Don't let your iPhone turn against you

Installing Apple's latest patch will help you keep attackers out of your phone and your life.

Laura Hautala Former Senior Writer

Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.

Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials

2022 Eddie Award for a single article in consumer technology

See full bio

Laura Hautala

Jan. 20, 2016 3:20 p.m. PT

2 min read

Update your iPhone to keep it out of the hands of hackers. A flaw revealed Tuesday could let a bad guys sneak in and steal your information.
Sarah Tew / CNET

Your iPhone could be watching you.

Apple on Wednesday issued a patch for a flaw that could let hackers hijack your phone, copying what you type and making purchases without your knowledge. To do that, hackers would have to create a fake Wi-Fi network that you would then connect to. After that, your phone's information is up for grabs.

There's no indication that any bad guys have actually done this, but it's a useful reminder to guard the information we've stored on our phones.

"We live off of these things," said Reg Harnish, CEO of cybersecurity firm Greycastle.

In the past decade, phones have gone from pocket-size communicators to the center of our world. We buy and sell things with our phones, or do our taxes, check our bank accounts, and communicate with everyone we've ever met. Our phones are like a fingerprint of our lives.

So while iOS 9.2.1 -- which also happens to be the first public (as opposed to beta) update of iOS 9.2 -- might look like a minor update, it's still important to install.

Apple declined to comment on the vulnerability, which researchers at cybersecurity firm Skycure reported to the company in June.

Skycure researcher Adi Sharabani said attackers could do all sorts of damage once they've snared your phone on their fake network. They could steal your cookies, which are stores of information that browsers use to communicate with websites. Often, cookies contain your passwords. And they could leave behind malicious software on popular banking and email websites that would record your typing the next time you tried to log in. That email password alone, is gold. With it, hackers could potentially steal all your other passwords.

"Attackers have list of most important data they are looking to get," Sharabani said.

Apple isn't the only company dealing with major security flaws. Android phones have a flaw, revealed Tuesday, that could give intruders access to the device's core -- allowing them to rewrite the phone's software and take your information. Unfortunately, it will take a while before all Android phone users can install a patch. Unlike Apple, which controls its own universe, it's up to the different phone carriers to issue their fixes.

The Android operating system runs far more smartphones than iOS: at the end of 2015, almost 83 percent of smartphones ran on Android, while iOS ran just under 14 percent, according to the business analysis firm IDC.

Now that smartphones rule our world, it pays to be vigilant, said Harnish. Look at those numbers from IDA another way, and you'll see that the two operating systems run 97 percent of smartphones worldwide.

That's a mighty tempting target for attacks.