Another New iPhone Security Flaw Offers A Reminder: Turn Off Siri On Your Lockscreen

Apple watchers have been warning for years that Siri’s loose lips can leak secrets from a locked iPhone. Now a new security bug offers a more pressing reason than ever to turn her off on the phone’s lockscreen.

Late last week Israeli security researcher Dany Lisiansky spotted another in a growingseries of bugs in iOS 7′s lockscreen on the iPhone that allows anyone to bypass the security code or fingerprint reader to access the phone’s calling application, contacts, and voicemail. This trick works by using Siri to make a phone call and then triggering a glitch in the phone’s Facetime function.

Lisiansky explains in his step-by-step instructions accompanying the video:

Lisiansky explains in his step-by-step instructions accompanying the video:

1. Make a phone call (with Siri / Voice Control).
2. Click the FaceTime button.
3. When the FaceTime App appears, click the Sleep button.
4. Unlock the iPhone.
5. Answer and End the FaceTime call at the other end.
6. Wait a few seconds.
7. Done. You are now in the phone app.

Here’s Lisiansky’s video showing the trick in action:

In fact, security-conscious users should have disabled Siri on their lockscreen long ago. By default, and apparently by Apple’s design, Siri has long allowed anyone to pick up a locked phone and use voice commands to post to Twitter or Facebook, send emails and text messages, access the user’s calendar, make calls and even ask about specific contacts’ personal information like addresses and phone numbers–including that of the phone’s owner.

While that’s made Siri more convenient, it’s also posed a serious privacy problem. Security pundits like Graham Cluley, formerly of the firm Sophos,have warned since Siri first appeared that leaving the feature enabled on an iPhone’s lockscreen is little better than leaving a phone unlocked altogether. “Even if an iPhone 4S is locked with a passcode, a complete stranger can come up to your smartphone, press the button and give Siri a spoken command,” Cluley wrote back in 2011. “I’m sure you can imagine some of the ways this could potentially be abused.”

Luckily the fix for that problem remains a simple one: Disable Siri on the phone’s lockscreen. In iOS 7, users can do so by toggling the Siri switch under the “Passcode and Fingerprint” submenu (or simply “Passcode” on phones other than the 5s) on the “General” menu of the phone’s settings. If you haven’t done it already, Lisiansky’s new bug presents a good reason to do it now.

The new Siri security flaw is only the latest to plague iPhones since Apple released iOS 7 earlier this month. One user has already shared with me a method of using iOS 7′s “control center” to access its photos, along with all the associated sharing features including email, Twitter, Facebook and Flickr. Another showed me that anyone can make a call from a locked phone by exploiting a second bug in its emergency calling feature.

Apple rushed to provide a fix for those flaws in a software update last Thursday. But Lisiansky’s YouTube video revealing yet another new lockscreen bug was posted just a day later, adding to what may be the buggiest version of iOS yet from a security perspective.

I’ve contacted Apple for comment, and I’ll update this post if the company responds. No doubt it will release a patch for the Siri flaw, too. But users would be wise not to wait: It only takes a few seconds to prevent Siri from spilling your secrets to strangers.

iPhone 5s and iPhone 5c review: Fingerprint sensor worth the extra cost

Passcodes are such a pain that I've relaxed the security settings on my Android phone. I'm willing to forgo the extra safety, just so I'm asked to punch in the code less often. When I got my hands on Apple's new iPhone 5s, one of the first things I tried was a feature that allows you to bypass the passcode using a fingerprint.

I had a lot of fun unlocking the phone over and over again. Who knew biometric authentication could be such a blast?

The fingerprint sensor alone is worth the extra $100 you'll pay for the iPhone 5s over an iPhone 5c. Both phones will come out Friday. In the week I've had with both, I've also been impressed with the better camera and slow-motion video in the 5s.

The 5c, meanwhile, is largely last year's iPhone 5 with a plastic casing instead of aluminum and glass. This isn't cheap plastic, but a type offering the slippery feel of a shiny ceramic tile. It comes in five colors.

(Also see: Apple unveils iPhone 5c and iPhone 5s)

Both phones come with iOS 7, the most radical change to Apple's operating system software for mobile devices since its 2007 debut. Many of the changes are cosmetic, but there are functional improvements such as easier access to frequently used settings and apps.

I will review iOS 7 separately. Many existing iPhone users won't need more than the free update, which is available starting Wednesday. Neither the 5c nor the 5s offers improvements on the screen size, which remains at 4 inches (10 centimeters) diagonally. But new features and new colors may draw you to one of these new iPhones.

iPhone 5s (available in silver, gold or gray; starts at $199 with two-year service contract, or $649 without a contract)
When you set up the 5s, you're asked to tap the home button with a finger several times so the phone can create a mathematical representation of your print. To unlock the phone, you simply tap the home button, and the phone will compare the two taps. You can tap from any angle, even sideways or upside down. This fingerprint ID also works as a way to authenticate the purchase of apps and content within apps.

For security reasons, there are still times you'll need your four-digit passcode, including after 48 hours of inactivity and before adding a new fingerprint. If the phone fails to recognize your print, you can always use the passcode. I had trouble only when my fingers were wet or greasy. One evening, I ordered pizza with an oily pepperoni topping and ate it without a napkin. The fingerprint sensor worked after one slice, but not two. Indian naan bread also threw off the sensor.

