Bad Astronomy

ALERT: How to Fix a Major Security Flaw in Apple Mobile Devices

On Friday night, Apple announced a major security flaw in its software for mobile devices. And I do mean major—it left users open to a “man in the middle attack”. That’s pretty bad. If you used an unsecured Wi-Fi connection (at a coffeehouse, hotel, airport, etc.), this flaw could allow someone to interject themselves electronically into transactions you make on your iPhone or iPad, allowing them to access a lot of your information you thought was secure (like, say, credit card numbers).

This flaw has been around a while (and it looks to me like it was due to a cut-and-paste error in some code), but Apple just issued a patch that should fix it. If you use an Apple mobile device, stop what you’re doing right now and upgrade to the new version of the mobile OS—ZDNet has a good article with details.

(Update, Feb. 23, 2014, at 02:00 UTC: Apparently, this is worse than I thought. Ars Technica has details, but OSX apparently has a flaw in it as well. Yikes. Thanks to Brian McNett for the tip.)

(Update 2, Feb. 23, 2014, at 17:30 UTC: Well, this gets better and better. A lot of people are reporting that upgrading their devices are causing them to “brick”, that is, freeze up—if you can’t access that link, try here. That’s essentially what happened to me, as outlined below, so have a care.)

Nerd rage
Nerdrage inception.

Photo by Phil Plait, used by permission

It’s easy to do the upgrade (though your kilometerage may vary). All I had to do was plug my device into my computer, open iTunes, click the button for the device I just plugged in, and then looked for the button that says, “Check for update.” Click, and away I went. In your case, it may pop up an alert kickstarting this first when you plug the device in. Another way is to do it on the mobile device itself: Go to Settings, then General, then Software Update. It’ll help you from there.

Of course, it wasn’t that simple for me.

(Note: What follows is part overly detailed cautionary tale, part rant, and is particular to the problem I had. If you upgrade successfully, feel free to skip over this and just go play the weekly Slate news quiz instead. Do NOT take what I say below as advice; what worked for me might not work for you, as you’ll see. For all I know it’ll make your iPad dissolve or explode or slip into an alternate dimension. If you have a problem upgrading you can’t solve, I suggest using Google, or talking to someone at your nearest Apple store.)

Now having said that, I had some trouble upgrading. I have an iMac that’s up-to-date, an iPhone 4S, and an iPad 2. The iPhone upgraded just fine, and it took about 15-20 minutes.

The iPad upgrade, though, was something of a disaster. The device disconnected itself in the middle of the upgrade for some reason (I really don’t know why; I had it sitting off by itself on the corner of my desk; all I can think of is the cable got bumped). Interrupting the process is never good, and in this case it totally freaked out my iPad. I lost everything on it and it wouldn’t even show me my home screen!

Being an alpha geek, though, I had a complete backup stored on my computer, so I didn’t panic. I disconnected the iPad, reconnected it, and then reset it to the factory settings (which is just a button on the iTunes screen when you plug the iPad into your computer). I then simply restored it from the backup …

… which didn’t work. Oh, all my apps came back, but the only music that showed up in my Music app were a handful of albums I recently bought through iTunes. Last year I spent a dreadful weekend importing all my old CDs into iTunes, and those were gone off the iPad. Weirdly, they were still in iTunes on my Mac; they just wouldn’t sync with the iPad.

Then I noticed my videos were gone as well; I have a few I made on my iPhone and camera that I’d moved over to my iPad, and they simply weren’t there (though again, they were in iTunes, and marked specifically to be synched). Nothing I did would sync them back!

I poked around a bit, and saw that in the Music tab for my iPad on iTunes, my Playlists were checked to be synched, but the other lists (Artists, Albums, etc.) were not. Curious. I checked all the boxes listed under Artists, and resynched the iPad to see if at least they would get moved over.

Voilà! All the music showed up (including the other lists). Not only that, all my videos did too. They were not there before, and then they were. I have no clue why, so I assume it was gnomes (who will, no doubt, jump right to Step 3).

I’ll note that I’ve been using computers a long, long time (the first machine I ever used was a PDP 11 in case you’re tempted to get into a “well, I started off using a blah blah blah” war with me), and stuff like this makes me fairly irritated. The original OS error looks like an honest if terrible mistake, and I’m sure some coder at Apple is having their head handed to them right now over this. But it’s when I try to use my stuff as a human being that I can feel my blood pressure rise. Windows, Mac, it doesn’t matter; the interface between human and computer seems to be getting more difficult, not easier. And I’m not pleased I had to spend hours diagnosing this when I have better stuff to do, like write about anti-science and politics and generally things less irritating than computer nerdery.

I don’t know if my iPad upgrade problem is common or not, though one colleague at Slate also had the same thing happen (and he has an iPad 4). I’d hate to be an Apple genius right now; the phone calls will be flooding in, I’d wager.

As it happens, my iPad is getting pretty long in the tooth, and it’s time for me to replace it. I was leaning toward getting the shiniest new iPad (I do like much of the way it works), but this has given me pause. I guess I’ll be hitting the Interwebs and looking at reviews of what’s out there.

Thus endeth my tale of iWoe. I certainly hope things go more smoothly for you, BABloggees. And as a final note: Whether you use Apple, Windows, or what-have-you, I do suggest getting yourself a VPN. I’m not sure it would’ve helped in this case, but I find it very useful indeed when I travel. Obviously, computer security is a major issue. Our privacy online is getting eroded away and having beefed-up security is simply A Good Idea.