If you’ve invested in iPhone 7’s over Android options for your business because you believe Apple’s software code is far more bulletproof, then you might be disappointed to hear of a glitch in the code that goes by the sobriquet, “GoToFail.” This glitch can allow a hacker access to the mobile devices you purchased for yourself and your employees.
However, the situation is only temporary. Apple is taking steps to resolve this issue. Reuters reports: “Confirming researchers’ findings late Friday that a major security flaw in iPhones and iPads also appears in notebook and desktop machines running Mac OS X, Apple spokeswoman Trudy Muller told Reuters: “We are aware of this issue and already have a software fix that will be released very soon.”
Beware the Man-In-The-Middle
The biggest threat from this glitch is a Man-in-the Middle Attack, or MiTM. These attacks also referred to as a hijacking attack, pose a deadly threat to protecting your sensitive information because they give a hacker a chance to manipulate sensitive data exchange that is happening in real time. An analogy might make this clearer: Imagine that the hacker is eavesdropping on a live conversation and can then fool both parties by impersonating each party. MiTM attacks often manipulate validation certificates, passing off fake certificates as real.
5 Steps to Stay Safe
In the meanwhile, here are 5 steps you can take until the patch becomes available:
- Make sure you are protecting your iPhone 7 from any physical damage by investing in iPhone 7 cases. There is absolutely no point in obsessing over the software glitch while completely ignoring hardware protection. Protect your investment in every way you can.
- Avoid connecting your devices to any insecure networks. Caution your employees against connecting to outside WiFi networks, even password protected networks. For instance, they might want to connect to a WiFi network at a coffee shop, a colleague’s office, or a friend’s place.
- Protect your own company network by keeping access points secure. Also, if you don’t have one already, think about creating a company virtual private network . Although a virtual private network might limit your flexibility, it’s only a slight inconvenience and you’ll be far more secure.
- Protect your business from a MiTM attack by using a web filtering product that scans HTTPS traffic like Sophos Web Appliance. This application decrypts then re-ecrypts HTTPS traffic. There are no certificates to manipulate, which is the primary strategy used by a Man-In-The-Middle hacker. The filtering process does not rely on Apple’s operating system or libraries, thus bypassing the digital certificate validation process entirely. In other words, the Sophos Web Appliance will not be duped by certificate manipulation. It’s not vulnerable to this type of trickery.
- While you might have fallen in love with the versatility and speed of the Safari browser over the years, it’s time to take a break from it. This is because you need to avoid Apple’s SSL/TLS libraries until you can install and apply the promised patch. Use Firefox, Chrome, or Chromium instead. These use their own libraries and will not be vulnerable. In effect, you are immune from any bugs that might be traveling via Apples’ SecureTransport system. Remember, this is only a temporary switch and you can go back to Safari once the coast is clear.
Although the situation is potentially dangerous, you have to remember two things: one Apple is working on a patch that will put an end to the threat; two, you are not helpless while you wait, but can practice the 5 steps outlined here.