(Also see: 10 new features in Apple's iPhone 5s)

Apple says it stores the print data on your phone, in a place that's inaccessible to other apps or to Apple's remote servers. The company also says it's not possible to convert a fingerprint from a police file into something the phone will recognize, as the sensor reads a sub-epidermal layer of the finger. And the finger needs to be live - cutting off a thumb won't work.

I'm convinced Apple has given a lot of thought to security. If you're still uneasy about the fingerprint scan, you can stick with the passcode. The feature is optional.

Meanwhile, the 5S's camera takes better night and indoor shots. Although the main camera remains at 8 megapixels, individual pixels are larger and thus better at sensing light. The camera's shutter also opens wider to let in more light. For flash shots, the camera fires two bursts of light at once, each slightly different in color. The iPhone adjusts the combination of the two colors automatically to match ambient lighting.

I typically avoid using the flash in any camera because its strong burst of whitish light overpowers whatever's in the room. In a hallway with strong yellow light, for instance, the flashes on my high-end camera and the iPhone 5 made the walls white. The 5s, on the other hand, managed to preserve the yellow. I also got better skin tones on some flash shots taken with the 5s. Using the 5c, faces and arms looked more pale.

Night shots without the flash are also sharper. Sometimes, cameras overcompensate for low light by making the few points of light too bright. The 5s typically has those scenes properly balanced.

Of course, these improvements won't make all photos better. Many shots appear the same whether taken with the 5, the 5c or the 5s. In other shots, differences are subtle.

The 5s can also shoot slow motion video. You can choose the parts you want in slow motion and regular speed, and you can change your mind later. A burst mode lets you snap 100 shots in 10 seconds, compared with 40 seconds on the 5c. The phone picks out the best moments and filters out duplicates. The front-facing camera is better than the one on previous iPhones. It has larger pixels for low-light videoconferencing.

Many of these features are possible because of Apple's faster A7 processor. A companion chip, the M7, handles motion-related data without draining as much of the battery, something useful for fitness trackers. All this power is so new, apps taking advantage of them weren't available for me to test.

iPhone5c (available in green, blue, yellow, pink or white; starts at $99 with two-year service contract, or $549 without a contract)
Plastic colors aside, the 5c is mostly the same as the iPhone 5 it replaces, with the older A6 chip and a main camera that's not as good in low light. Because the chip is slower, it couldn't do slow-motion video or take as many shots per second. But it does have the 5s's improved front-facing camera.

The 5c is for those who really want the bright color. If you can afford the additional $100 and can do with silver, gold or gray, get the 5s instead. The fingerprint sensor will make security less annoying, and the better camera will be more useful in documenting life. A hundred dollars isn't that much when you compare it with the full price of the phone.

iPhone 5s Is Three Times More Popular Than The 5c

Localytics analyzed 20 million unique iPhones by U.S. Carrier and the 12 most populous metropolitan statistical areas (MSAs) from Friday, September 20, to yesterday, Thursday 26, to determine the trends for the iPhone 5c and 5s. It has found the 5s to be more popular but that the 5c has been gaining some ground.  (Note my family and I own Apple AAPL -0.74% shares).

One thing to keep in mind as you read the post and look at the graphs is the difference in lead-times between the 5c and 5s. All the models of the 5c are essentially available immediately at the Apple stores and on its and the carriers websites (this is a link to a Google GOOG -0.16% Doc where I’ve been tracking the 5c and 5s lead-times).

The 5s on the other hand has lead-times that range from one to eight weeks. If the 5s models, especially the Gold version, had the same kind of availability as the 5c the percentages and numbers for the 5s would be higher across the board

iPhone 5c and 5s adoption by carrier

Even though Verizon has more subscribers thanAT&T T -0.73% from Localytics analysis there have been more 5c’s and 5s’ activated on AT&T’s network than Verizon’s.  One reason should be due to AT&T having the iPhone since it launched in June 2007 vs. Verizon not getting it until February 2010.

AT&T also has a larger number of customers using the iPhone since a higher percentage of its users have been buying iPhones vs. other handset manufacturers than Verizon customers. Since the 4S was launched AT&T has had between 73% and 82% of its activations be iPhones vs. Verizon’s ranging from 46% to 63%.

The 5c and 5s on the AT&T network account for 1.02% of all active iPhones in the U.S. with Verizon at 0.7%.   Sprint is at 0.18% and T-Mobile is 0.12%.

When you add up the four carriers it shows that the 5s is 1.5% of all active iPhones in the U.S. with the 5c at 0.5%. When Localytics performed the same analysis four days earlier on September 22, the Sunday after the Friday launch, the 5s had a 3.4 times advantage over the 5c.

AT&T and Verizon 5s’ adoption has been slightly higher then the 75% U.S. average while Sprint’s and T-Mobile’s were at 54% and 60% respectively.

http://applephone5snews.blogspot.ie/2013/09/iphone-5s-is-three-times-more-popular.html

San Francisco adopts technology at a higher rate then the rest of the U.S.

New York and Los Angeles had the largest number of 5c and 5s activations with both cities over 0.1% of all iPhones being used, not a surprise given they are the two largest cities. While not a total upset but San Francisco came in third at about 0.8% in total activations even though it is the next to smallest of the twelve MSA locations.

San Francisco also had the highest ratio of 5s’ to 5c’s at 85% to 15%, which demonstrates its early technology adoption culture. Philadelphia had the lowest ratio at 72% vs. 28%.