Security Threats Awaits OS X Yosemite And iOS 8

By on

Apple has introduced a series of new features and technologies in the Worldwide Developers Conference. Those that brought huge applause are OS X Yosemite and iOS 8 operating systems.

iOS 8 brings in new openness to the operating system. The company's press release said it's their biggest developer release ever with more than 4,000 new application programming interface calls.

Apple wrote "iOS 8 allows developers to further customize the user experience with major extensibility features." But the openness invites security challenges as CNET reported more openness in Apple's mobile operating system that is great for developers and an enticement for hackers.

Richard Henderson, a security strategist at Fortinet's FortiGuard Threat Research and Response Labs, suggested the focus on continuity or seamless integration between OS X and iOS user experience may potentially be problematic for organizations and users.

Security Watch highlighted security challenges that can be faced by anyone thinking of participating in the public beta program.

1.   Where is the Data Getting Stored?

The Handoff feature allows users to start working on something on iPad exactly from where they left off on the Mac. This process leads to many questions such as how exactly would Apple transmit information from one machine to another, whether Apple encrypts the data stored on iCloud servers and whether Apple can be asked to hand over information when faced with a National Security Letter or court order.

Henderson suggests an ideal situation where Apple would use end to end encryption since devices could generate private and public keys when setting up everything.

2.      Password Free Hotspots Are a Threat

The Instant Hotspot helps users to share Internet connections without any password. This could be problematic especially in a public area, where anyone who can see and connect to the phone can wind up stealing bandwidth. Also, putting all these behind the iCloud account for security means only devices gets authenticated and Apple can take advantage of the hotspot feature.

3.      Health Data is Not That Private

The HealthKit and Health app monitor heart rate, blood pressure, blood glucose levels and smart weigh scales. The health emergency ID screen, which also includes medications, can be accessed from the lockscreen easily. These features could be abused as it is visible to anyone who touches the phone.

4.      Spotlight Data Has no location

Spotlight on both OS X Yosemite and iOS 8 will search data from sources like Wikipedia, Maps, Yelp reviews and news articles. It is unsure where Spotlight data are being stored, whether it is locally or on iCloud servers so that other devices can access the data. If Apple is building customer activity profiles similar to what Google does, then Apple should remove the profile when it is not in the Apple ecosystem.

Join the Discussion