| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the easy access to Airplane Mode in Apple's Control Center allowing hackers to exploit iOS devices has happened within the same organization, Apple. The incident occurred with the release of iOS 7, where the Control Center feature made it easier for hackers to turn on Airplane Mode from the lock screen, providing them with the time needed to break into the device and change Apple ID passwords [22395].
(b) The software failure incident related to the security vulnerability in Apple's Touch ID fingerprint sensor allowing for fingerprint spoofing attacks has implications beyond Apple's products. The security researchers at German firm SR Labs warned that creating a spoofed fingerprint to open the handset is a relatively simple process, requiring only an image of a latent fingerprint and some equipment. This vulnerability could potentially affect other organizations using similar fingerprint sensor technology in their devices [22395]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article [22395]. The security researchers at German firm SR Labs highlighted a flaw in Apple's Control Center in iOS 7. They pointed out that the easy access to Airplane Mode from the lock screen could give hackers the extra time they need to exploit a device. This design flaw in iOS 7 allowed hackers to effectively take the device offline by turning on Airplane Mode without needing to unlock the device, providing them with the time to break into the device and change Apple ID passwords.
(b) The software failure incident related to the operation phase can also be observed in the same article [22395]. The misuse of the Control Center feature in iOS 7, specifically the easy access to Airplane Mode from the lock screen, allowed hackers to exploit the system. By turning on Airplane Mode, hackers could prevent the owner from remotely wiping the device or tracking its location, giving them the opportunity to break into the device and change passwords. This misuse of the system's functionality contributed to the security vulnerability exploited by the hackers. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the article is primarily within the system. The vulnerability in Apple's Control Center in iOS 7, specifically the easy access to Airplane Mode from the lock screen, is a flaw within the system that allows hackers to exploit the device [Article 22395]. Additionally, the potential attack on Apple's Touch ID fingerprint sensor is also an internal system vulnerability that could be exploited by creating a spoofed fingerprint [Article 22395]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in the article is related to the ease of access to Airplane Mode in Apple's Control Center in iOS 7. This feature allows hackers to effectively take the device offline, giving them the time needed to exploit the device without human intervention. The vulnerability introduced by the easy access to Airplane Mode is a contributing factor introduced without human participation [22395].
(b) The software failure incident occurring due to human actions:
The software failure incident in the article also involves human actions, specifically the actions of hackers who exploit the vulnerability in iOS 7's Control Center. The scenario described involves a hacker stealing an iPhone running iOS 7 and actively using the Control Center to turn on Airplane Mode and change Apple ID passwords to prevent the owner from accessing the device. These human actions contribute to the failure by taking advantage of the vulnerability in the software [22395]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The security researchers at German firm SR Labs demonstrated how the easy access to Airplane Mode in Apple's Control Center could give hackers the extra time they need to exploit a device [Article 22395].
- The researchers also warned about potential attacks on Apple's Touch ID fingerprint sensor, indicating that creating a spoofed fingerprint to open the handset is as simple as snapping an image of a latent fingerprint with another device and using some equipment to complete the job [Article 22395].
(b) The software failure incident related to software:
- The software failure incident in this scenario is primarily due to the design flaw in iOS 7, where the easy access to Airplane Mode from the lock screen allows hackers to effectively take the device offline and exploit it [Article 22395].
- In iOS 6, Airplane Mode was not easily accessible from the lock screen, indicating a software design change in iOS 7 that introduced this vulnerability [Article 22395]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. Security researchers at German firm SR Labs demonstrated how a hacker could exploit the easy access to Airplane Mode in Apple's Control Center in iOS 7 to effectively take the device offline and prevent the owner from remotely wiping it, giving the hacker time to break into the device and change Apple ID passwords [Article 22395]. Additionally, the researchers highlighted potential new attacks using Apple's Touch ID fingerprint sensor, indicating that creating a spoofed fingerprint to open the handset could be done easily with the right equipment, allowing unauthorized access to the device [Article 22395]. These actions demonstrate a deliberate intent to harm the system and compromise user security. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions is evident in the article. The security researchers at German firm SR Labs highlighted how the easy access to Airplane Mode in Apple's Control Center in iOS 7 could potentially harm users by providing hackers with the opportunity to exploit the device. This design decision to allow Airplane Mode access from the lock screen without authentication could lead to unauthorized access and compromise of the device's security [22395]. Additionally, the researchers pointed out potential vulnerabilities in Apple's Touch ID fingerprint sensor, indicating that the implementation of this feature could also introduce security risks if not properly designed and tested.
(b) The intent of the software failure incident related to accidental_decisions is not explicitly mentioned in the article. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as security researchers at German firm SR Labs discovered vulnerabilities in Apple's iOS 7 Control Center and Touch ID fingerprint sensor. They demonstrated how easy access to Airplane Mode in Control Center could allow hackers to exploit devices by turning them offline, preventing owners from remotely wiping them. Additionally, the researchers highlighted the potential for creating spoofed fingerprints to bypass the Touch ID security feature, indicating flaws in the design and implementation of these features [22395].
(b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article. |
| Duration |
temporary |
The software failure incident described in the article [22395] can be categorized as a temporary failure. The security researchers highlighted specific vulnerabilities in Apple's iOS 7, particularly related to the Control Center and Airplane Mode accessibility, which could potentially allow hackers to exploit the device. They demonstrated how the easy access to Airplane Mode from the lock screen could give hackers the time needed to break into the device and change Apple ID passwords, preventing the owner from accessing it. This vulnerability was introduced with the new features in iOS 7, indicating that the failure was due to contributing factors introduced by certain circumstances but not all, making it a temporary issue. |
| Behaviour |
omission, other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and stops performing its intended functions.
(b) omission: The software failure incident can be categorized under omission. Hackers exploit the easy access to Airplane Mode in Apple's Control Center to effectively take the device offline, preventing the owner from remotely wiping it or tracking its location [22395].
(c) timing: The software failure incident does not involve a timing issue where the system performs its intended functions but at the wrong time.
(d) value: The software failure incident does not involve the system performing its intended functions incorrectly.
(e) byzantine: The software failure incident does not exhibit a byzantine behavior with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident is related to security vulnerabilities that allow hackers to exploit the system's features to gain unauthorized access and control over the device [22395]. |