Obviously, it's because there's a massive double standard. Apple is held to different standards than everyone else.
Apple holds themselves to different standards don't they, as do their users? That's why a stumble by Apple gets more attention. Not being "any worse than Google" isn't nearly good enough is it?
Despite Android's numbers not enough people care about Android for it to be a big deal. It's not that people are more rational it's about the mindshare making it newsworthy, like some actor who is a household name one year just to be forgotten the next. Apple has seemingly done the impossible by continuing generating more and increasingly dominant mindshare and holding it for so very long. I guess if you look at the single issue it's better for Google than Apple in this case and Apple needs to be more diligent because anything out of place will be dissected to the fullest degree but in the big picture everyone wants to be Apple.
Wow...that was so perfect...i was trying find a way to explain Apple's mindshare and you nailed it!
It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
True. 11 guesses gives an attacker fairly good odds of guessing it though.
Where I work we have numbered locks on the doors and when I get bored I try to guess the codes. Most of the time it's under a dozen guesses or so and your in. You could use the longer alpha-numercial password to be safer.
I was mostly kicking back against how poorly the whole thing is being portrayed by the tech press. Everyone is saying this is a "bypass" of the lock screen for example when it's really only a partial bypass. Access to the phone itself is not given.
Also, it requires physical access to the phone, which if an attacker has, they could simply take your phone and take it back to their home in which case it's easy to break in. Any attack that requires physical control of the device is not really a security flaw in the same way as a "real" security flaw that could allow someone to access your stuff without your knowledge or consent. By giving them physical access, you are essentially complicit.
Finally, as others have pointed out, Android has numerous ways to *completely* bypass the lock screen (not partial), and no one gives a flying f*ck about that.
IMO it's just shameless the way this has been put forward by the tech press as some kind of giant serious security flaw when it isn't even close to that.
I agree with your other points. Getting my voicemail, photos, and contacts wouldn't concern me (much); getting into my mail and apps would be a BFD.
But your assertion that 11 tries (without having seen the phone being unlocked) gives one "fairly good odds" is nonsense. .999^11 = .989. Ok, the fact that 1.1 times out of a hundred a random dude could guess your pin before it's disabled is higher than you'd like. But 1 in a 100 a very long, long shot by most definitions.
(I just just checked my phone to see if fingerprints would give away what numbers I tend to type, and was pleasantly surprised that whatever coating Apple uses is pretty darn good: no smudges, no fingerprints.)
It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
An excellent point and the reason that I won't try this.
Not sure it shows AI as not having respect for human life - but I have to wonder why AI would give the video creator more attention over a pretty clunky sort of a hack.
It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
Not sure about elsewhere, but here in the UK its on offence to call 911/999 without good cause. Better make sure you cancel that call damn quick as I'm pretty sure trying out an iOS exploit is not good cause:-)
It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
It said to try 112 in the video, so I tried it figuring it was just a random junk number that went nowhere. Found out the hard way the it works in the U.S., same as 911.
It's an issue and it will be fixed. Much like typing the file slash slash thing was. The only people this effected were the ones trying it out themselves. Blown out of proportion, yes. Still needs to be addressed, yes. If you care about it that much, don't let anyone you don't trust use your phone. Perfect interim solution.
A poster on MacRumors for the same story states that if you turn off Simple Passcode, and require more than the 4 numbers, this "exploit" no longer works.
Just remember that it is illegal to call 911 for any purpose other than to report an emergency. Even if you think you have canceled the call, it could still go through and your phone number and GPS location will be logged. I imagine that if you do this a bunch of times while trying out the hack or demonstrating it to others you could receive an visit from the police. I worry that this hack has the potential to snarl the 911 system and prevent people in real emergency situations from getting through. DON'T DO IT!
"Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "
Coincidentally, maybe, but Ironically???
Cant see the irony here....
Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".
Pretty much. It would be great if Windows news sites reported the endless glitches in Windows that have been there since Win 98 and are still there. Every time I use a feature that not every person on the planet uses, I get punished for it with glitchy behavior. If you have to ask for examples, I'm not going to bother because you clearly don't use Windows from top to bottom. I've watched the difference between average and even power users and myself. I'm dohbg nothing strange but I am using things not everyone regularly. Surprisingly, a lot of junk exists for users that are heavy drag and drop and context menu users. I figured that stuff was common.
