In this week’s Cyber Blurbs Roundup, we look at a critical iPhone update, Google’s decision to mandate 2-step verification, and Tile’s response to Apple’s AirTags.
Apple Releases Critical iPhone Update
Late last month, Apple finally unveiled its consequential update to iPhone and iPad OSs: iOS (and iPadOS) 14.5. Days later and with far less fanfare, Apple quietly released another consequential update: iOS 14.5.1.
“This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it,” Apple wrote in its release note. “This update also provides important security updates and is recommended for all users.”
We’ll save our criticism for the “also provides” treatment this security update received for another day; let’s go ahead and focus on that last line.
While incremental, the latest iteration of the Apple operating system brings with it a critical security patch to address a flaw where “processing maliciously crafted web content may lead to arbitrary code execution.” Worse yet, Apple admits it is “aware of a report that this issue may have been actively exploited.”
In other words, update your devices as soon as you can. With the update available since May 3, we’d actually say “right now” would be the ideal time to patch your device if you haven’t done so already.
The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod Touch 7th generation.
The latest pair of vulnerabilities brings the number of Apple-related zero-days (critical flaws unknown to users and developers alike) that have been actively exploited to seven in 2021. That’s just one behind Chrome for the top spot as the most targeted software platform this year.
Google to Require 2FA by Default
Google will soon no longer allow its users to simply phone it in when it comes to their security practices. On May 6, the company announced that it will begin automatically enrolling its users into two-step verification (2SV) for its Google accounts.
For those unaware (and please, let that only be like one or two of you), 2SV involves using a mobile device as an additional source for authentication when logging into an account. Usernames and passwords have become a commonplace method for user authentication, but many companies choose to offer an additional step (hence, two-step verification). When enabled, 2SV will often require the user to input a one-time passcode that is sent to their registered mobile device via SMS. This ensures that, even in the presence of a compromised password, the account will not allow bad-faith actors to get into an account without also having physical access to the registered phone (or laptops linked to said phone for strong Apple enthusiasts).
(And while we’re here, let us steer you back to an older blog on why you should strongly consider signing up for a password manager).
But after years of simply offering it as an opt-in service, Google will now require it for all accounts.
Those preferring not to receive an old-school text message can also consider downloading the Google Smart Lock app, which sends those verification notifications through a friendlier interface.
Tile to Leverage Amazon Sidewalk on June 14
Last week, Apple released AirTags, its long-anticipated tracking device sure to disrupt the industry that’s largely been dominated by Tile. This week, Tile announced its planned partnership with Amazon Sidewalk will begin next month.
While Tile’s tracking abilities historically relied on other Tile trackers and devices with the Tile app installed, Apple’s AirTags leverage its massive device ecosystem to locate lost items. That’s to say, every single iPhone, iPad, iPod, and MacBook on Apple’s Find My network (an Apple application designed to locate lost items) will be capable of pinging an AirTag to provide the owner with a precise location for their lost item.
Tile immediately criticized Apple for creating an unfair competition, even going so far as to ask Congress to review Apple’s business practices. Tile hopes to make up at least some ground with this upcoming Amazon partnership.
We wrote about Amazon Sidewalk at length in a previous blog post late last year. The project will allow Amazon to enable all of its smart devices (smart speakers, cameras, doorbells, locks, etc.) to create a Bluetooth network of its own. Enabled devices will be able to connect to one another to create a neighborhood-wide network similar to what consumers find with mesh router systems in their own homes, ultimately expanding Tile’s reach from a tracking perspective. Tile said it will be expanding support for Amazon Echo devices that will allow users to determine which Echo device is closest to their missing Tile-equipped item.
Amazon plans to turn Sidewalk support on beginning June 8, with Tile set to join the network on June 14. Amazon-device owners not interested in participating will need to opt out. Guidance on how to do that can be found here.
