Identity Theft

Don’t Use Your iPhone Until You Read This

Comments 0 Comments

Users of Apple computers and iPhones may be shaken to the core at news of a major security flaw that could allow cyber spies and hackers to grab emails, financial information and other data from their devices.

Here’s what you need to know.

1. It’s Time for Some Updates — Right Now.

On Friday, Apple rushed the release of a fix for mobile devices running iOS, and most will update automatically, reports Reuters. The iOSs affected by this bug are as follows: iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2.

You can follow the instructions on how to check your Apple device to see if it is running an affected version of the iOS. If it is, download the latest version and upgrade your iOS. You can also go to your Settings menu to update your system through the “General” submenu.

This is the kind of update that should not be ignored, and it doesn’t take long to install. Apple has pushed out updates for iOS 7 users, as well as for iOS 6 users who’ve been wary to make the jump to the firm’s newest system. The firm has also released an update for Apple TV.

2. What Is This Flaw?

Affecting iOS devices and Mac computers, the bug allows a hacker to view unencrypted traffic that was believed to be encrypted, between the user and a website. What this means is that when doing online banking or ecommerce purchases, all of your traffic could be unencrypted which could result in a man-in-the-middle attack. That’s high-tech eavesdropping in which an attacker on a shared network intercepts the communication between your browser and a site to monitor and record everything that you do over the Web.

The good news: A hacker must be on your local area network to exploit this bug, and if the WiFi or network you are on is using secure methods for access, the risk is minimized. In other words, if a hacker wanted to sit in a coffee shop and monitor WiFi traffic all day looking for affected versions of the Apple iOS, he or she could potentially steal your banking information. So take the cue: Avoid using your devices on a public network at least in the short-term.

3. What Caused the Problem?

According to Adam Langley with Google, the root cause of the bug is a simple inadvertent line of code (“goto fail;” statement) that causes the browser or application to bypass the verification step. Instead, the browser will accept any SSL key during the SSLVerifySignedServerKeyExchange step without verifying the signature of the SSL cryptographic key.

SSL stands for Secure Sockets Layer, and it’s what helps ensure that communication between your browser and your favorite websites’ servers remains private and secure.

4. How Can You Prevent Problems?

If you have an iOS device such as an iPhone or iPad, you need to download 7.0.6 immediately. If you have a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. Apple says it will issue a software update “very soon” for notebooks and desktop machines running Mac OS X, so until that is done, they remain vulnerable. In the meantime, use Google Chrome or Firefox, which aren’t affected on OS X—and make sure you stay on secured networks try to avoid making online financial transactions or sharing sensitive personal details.

More on Identity Theft:

Image: IPGGutenbergUKLtd

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Find out where you stand.
Get your FREE personalized credit report card.

Sign Up Now
X

Stay connected to our experts

Please submit your email address to get credit & money tips & advice
from our team of 30+ experts, delivered weekly to your inbox.