device – especially considering the fact that it would still be locked. Cutting off access from iCloud, however, gives the thief time to unlock the phone, gain control of data, access email accounts and even eventually take over the user’s bank accounts, according to SRL.
In addition to the airplane mode software bug, SRL said it had found an easier way to crack the iPhone fingerprint scanner than the one first discovered by German hacker group, Chaos Computer Club.
Related: That Was Fast: Apple's Touch ID Already Hacked(AAPL)
The company detailed its findings in videos posted on its website. SRL told Reuters it had shared its discoveries with Apple, which has declined to comment. This is not unusual since companies rarely discuss security flaws until they have conducted their own research and provided a fix.
The latest glitch marks the fifth security bug in the new iPhone 5S and the iOS 7 operating system discovered since July. Apple has addressed some of those issues and is likely working on all of them.
Using both the airplane mode feature and the easier Touch ID hack, SRL project manager, Ben Schlabs gained access to the user’s email address. From there he went to Apple’s website and engineered a password reset.
After turning off airplane mode for a few seconds and resetting the email password, Schlabs said it was possible to take over the phone.
"Once you have access to the email,” Schlabs said, “you can engage in total online identity theft. You can get bank credentials or anything else."
Hacking expert, Chris Morales, in discussing the SRL findings said, "As bad as passwords are, it's more secure to know something than to be something. Biometrics only extends security for people who are extremely lazy."
SRL had suggestions for Apple about how to solve this issue:
- Make airplane mode inaccessible from the lock screen by default.
- Warn users not to store password-reset email accounts on their devices.
- When a device is lost, users should revoke its privileges.
- Do not let a thief know how the device is protected.
- Email account access should be possible only after wipe or don’t-wipe status is retrieved.
At the time of this writing, Jim Probasco had no position in any mentioned securities.
(c) 2013 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.