Updating your iPhone is like doing your taxes. You just gotta get it done.
On Wednesday, Apple released iOS 9, the latest version of the code that powers iPhones and iPads. It has new features like better battery life, advanced search functions and enhanced transit information in its Maps app.
The reason to update, however, is two key security improvements: stronger pass codes and additional security for logging in. As an enticement, it works with any iPhone or iPad made in the last three years. And it’s free.
Apple’s users should jump at the opportunity. Like desktops and laptops, smartphones are vulnerable to all sorts of hacks. Nearly all devices powered by Google’s Android software, for example, could be taken over by hackers who send a simple text message.
Still, just 11 percent of Apple’s users downloaded iOS 9 the first day it was available.
The low number is a harsh reminder of how annoying software updates can be. They’re often buggy, sometimes wrecking key functions like cellular connectivity and email reliability. Customers are already complaining that iOS 9 is causing their apps to crash. It’s as annoying as paying Uncle Sam every April.
By the first weekend the update was available, things were picking up: The download rate, Apple said, had surpassed 50 percent.
The road that shouldn’t be taken
Choosing not to upgrade leaves you vulnerable. Hackers often examine updates to figure out what’s wrong with older versions of the software, and then take advantage of users who haven’t upgraded. The result is that important data on phones — banking information, photos, fantasy football lineups — is left open for pilfering. Hackers could even turn on the microphone and listen in on you.
So far, we’ve been lucky. There haven’t been any major hacks involving smartphones, but security researchers say we should still be diligent.
Consider the disclosure in July of the Stagefright flaw by mobile-security company Zimperium. The flaw, which a researcher found in the software that powers Android smartphones, would let hackers insert malicious programs through a text message. Nearly all the billion Android-powered smartphones sold in the last year could be vulnerable, and it’s hard to tell how many will ever receive a fix.
It’s not just Google devices; Apple’s iPhones have also had flaws. For instance, an update Apple sent in August fixed among other things six flaws in the system that displays Web content on all browsers in an iPhone or iPad. And on Monday, Apple removed from its App Store a number of apps, created with counterfeit software, that contained malware.
Like all security flaws, these holes don’t turn into a problem until a hacker writes malicious code that can take advantage of them. But there’s a vast amount of these malicious files, called exploits, that security experts don’t know about.
“It is unquestionable beyond any shadow of a doubt that running the latest and greatest of anything is what you should be doing,” said Christopher Budd, who specializes in communicating about cybersecurity threats for security-software maker Trend Micro.
Installing a software update is more appealing now, isn’t it?
Sure, hackers generally have a much easier time on your Web-connected computer, where they can get your trusty laptop to silently download malicious software without even telling you.
That’s why the discovery of the Stagefright flaw in Android phones in July was so scary. If more flaws like that appear in smartphones, hackers will have a much easier time sneaking into your phone.
Security experts like Jon Marler, who helps make cybersecurity products at Trustwave, have yet to witness a major smartphone attack. That’s not to say it couldn’t happen; the flaws are there to abuse, he said, hackers just don’t think they’re yet worth the effort.
“As there are more and more mobile devices,” Marler said, “I think that will change.”