iOS Security of the Lightning Port


(Roger Parish) #1

From the Washington Post: "Apple said the change, which would disable the Lightning port on the bottom of iPhones an hour after users lock their phones, is part of software updates to be rolled out in the fall. Designed to better protect the private information of iPhone users, it will have little obvious effect on most people using the devices but will make it far more difficult for investigators to use extraction tools that attach through the port to collect the contents of seized iPhones.”

The effect that I noticed was that it didn’t charge the battery! Not until I responded to a prompt about a USB accessory and unlocked the (in my case) iPad did it start charging.

I think we may see this behavior sooner than this fall. I’m sorry I can’t be more specific; NDA, you know.


(Doug Miller) #2

Every story that I have read says that charging will be unaffected by this change. This could be just beta behavior that will be fixed; but another question that comes to mind is if you are using a stock Apple lightning connector cable, or a third party cable? And does this happen only when you plug into a USB port on a computer, or does it also happen when you plug into a charger?


(Dave Scocca) #3

I suspect that charging is only an issue when you charge from the computer, not from an outlet. I believe some computers will not send power on the USB ports until they have negotiated with the USB device on the other end. For travel, I got a “charging-only” USB cable, and my iPhone and iPad do not charge when I use that cable to connect to my Windows desktop at work. It only charges when I connect via a normal USB cable.


(Roger Parish) #4

Using a stock Apple cable, plugged into my MacBook Pro.

I’ll have to try a “dumb” charger and see if your guess is right.


(David) #5

This sounds like a nice idea from Apple. Would be even nicer if they made it available to users of one or two generations older iOS! In the Mac world, support for older OSes seems to, at least partially, continue for many years for users who don’t update. With iOS, as soon as an upgrade is out, if you don’t update, you’re history to Apple it seems.


(Al Varnell) #6

iOS doesn’t have a history of working that way. Once a new version is released, older versions are no longer updated. Users able to update are expected to do so and older hardware that can’t be updated are expected to be replaced. Can’t be compared to what most of us have observed with our Macs and OS X / macOS.

-Al-


(Simon) #7

With OS X Apple had to be better. With iOS they think they can dictate the terms. The latter will hopefully get better as iOS market share worldwide approaches more Mac-like levels and Apple realizes they actually have to work for it.


(Jonathan Dagle) #8

You could think of iOS as an appliance model whereas macOS is a traditional computer OS model. Only at the dawn of iOS (before it was “iOS”) has Apple updated the prior iOS version, and that was a decade ago! (https://en.m.wikipedia.org/wiki/IOS_version_history)

Why are people running older versions of iOS? Is there some need?
A new feature like blocking access to USB is an “enhancement” which is likely to be supported on all devices that can run iOS 12.

I know people (and businesses!) still run Windows XP, for goodness sake. If it were in an isolated machine, maybe ok. But running old OS is simply not tenable or safe in this day and age.


(Simon) #9

Nonsense. El Cap and Sierra can be run perfectly fine since they are still supplied with security updates.

There are many reasons good why somebody might chose not to update. Just because you cannot imagine them does not mean they do not exist.

If running such an old version is deemed so terribly unsafe and such a hazard to the wellbeing of humanity, all the more reason for the original supplier (Apple) to ensure they release security updates well after the OS was originally shipped. Of course it’s more convenient for the supplier to just “support” one current version, but why should consumes or the general public for that matter give two hoots about what’s convenient to a corporation with $250B in the bank? Case in point, on macOS they do this quite alright, on iOS they fail, so far. Either market forces or public shaming will eventually bring them to their senses.


(Al Varnell) #10

Some, but not all insecurities. I’d like to think that Apple patches the most important issues, but history has shown they usually just take on the easiest ones.

I can’t disagree that being unsafe isn’t necessarily a good reason to abandon an older OS in and of itself, but it should be a consideration and certainly isn’t “nonsense.”


(David) #11

Perhaps it is a lack of need or interest in new ‘features’ or methods. Lack of interest in drinking the Apple Kool-Aid. It’s clear where Apple and other companies are leading users of their products, how and why. Some of us don’t want to go there, we have a different idea of how a computing device should fit in our lives and perhaps don’t want to or can’t afford to go where Apple sees the puck going.

If a person disagrees with Apple’s model of the future, they shouldn’t be shamed for it or casually tossed aside by Apple after spending thousands of dollars on their products. Eventually yes they can’t support legacy products, but something only a year or two old? Especially if you’re a company with the financial assets of Apple, and supposed commitment to the privacy and security of your users/customers, it’s sad. But so it goes.


#12

I’ve been using Apple products since the introduction of the SE30. I’m still chugging along with with a 14+ year old MacBook Pro that hasn’t seen an update in years, and I have never felt this way. Like age and death, there comes a time when hardware that runs faster and better, and screens have better display. Consumers and businesses stream more content, software advances in quicker time frames, services move into the cloud, etc.

