TechnologyTell

Of security patches and no longer recommending 16GB iPads

Sections: Features, iPad, iPhone OS, SDK and hacks, iPhone/iPod touch/iPad, Opinions and Editorials, Originals

0
Print Friendly

On Sunday afternoon, I backed up my iPad’s contents to my MacBook Air and downloaded and installed the iOS 7.0.6 security update.

Incidentally, if you haven’t installed this update on your iDevice, you’re reportedly hacker-bait due to a serious SSL connection verification security vulnerability that has been identified in both OS X and the iOS. Apple released the version 7.0.6 update patch forthwith to address the issue in iOS 7, but will somewhat alarmingly leave Mavericks unpatched until the OS X 10.9.2 update is ready for release, rumored to be around March 15. I’m not going to do any banking or security critical communication on my Mac until that’s fixed. In the meantime, the iPad is hopefully secure for now with iOS 7.0.6 installed.

One more thing; if for some reason you can’t install the update right away, I tried Chrome as well as Safari before running the update, and with Chrome I got the following response when I loaded a handy test page posted by the gotofailk.com site that allows you to check to see whether your web browser(s) running on iOS 7 and OS X 10.9.1 are vulnerable. The test site checks whether your browser verifies the signature on the ServerKeyExchange SSL/TLS message. The test page URL is https://gotofail.com.

Chrome was okay, but with Safari I got this response:

YOUR BROWSER IS VULNERABLE, PATCH IMMEDIATELY!

An attacker able to actively intercept your network connections (this is possible on most WiFi networks) can freely snoop on you, for example when you log into your bank account. Please check your browser and operating system for security updates and apply them right away. Other apps you have installed probably use the same SSL library and are also vulnerable – simply switching browsers will not fully protect you.

This site works by using javascript to inject a hidden image with event hooks to show the appropriate message depending on whether the image loads successfully. The image is hosted on a web server which has been modified to make its ServerKeyExchange message signatures invalid. The invalid signature will cause the connection to abort when the signature is checked, provided that the signature is actually verified.

After installing the system update, I got this reassuring message when I tested Safari:

gotofailSorry for the lengthy digression. I thought it might be useful.

Anyway, when I backed up my iPad contents to the Mac, I discovered that about half the free space that was open on the 16GB SSD the last time I checked (sometime last fall) has been eaten up by mostly apps, and I only have 3.6 GB left free. It’s a bit of a mystery, since I haven’t been downloading a lot of new apps, but I have been keeping up with updates, and I’m guessing that the disappearing space phenomenon may be attributable to increasing bloat in app software—perhaps as more apps are optimized for Retina displays.

Whatever, this development has changed my plan to upgrade to a 16 GB iPad Air. Obviously, since I’m not likely to load the next iPad more lightly than this one, it would be foolish not to go with at least a 32 GB unit, which of course will be $100 more expensive (or, to be precise, CAN$115 more here in sales tax benighted Nova Scotia where I live). It takes the shine off the $150 gift certificate I got when I bought the MacBook Air on Black Friday last November.

ipadairrmini

On the other hand, my gamble three years ago to go with a 16GB iPad 2 paid off, as I haven’t yet entirely filled its memory, and don’t anticipate I will before I upgrade and hand the iPad 2 off to my wife, who can delete a lot of my app collection and has modest storage needs.

Actually, even my storage demands are relatively modest, since I don’t have large image or music collections, and don’t download movies or TV shows onto my iPad. Consequently, if my guess about app code bloat is correct, it’s pretty hard to any longer recommend 16GB iPads as a good value, since unlike many Android and Windows tablets, iPads have no option of removable media expansion for data overflow. Yes, there’s the Cloud, and I love Dropbox, but I prefer to have anything worth saving stored on local media, with Cloud storage for synchronization and backup only. One isn’t always within WiFi range, and LTE is an even more expensive solution both in initial cost and service fees.

In today’s context, however, six hundred bucks plus is an awful lot to pay for what amounts to a three-year (or less) “consumable” machine. I appreciate the iPad’s elegant user experience and its satisfying look, feel, and ruggedness, but I find it not a bit surprising that so many folks are opting for substantially less expensive Android or Windows tablets.

0
Print Friendly