Apple faces three-pronged attack
Publish date: 10 January 2018
Issue Number: 1714
Diary: Legalbrief eLaw
It’s been a torrid festive season for the world’s largest IT company which is fending off attacks over security flaws, manipulation of its old hardware and concerns over the safety of its products for children. In an extraordinary admission, Apple, which prides itself on its security measures, has confirmed all its Mac systems and iOS devices have been affected by two recently disclosed processor flaws. Legalbrief reports that the company said recent software updates for iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box mitigate one of the vulnerabilities. Security researchers said Meltdown and Spectre may ‘get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, e-mails, instant messages and even business-critical documents.’ The two flaws ‘work on personal computers, mobile devices, and in the cloud’, the researchers said. ‘All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,’ Apple said in a post at an online support page. A report on the Fin24 site notes that it advised only getting apps from its online App Store which vets programs for safety, and said it has already released some ‘mitigations’ to protect against the exploit and planned to release a defensive update for Safari on macOS and iOS in the coming days. CNN reports that other major companies rolling out fixes include Microsoft, Amazon and Google. Fixing the problems will slow a computer's performance, experts say, especially on devices more than five years old. The bigger challenge appears to be for companies that deal with a lot of network traffic and considerable processing power – things like cloud computing providers, retailers that process consumer transactions and medical systems that crunch data. Meanwhile, Intel confirmed a report stating that its semiconductors contain a vulnerability based around a chip-processing technique called speculative execution.
Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted. The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. CNN reports that the US Computer Emergency Readiness Team said that while the flaws ‘could allow an attacker to obtain access to sensitive information’, it's not so far aware of anyone doing so. The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a US Government-funded body that researches cybersecurity problems. The UK's National Cyber Security Center advised organisations and individuals to ‘continue to protect their systems from threats by installing patches as soon as they become available’.
Meanwhile, Apple is facing lawsuits over revelations that it intentionally slows down older iPhones without user consent. The company has admitted to slowing down the iPhone 6, 6S, 7 and SE when their batteries are either old, cold or have a low charge to prevent abrupt shutdowns. Two separate class-action lawsuits were filed last month. The Guardian reports that they were brought by plaintiffs in California and Illinois, who argued that Apple did not have consent to slow down their iPhones. ‘Apple purposefully and knowingly released operating system software updates to iPhone 5, iPhone 6 and certain iPhone 7 phones that slowed the performance speeds of the central processing units (‘‘CPUs’’) of these devices,’ said the plaintiffs in a filing in the Northern District of the State of Illinois. CNN reports that Apple insists the updates were made with a different goal in mind: It said the performance of lithium-ion batteries degrades over time, which can sometimes cause phones to suddenly shut down in order to protect their components. The company said its software updates for the iPhone 6, iPhone 6S, iPhone SE and iPhone 7 are designed to ‘smooth out’ peak power demands, prevent these surprise shutdowns and ultimately prolong the lifespan of batteries. Doron Myersdorf, CEO of instant-charging battery start-up StoreDot, said that ‘smoothing out’ means that phones will reorder incoming commands to make sure not all of them are done in parallel.
Tennessee pupil Tyler Barney discovered that the poorer performance was linked with the phones’ lithium-ion batteries when it took seconds longer to type on his iPhone 6s. He is being credited with discovering the suspected ploy after noticing problems with his iPhone 6s and testing it against his brother’s iPhone 6 – which is an older model but a year younger than his. The Express reports that he said his brother’s phone was noticeably faster. After doing some online research, Tyler came across a suggestion to replace the battery in his phone which improved the performance. He is quoted in the report as saying: ‘It worked and after that I made a post about it so I could let people know how they can speed up their phone. Your phone takes too much power for the battery to handle when your battery gets old.’
In other developments, two large shareholders have urged Apple to study whether iPhones are proving addictive for children and that intensive use of the smartphones may be bad for their mental health. ‘There is a growing body of evidence that, for at least some of the most frequent young users, this may be having unintentional negative consequences’ on their health, said Jana Partners and California State Teachers' Retirement System in a letter sent to Apple. A report on the Fin24 site notes that they said the ‘growing societal unease’ over the intensive use of smartphones by children is ‘at some point is likely to impact even Apple’. The two shareholders, which between them own about $2bn in Apple shares, called on Apple to develop additional means for parents to restrict the use of mobile phones by their children.