While we're at it, why don't these Mac news sites care to talk about broken features in Mac OS? Have an IMAP mail server that requires a prefix? Use Notes app on Mountain Lion to sync notes on your own IMAP server?
A poster on MacRumors for the same story states that if you turn off Simple Passcode, and require more than the 4 numbers, this "exploit" no longer works.
Off-topic, but I've always wanted to allow international keyboards on the non-simple passcode screen.
I know enough of a non-Latin character language that I'd like to make a phrase from it for my passcode, but the OS won't let me use the keyboard I have enabled elsewhere within it.
IMO it's just shameless the way this has been put forward by the tech press as some kind of giant serious security flaw when it isn't even close to that.
Okay, I'll bite.
So say that I'm the head of IT security for Home Depot and we have just switch all of our phones for middle management and such over to the iPhone because we experienced some downtime on Rim/Blackberry's network (Plus seemed to be asleep at the wheel). I would be disappointed by this news because I was promised an enterprise level security system that was at least on par with Rim's phones. Instead now I have the potential for my phones to be stolen (even by other employees) and they can read my email.
Now let's change the company and put a major financial company who are using iPhones and some finance guys misplaces his phone that contains lot of sensitive information.
So yes I would see this as a major security flaw and it should be pointed out because Apple has always claimed how they are ready for Enterprise and how their OS is perfect. If you have the balls to say your are perfect, you better damn well be because if you are not and people find out about it, I will have a hard time feeling that you don't deserve it a little bit.
It's a joke. I can almost guarantee that the person who created the video is not the same person who figured this trick out.
More likely, he (or someone he knows) hangs out on iPhone hacking IRC channels (like the ones used by the iPhone dev team members) and somehow overheard (or purchased) this information from someone close to one of the people who does the real hacking. Those guys are rarely online, let alone spending time making videos of themselves, because they're busy working at figuring hacks like this out (for the purpose of developing them into jailbreaks).
The click money/ad revenue earned from being the first person to post a video of such hacks is worth a lot. As is the reputation of your site as being "the place to go" to get this information first. Wouldn't surprise me at all if a fair bit of money changed hands over this.
Comments
Quote:
Originally Posted by jragosta
Obviously, it's because there's a massive double standard. Apple is held to different standards than everyone else.
Apple holds themselves to different standards don't they, as do their users? That's why a stumble by Apple gets more attention. Not being "any worse than Google" isn't nearly good enough is it?
Originally Posted by Gatorguy
Aple holds themselves to different standards don't they? That's why a stumble by Apple gets more attention.
Funny how holding oneself to any standard whatsoever is considered "higher" these days.
Quote:
Originally Posted by SolipsismX
Despite Android's numbers not enough people care about Android for it to be a big deal. It's not that people are more rational it's about the mindshare making it newsworthy, like some actor who is a household name one year just to be forgotten the next. Apple has seemingly done the impossible by continuing generating more and increasingly dominant mindshare and holding it for so very long. I guess if you look at the single issue it's better for Google than Apple in this case and Apple needs to be more diligent because anything out of place will be dissected to the fullest degree but in the big picture everyone wants to be Apple.
Wow...that was so perfect...i was trying find a way to explain Apple's mindshare and you nailed it!
Originally Posted by peterm7
…AppleInsider should have more respect for human life than this.
I think that's a little overboard.
Quote:
Originally Posted by Gazoobee
True. 11 guesses gives an attacker fairly good odds of guessing it though.
Where I work we have numbered locks on the doors and when I get bored I try to guess the codes. Most of the time it's under a dozen guesses or so and your in. You could use the longer alpha-numercial password to be safer.
I was mostly kicking back against how poorly the whole thing is being portrayed by the tech press. Everyone is saying this is a "bypass" of the lock screen for example when it's really only a partial bypass. Access to the phone itself is not given.
Also, it requires physical access to the phone, which if an attacker has, they could simply take your phone and take it back to their home in which case it's easy to break in. Any attack that requires physical control of the device is not really a security flaw in the same way as a "real" security flaw that could allow someone to access your stuff without your knowledge or consent. By giving them physical access, you are essentially complicit.
Finally, as others have pointed out, Android has numerous ways to *completely* bypass the lock screen (not partial), and no one gives a flying f*ck about that.
IMO it's just shameless the way this has been put forward by the tech press as some kind of giant serious security flaw when it isn't even close to that.
I agree with your other points. Getting my voicemail, photos, and contacts wouldn't concern me (much); getting into my mail and apps would be a BFD.