Apple is primarily in the hardware business and does not license Mac OS or iOS; the company almost died the few years they did. Microsoft and Google are dependent on hardware manufacturers. And one of the biggest justifications for consumers and businesses to purchase hardware that runs Windows or Android is price. MS and Google each have a load of manufacturers to keep happy, and billions and billions of buyers who have no need or desire to use any advanced features. They can’t afford to piss the hardware manufacturers off even the slightest bit. And Android and Windows users are notorious for not upgrading to the latest versions.

People buy Apple’s premium priced products because they are the fastest, slimmest, most powerful and advanced hardware with beautiful displays. The super advanced software Apple releases works beautifully (almost always) on the super advanced hardware they sell. Advanced software often won’t run on older models. So I’m not whining that they won’t run on my Mac that belongs on Antiques Roadshow. I’m happy it lasted as long as it has, and I’ll only be upgrading when the new models are released because the trackpad is about to explode.

Google developed Pixel phones to showcase the latest Android technology because manufacturers weren’t building phones to support it, and they need to create consumer demand. But Pixels’ sales aren’t even negligible, and Samsung, etc. making much, if any, profit on the high end Androids.


(Simon) #13

I think Apple themselves show that it can be done if you want to. macOS gets security updates two versions behind. I think a lot of Mac users would mention that as one of the perks of being on a Mac and use as an example of why the Mac is a superior platform.

For iOS Apple obviously has another vision: everybody should always be on the latest, there is NO reason to ‘lag’ behind. Of course we all understand this other vision makes it easier and cheaper for Apple, but more importantly, it’s obvious it helps jack up that adoption figure their marketing loves to use in comparisons with Android.

That’s all swell and dandy for Schiller et al., but obviously not that customer friendly—especially if you’re on older hardware. For those customers that want to be on the latest and greatest it makes no difference, but for those who have reasons to hold back, it puts them at unnecessary risk. But as I’ve mentioned before, I’m optimistic. Once iOS market share has tapered off at a lower level and Apple has to really fight for customers (i.e. once the iPhone craze has worn off), I’m sure they will have to once again put more emphasis on their customers and less on the wishful thinking coming from their propaganda division marketing department. :wink:


(David) #14

There are plenty of reasons to “lag behind”. I have been using Apple products since the early 80s, and I waited in line for the first iPhone when colleagues didn’t quite ‘get it’ what the iPhone was about. I sold my share of Macs and iPhones as an Apple Store worker.
I don’t want what is offered in iOS 11 and later as ‘features’. I like iOS 10 and earlier. It’s just sad to be penalized for not wanting a device/OS that IMHO is worse/more invasive.
Have already gone back to paper calendar and vastly reduced my ‘cloud’ life, am happily existing in the 5GB free iCloud space, etc.
I’m just saying it’s sad that the iOS users are not allowed the, shall we say, ‘respect’, that Mac OS users are given. Fine if you’ve only got enough money as a corporation to exist til the next quarter, but Apple, really, with its stash, just darn sad they don’t seem to care about iOS users who don’t want facial recognition and the device to think for them etc. Oh well. Maybe there are still good ol’ flip phones on ebay…


(Adam Engst) #15

A warning here—if there are any more posts that stray from the topic of the security features Apple is building into iOS 12 to prevent cracking of iPhones, I will delete them.


(Adam Engst) #17

I need to apologize for being so abrupt in my previous post about straying from the topic. Those who only subscribe to the TidBITS Talk category won’t have seen it, but things have been getting quite negative in some other threads, and I lost patience.

As always, please try to keep things constructive and on-topic.


(Richard Rettke) #18

I found your response appropriate. Thank You!


#19

No need to apologize; I’m glad you shut the the big mess down. :heart:


(Jonathan Dagle) #20

Sorry if my question ignited some kind of flamewar. My point was that by rejecting major releases you have to accept that you’re not going to get security updates. I appreciate some may not want new features. And others may feel like security updates should be released for older versions of iOS. Ok, but that’s not how Apple has chosen to do iOS security updates since the dawn of iOS.

What prompted my remarks was confusion about the desire for aUSB connection security update, but not wanting other security updates? That I don’t understand. Maybe I could have made that point clearer, or maybe not.


(Marc Z) #21

The idea that Apple should release security updates for older operating systems is a nice one, but that can be incredibly difficult on a technical level.

Many times, to fix an exploit, Apple has to rewrite portions of the OS. Fixing one “simple” exploit might involve code in a dozen places. When you attempt to do that across multiple OSes, that can get incredibly complicated. What happens when the older OS has different routines than the new one? Apple would end up having to create new fixes for each version, or adding new code to older OSes just to add the fix. It just doesn’t make sense for Apple to use their time in that way, especially when those old OSes are a fraction of a percent of their user base.

It’s far easier and logical for Apple to simply make each OS more secure and encourage all users to run the latest version.

When it is easy for Apple to support older devices/OSes, they tend to do so — like Safari is often updated by itself and available for older OSes as a separate download.