Let’s be honest, the recent versions of iOS 13 haven’t been all they cracked up to be.
Back in the summer, we were eager to test and try the new security features (OK, we were also really excited about dark mode). Increased user control of app tracking and browser fingerprinting gave us hope that a new chapter had begun, one where security and privacy are prioritized.
However, the rollout of updates since then has been less than amazing.
Across the board, users are reporting issues with Touch ID, Face ID, and even an “exploit” that allows people to extract data from your phone when it’s locked.
Moreover, Kishan Bagaria, a security researcher, discovered what he calls AirDoS. This security bug in iOS 13.2 allows nearby hackers to lock you out of your phone using AirDrop.
Here’s how it works.
AirDoS, or denial of service bug, “enables an attacker to effectively spam any and all nearby iPhones with an AirDrop sharing popup box,” according to Bagaria.
“…Because iOS will block the display on the iPhone until the file being sent via the AirDrop service is either accepted or rejected,” Forbes’ Davey Winder explains, “if an AirDoS attacker keeps sending files repeatedly, then this locks the user out of their device. Locking and unlocking your iPhone will not get you back in either, as the AirDoS attack is as persistent as it is frustrating.”
What’s even more disturbing is Apple’s slow response to this security matter. Bagaria first reported AirDoS in August 2019, and this issue is only being addressed now with iOS 13.3.
“It’s not always going to be possible for Apple to uncover vulnerabilities such as AirDoS, even if it does insist it’s not one, before a significant operating system release,” Jonathan Knudsen, a senior security strategist at Synopsys, explains to Winder.
“I’m concerned that it took quite so long for Apple to address this particular “bug” as Bagaria first reported it in August 2019.”
With iOS 13.3, Apple will finally offer a solution to AirDoS. This update will also include new security measures with native support for FIDO-compliant security keys, like the YubiKey.
Adrian Kingsley-Hughes for ZDNet says, “this means that now authentication is supported using the YubiKey 5 NFC or Security Key NFC by just tapping the YubiKey at the top of an iPhone (available on the iPhone 7 and above).”
While there is concern that Apple will continue to be slow to respond to security bugs, there is also hope that they will take security more seriously in updates to come.