But your assertion that 11 tries (without having seen the phone being unlocked) gives one "fairly good odds" is nonsense. .999^11 = .989. Ok, the fact that 1.1 times out of a hundred a random dude could guess your pin before it's disabled is higher than you'd like. But 1 in a 100 a very long, long shot by most definitions.
(I just just checked my phone to see if fingerprints would give away what numbers I tend to type, and was pleasantly surprised that whatever coating Apple uses is pretty darn good: no smudges, no fingerprints.)
Quote:
Originally Posted by peterm7
It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
An excellent point and the reason that I won't try this.
Not sure it shows AI as not having respect for human life - but I have to wonder why AI would give the video creator more attention over a pretty clunky sort of a hack.
Quote:
Originally Posted by peterm7
It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
Not sure about elsewhere, but here in the UK its on offence to call 911/999 without good cause. Better make sure you cancel that call damn quick as I'm pretty sure trying out an iOS exploit is not good cause:-)
Quote:
Originally Posted by peterm7
It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
It said to try 112 in the video, so I tried it figuring it was just a random junk number that went nowhere. Found out the hard way the it works in the U.S., same as 911.
A poster on MacRumors for the same story states that if you turn off Simple Passcode, and require more than the 4 numbers, this "exploit" no longer works.
Pretty much. It would be great if Windows news sites reported the endless glitches in Windows that have been there since Win 98 and are still there. Every time I use a feature that not every person on the planet uses, I get punished for it with glitchy behavior. If you have to ask for examples, I'm not going to bother because you clearly don't use Windows from top to bottom. I've watched the difference between average and even power users and myself. I'm dohbg nothing strange but I am using things not everyone regularly. Surprisingly, a lot of junk exists for users that are heavy drag and drop and context menu users. I figured that stuff was common.
While we're at it, why don't these Mac news sites care to talk about broken features in Mac OS? Have an IMAP mail server that requires a prefix? Use Notes app on Mountain Lion to sync notes on your own IMAP server?
No one gives a damn.
Originally Posted by Dontuwish
A poster on MacRumors for the same story states that if you turn off Simple Passcode, and require more than the 4 numbers, this "exploit" no longer works.
Off-topic, but I've always wanted to allow international keyboards on the non-simple passcode screen.
I know enough of a non-Latin character language that I'd like to make a phrase from it for my passcode, but the OS won't let me use the keyboard I have enabled elsewhere within it.
Quote:
Originally Posted by Gazoobee
IMO it's just shameless the way this has been put forward by the tech press as some kind of giant serious security flaw when it isn't even close to that.
Okay, I'll bite.
So say that I'm the head of IT security for Home Depot and we have just switch all of our phones for middle management and such over to the iPhone because we experienced some downtime on Rim/Blackberry's network (Plus seemed to be asleep at the wheel). I would be disappointed by this news because I was promised an enterprise level security system that was at least on par with Rim's phones. Instead now I have the potential for my phones to be stolen (even by other employees) and they can read my email.
Now let's change the company and put a major financial company who are using iPhones and some finance guys misplaces his phone that contains lot of sensitive information.
So yes I would see this as a major security flaw and it should be pointed out because Apple has always claimed how they are ready for Enterprise and how their OS is perfect. If you have the balls to say your are perfect, you better damn well be because if you are not and people find out about it, I will have a hard time feeling that you don't deserve it a little bit.
Originally Posted by zippy2shoes
…Apple has always claimed how… …their OS is perfect.
Nah. Try again. This time without trying to counter what you perceive as "fanboyism" with antifanboyism.
If you have the balls to say your are perfect…
If you have the balls to claim someone says that, you better back it up.
Quote:
Originally Posted by SolipsismX
Wow!
It's a joke. I can almost guarantee that the person who created the video is not the same person who figured this trick out.
More likely, he (or someone he knows) hangs out on iPhone hacking IRC channels (like the ones used by the iPhone dev team members) and somehow overheard (or purchased) this information from someone close to one of the people who does the real hacking. Those guys are rarely online, let alone spending time making videos of themselves, because they're busy working at figuring hacks like this out (for the purpose of developing them into jailbreaks).
The click money/ad revenue earned from being the first person to post a video of such hacks is worth a lot. As is the reputation of your site as being "the place to go" to get this information first. Wouldn't surprise me at all if a fair bit of money changed hands over this.