X

Why you'll want to install that new iPhone operating system ASAP: Protection from hackers

Though smartphones have yet to become a major target for hackers, even the iPhone has known security flaws. Updating your software is one of the best ways to stay safe.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

Updating your Apple operating system has security benefits. CNET

Updating your iPhone is like doing your taxes. You just gotta get it done.

On Wednesday, Apple released iOS 9, the latest version of the code that powers iPhones and iPads. It has new features like better battery life, advanced search functions and enhanced transit information in its Maps app.

The reason to update, however, is two key security improvements: stronger pass codes and additional security for logging in. As an enticement, it works with any iPhone or iPad made in the last three years. And it's free.

Apple's users should jump at the opportunity. Like desktops and laptops, smartphones are vulnerable to all sorts of hacks. Nearly all devices powered by Google's Android software, for example, could be taken over by hackers who send a simple text message.

Watch this: Apple's iOS 9 arrives for iPads, iPhones, and the iPod Touch

Still, just 11 percent of Apple's users downloaded iOS 9 the first day it was available.

The low number is a harsh reminder of how annoying software updates can be. They're often buggy, sometimes wrecking key functions like cellular connectivity and email reliability. Customers are already complaining that iOS 9 is causing their apps to crash. It's as annoying as paying Uncle Sam every April.

By the first weekend the update was available, things were picking up: The download rate, Apple said, had surpassed 50 percent.

The road that shouldn't be taken

Choosing not to upgrade leaves you vulnerable. Hackers often examine updates to figure out what's wrong with older versions of the software, and then take advantage of users who haven't upgraded. The result is that important data on phones -- banking information, photos, fantasy football lineups -- is left open for pilfering. Hackers could even turn on the microphone and listen in on you.

So far, we've been lucky. There haven't been any major hacks involving smartphones, but security researchers say we should still be diligent.

Consider the disclosure in July of the Stagefright flaw by mobile-security company Zimperium. The flaw, which a researcher found in the software that powers Android smartphones, would let hackers insert malicious programs through a text message. Nearly all the billion Android-powered smartphones sold in the last year could be vulnerable, and it's hard to tell how many will ever receive a fix.

It's not just Google devices; Apple's iPhones have also had flaws. For instance, an update Apple sent in August fixed among other things six flaws in the system that displays Web content on all browsers in an iPhone or iPad. And on Monday, Apple removed from its App Store a number of apps, created with counterfeit software, that contained malware.

Like all security flaws, these holes don't turn into a problem until a hacker writes malicious code that can take advantage of them. But there's a vast amount of these malicious files, called exploits, that security experts don't know about.

"It is unquestionable beyond any shadow of a doubt that running the latest and greatest of anything is what you should be doing," said Christopher Budd, who specializes in communicating about cybersecurity threats for security-software maker Trend Micro.

Installing a software update is more appealing now, isn't it?

Sure, hackers generally have a much easier time on your Web-connected computer, where they can get your trusty laptop to silently download malicious software without even telling you.

That's why the discovery of the Stagefright flaw in Android phones in July was so scary. If more flaws like that appear in smartphones, hackers will have a much easier time sneaking into your phone.

Security experts like Jon Marler, who helps make cybersecurity products at Trustwave, have yet to witness a major smartphone attack. That's not to say it couldn't happen; the flaws are there to abuse, he said, hackers just don't think they're yet worth the effort.

"As there are more and more mobile devices," Marler said, "I think that will change."

Update, September 21 at 7:32 a.m. PT: Added latest figure from Apple on iOS 9 downloads and reference to the removal of some apps from the App Store.