Many of us in the tech world watched the iPhone 6 and iOS 8 debut a couple of weeks ago, eager to see what Tim Cook could cook up and which new features and functions would soon render last-generation iPhones obsolete. At the same time, those in the music world were shocked by U2's surprise announcement that the band was also dropping its new album, Songs of Innocence.
Those who use any version of Apple's iTunes were extra shocked when the album appeared in their iTunes and all synced devices. No permissions required, no warning — it was just there.
The reactions across social media ranged from feelings of hilarious frustration to serious violation. The ensuing fallout made it clear that nobody was amused by the unsolicited "gift" — as Sasha Frere-Jones aptly noted, "Lack of consent is not the future."
The inescapable reality we're left to face is one in which software providers continue to push automatic updates on us until there is either a change in regulations or widespread outrage. Though this innocuous infiltration of echoing dad rock generated plenty of the latter, it was hardly a big enough deal to cause the former. Still, it's a great opportunity for us to pause and ponder the question you never thought you'd ask: "Did I just get hacked by Apple?"
The answer: It's complicated.
The company definitely put something in your iCloud without your explicit permission. It wasn't a malicious maneuver, but it was an unprecedented move by a hardware and software provider — and now, there's a chance such a move could now be imitated by hackers riding the coattails of an authenticated "forced download" in the future or creating and distributing their own mock versions. The U2 download debacle has highlighted the perils of automatic updates in third-party software.
Whether hackers find a way in through iTunes in your employees' phones or by building phony automatic updates into the background processes of third-party apps, the risk these backdoor shenanigans pose to your company is real. Perhaps we should be grateful to Apple and U2 for reminding us that the security of third-party applications is a complicated issue, and that automatic updates are one item on a growing list of risks to manage in third-party software. Without a comprehensive program screening all applications in your network, you could end up with much worse than free Irish arena rock you never wanted to listen to.
Photo Source: Flickr