Turning Phones Into Computers Means They'll Have Computer-Like Security Issues
from the hack-me dept
A security expert claims that he's managed to remotely crack the iPhone. All that's required to pull off the crack is to get the user to visit a specially-crafted website that exploits vulnerabilities in the iPhone's Webkit-based web browser. Once the iPhone has been cracked, the attacker has complete control over it, including the ability to download the user's email and voicemail, and even to surreptitiously activate the iPhone's microphone and transform the iPhone into an eavesdropping tool. It's scary stuff, and it illustrates an important point about the iPhone and other smart phones: as our phones get more and more computer-like capabilities, they're going to face more and more computer-like security problems. And that means that phone manufacturers and users will need to be more aware of the risks of security breaches and take appropriate precautions. In this case, it appears that Apple's choice to lock out third-party applications has actually backfired. Because all of the apps on the iPhone are written by Apple, they apparently all run as the "root" administrative user. That means that there's no attempt to protect the phone from a misbehaving application. As soon as you compromise one application, such as its browser, you've cracked the whole phone and can do anything you want with it. That's in contrast to Mac OS X, which typically runs applications as a non-privileged user, giving the OS an added layer of protection in case an application gets compromised. Had Apple designed the iPhone as an open platform from the ground up, it's likely they would have paid more attention to the iPhone's security model, limiting the damage that one rogue application could do. Presumably, with the announcment of a third-party development platform for the iPhone, Apple is hard at work implementing those kinds of security precautions. But this isn't a threat that's amenable to a quick fix. Apple and other smartphone developers are going to have their work cut out for them trying to add new functionality to their products without exposing their customers to new security threats.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
iPhone a Trojan Horse For Government Surveillance?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Falling into the 'root' trap
[ link to this | view in chronology ]
Only a matter of time
[ link to this | view in chronology ]
Very old news
http://www.forbes.com/security/2007/08/04/iphone-apple-mac-tech-cx_ag_0804miller.html
[ link to this | view in chronology ]
Apple patched this in 1.1.2, and and if you want to stay on 1.1.1, you can use a jailbreak that fixes the flaw behind itself, or use a third party application to fix it.
Is it news if you take a well-publicised flaw that's already been patched and attach a payload to it? Or is it just someone capitalizing on the fact that most people don't read past headlines?
[ link to this | view in chronology ]
Not if they are going to require the applications to be code-signed by Apple to run, as has been indicated.
[ link to this | view in chronology ]
Wrong Headline...
After all, haven't we heard that if you just buy a product from Apple instead of the evil-MS Empire you don't have to worry about viruses, spyware, and/or trojans? I hope this helps stop the common belief that one particular setup is immune from this c*ap.
[ link to this | view in chronology ]
How many people just want a cell phone to call som
[ link to this | view in chronology ]
Re: How many people just want a cell phone to call
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Turning Phones Into Computers Means They'll Have C
It's happening on the iPhone now, it's going to happen on Macs in the future. Anyone who thinks otherwise is delusional.
[ link to this | view in chronology ]