Once is bad luck, twice is careless

Rather embarrassing for Apple; even if your iOS 6.1 iPhone is locked, a simple sequence of keys gives the phone holder full calling rights. A thief can lift your locked iPhone from your bag, make and cancel an emergency call - because all smartphones allow 999/911 dialling without unlocking, for public safety reasons - and then press the power button twice to be granted the ability to call any number that your phone can normally call. The thief could spend an hour on a 0900 number with Big Brenda and her Bosoms, or if you have international dialling you will find twenty calls to Romania, Bulgaria and/or Nigeria on your bill. Apple is reportedly working on a fix. If you stand outside their HQ on Infinite Loop, Cupertino, you can probably hear the cracking of whips and the screams of user interface engineers.

Why is this embarrassing? Well, almost exactly the same flaw affected iOS 4.1 back in 2010. What this tells me is that phone security is not systematically tested by Apple. If it were, they would have been looking for precisely this flaw. One of the most basic principles of software testing is that you should never discover the same bug in production twice - after the first discovery you should create a test that reproduces the flaw, then make the fix, and verify that the fix actually addresses the test. The test is then re-run on every single build you make in the future - if the flaw returns, the test will fail.

The only difference between the original and new flaw is that in the original flaw you only had to hit the lock button once, whereas in the new one you need to hit it twice. If I were in charge of security testing in Apple - I'm not, by the way - I would have the emergency calling feature identified as a high-risk gateway to the phone's functionality and I'd be user-testing and code-scrutinising like crazy to try to spot flaws like this.

This flaw is not a big deal in and of itself - Apple will release a fix, the iPhones will auto-update via iTunes and the problem will be solved. Maybe a few thousand people will fall victim to the flaw before it is fixed. What the flaw indicates, however, is that Apple is pressuring phone development and skimping on testing and security. This is not going to be an isolated problem.

No comments:

Post a Comment

All comments are subject to retrospective moderation. I will only reject spam, gratuitous abuse, and wilful stupidity.