Impact of Recent Flaw in iOS Devices on Personal Data of Singaporeans

17 Ms Hany Soh asked the Minister for Communications and Information in view of the recent flaw in iOS devices requiring emergency software updates to prevent hackers to seize control of the devices (a) whether the Ministry is aware of reports where Singaporeans’ personal data has been compromised due to this flaw; and (b) what is being done through the SG Digital Office to increase awareness amongst Singaporeans, especially the seniors who are less tech savvy, on the importance of installing software updates on their electronic devices, especially their handphones.

Mrs Josephine Teo: The Member is referring to Apple’s announcement on 17 August 2022 regarding two security vulnerabilities in iPhones, iPads and Macs which, if left unaddressed, could allow attackers to take control of any affected Apple device. These were zero-day vulnerabilities, meaning that they were unknown to the vendors when discovered.

Apple advised that it was possible that these vulnerabilities may have already been actively exploited by threat actors and had since released emergency security updates for users to install. The Cyber Security Agency of Singapore (CSA) has issued advisories to users in Singapore to immediately patch their products to the latest iOS versions.

To date, the Singapore Computer Emergency Response Team (SingCERT) and the Personal Data Protection Commission (PDPC) have not received notifications of cybersecurity incidents or compromises of personal data associated with these security vulnerabilities. The agencies will continue to monitor the situation and will investigate any reported breaches accordingly.

These measures cannot replace good cyber hygiene practices by each of us. Such practices include using strong passwords, being wary of phishing links, and using anti-virus software. It is also important to install software updates on electronic devices promptly, manually or by enabling automatic software updates.

For groups that might be less tech savvy, such as our seniors, the Government has introduced several targeted programmes. CSA launched the SG Cyber Safe Seniors Programme in 2021, to raise awareness and drive adoption of cyber hygiene practices amongst seniors. More than 45,000 seniors have been engaged through pop-up events, webinars and programmes at SG Digital Community Hubs. In addition, as part of SG Digital Office (SDO)’s Seniors Go Digital programme, seniors are taught about cybersecurity risks and tips on how to keep themselves safe online. This includes advising them on the cyber hygiene practices I mentioned earlier.

We can all play our part to improve cybersecurity by being vigilant, practising good cyber hygiene and encouraging our family and friends to do the same. This would go a long way in addressing evolving cyber threats, including the emergence of zero-day vulnerabilities, such as those recently found in Apple’s products. The Government will continue to engage and support groups which need help, to empower them to stay safe and secure online.