iOS 12: The Strengths and Weaknesses in iOS 12's New Security Features
Stylish features and security.
by Danny PaeziPhone and iPad users no longer have an excuse to have crappy passwords: Apple’s recently released iOS 12 software rolled out a handful of security features that make it simpler to secure your devices and online accounts. That said, some of these features are easy to misuse, making it all the more important to take full advantage the improvements to Apple’s made to the iPhone’s security.
The updated was recently blasted to all Apple users’ on September 17, and introduced a number of interesting capabilities like Screen Time and a built-in augmented reality measuring tool.
But the Cupertino-based company also made it a point to make sure its fans are mindful with their sensitive information in a time when there could be well over a thousand major security breaches in a single calendar year.
iOS 12 Security Flaws: The 2 Factor Authentication Double-Edged Sword
Two-Factor authentication (2FA) — that code your bank sends your phone or a separate email account to make sure you’re the one trying to change your password — can make it extra difficult for hackers to gain access to your account. But a survey conducted by cybersecurity company Duo Security found that only 28 percent of Americans make use of 2FA. iOS 12 trying to fix that, but it might come at a cost.
The software will now automatically copy that code to your phone’s keyboard app so you can input it into the website without having to memorize it. This takes any hassle out of using the security measure, but there’s a slight chance that the software could copy other codes that it shouldn’t, known as a transaction authentication number (TAN).
TAN notifications are primarily used by European banks and notify users when a transaction has been made and for how much. But if iOS 12 can’t tell the different between a TAN and a 2FA message, then the whole point of TAN could be lost.
“Unless this feature can reliably distinguish between OTPs in 2FA and TANs in transaction authentication, we can expect that users will also have their TANs extracted and presented without context of the salient information, e.g. amount and destination of the transaction,” writessecurity information security doctoral student, Andreas Gutmann in a blog post. “Yet, precisely the verification of this salient information is essential for security.”
For now, American banks don’t make use of TANs but this could be an issue for European iPhone and iPad users.
iOS 12 Security Flaws: AirDrop Passwords Could Be Intercepted
Along with pretty much consolidating third-party password managers, iOS 12 now lets you share that login information via AirDrop. This could be beneficial if you want to, say, share the credentials for a Wall Street Journal subscription. But this presents more issues than it solves.
AirDrop uses Bluetooth and Wifi to transfer data, and there have been past instances where malicious actors have been able to compromise this connection by dropping malware into users’ devices.
iOS 12 Security Features: Built-In Password Manager and Auto-Fill
Password managers like LastPass and 1Password are great, but hopping back and forth between the apps to copy and paste can be annoying. Apple’s new mobile software now integrates them straight into the settings menu.
Tap the Settings app scroll down to Passwords & Accounts to access all of your saved passcodes. You can even activate AutoFill Passwords to have iOS 12 plug in your email and password to your Facebook or Reddit account.
So don’t be worried about creating a 20-character password. Your private data will thank you later.
iOS 12 Security Features: Password Generation
Piggy-backing off of the the Autofill feature, iOS 12 will also generate a “strong” password — or a long string of letters, numbers, and symbols — for you and save it to your password manager or iCould Keychain. You can even ask Siri to show you one of your passwords by saying “Siri, show me my New York Times password.” The voice assistant will then prompt you for your iPhone’s passcode, Touch ID, or Face ID and then reveal it.