AfterDawn: News

iPhone criticized by security community

Security experts are comparing the iPhone's security to that of Windows 95, which is to say it has none. "It really is an example of 'those who don't learn from history are condemned to repeat it'," says Dan Geer, vice president and chief scientist at security firm Verdasys.

The problem according to Charlie Miller, principal security analyst for Independent Security Evaluators, is that every program on the iPhone runs with root priviliges, meaning full access to everything on the phone. A vulnerability in the Safari browser discovered earlier this year by Miller and his colleagues has already been addressed by Apple, but the root permission problem, also criticized in the paper detailing the Safari vulnerability, remains.



Apple has announced plans to release a public SDK so anyone can develop iPhone applications. As part of the announcement, CEO Steve Jobs said there were security issues being addressed in conjunction with the release. Hopefully that means OS updates that resolve this vulnerability. Access to data on an iPhone or its connection to a mobile phone/SMS/data network could be much more than an annoyance for iPhone users and mobile providers alike.

Source: Wired

Written by: Rich Fiscus @ 23 Oct 2007 12:57

• Previous article

• Aggressive HDTV pricing expected for Christmas

• Next article

• Global piracy outfit taken out by Nintendo

• 9 comments

• WierdName

  All I can say it's the security being low is obvious. Giving out root permissions to everything that runs is just asking for a complete compromise resulting in the demise of the device. Just hope that they don't pull a Vista and block root permissions to everything except stuff released directly by the company.

  23.10.2007 21:15 #1

• fuxorated

  Shrug. It's better to take a conservative view like that in this case. Better to block all third party software than to risk infection.

  23.10.2007 21:30 #2

• cousinkix

  Or... Don't buy an over priced I-Phone that work only on the AT&T network in the first place. The warranty is no good, if you hacked the damn thing; so that's it works with a different company's system...

  24.10.2007 02:47 #3

• duckNrun

  Actually it wouldn't be surprising to see that this vulnerability in the iPhone was actually a feature meant to benefit apple. They have already released a firmware update and bricked numerous phones from the first or second wave of phone buyers. Now at a point later IF you want you phone to be secure you will HAVE TO update it. This will mean bricking all the phones 'liberated' since the last bricking. I can see some suit... oops some kahki (since it's apple lol)... figuring this was a good ploy to help maintain that the phone is used the way they say it should be-- which means apple receives it planned residuals instead of the phone being unlocked and thus not tied to apple apps or AT&T.
  
  The question is will a customer who was/is/or will be bricked go out and buy a new iphone and play by the Jobs rules or will they say screw it and buy a different phone? If that consumer already had signed up for the AT&T service though it means apple wins either way due to the cell service contract residuals from their contract.

  24.10.2007 03:14 #4

• borhan9

  This is crazy does this now mean that we have to get anti virus software for the phone i guess Norton's is out of the question due to the fact it being a resource hog :P

  24.10.2007 17:33 #5

• WierdName

  Originally posted by borhan9: This is crazy does this now mean that we have to get anti virus software for the phone i guess Norton's is out of the question due to the fact it being a resource hog :PLOL. Mcafee is way out of the picture too. And I can see it already: "AVG iPhone Edition"
  
  EDIT- "if" to "is"

  25.10.2007 01:29 #6

• plazma247

  http://news.zdnet.com/2422-13568_22-156196.html
  
  haha... nice one.
  
  Thats not really a security hole... so much as a pocket size slab of Emmental.

  25.10.2007 15:12 #7

• pryme_H

  I am dumbfounded by the remarkable sales of this product depsite the endless complaints about security, lack of 3G and the inadequate support for third party apps. Great! Now, Apple can develop their own AV for the iPhone and profit from that one too! It makes you wonder sometimes who crafts viruses, is it the people who sell the cure?
  

  
  
  Whatever's clever...
  

  26.10.2007 08:50 #8

• duckNrun

  lol @ AVG iPhone and Norton comments.. and COULD Norton really make a piece of software that could function with only 4 GB of memory to suck up? It would be like dialing:
  
  555 [popup] out of memory error (/popup}
  
  ;-)
  
  Apple could probably go to the Goodwill and buy up all the used underwear, slap a logo on it and sell it as iBriefs for $45 and make a killing. And the hole in the crotch would not be a bug but a feature for easier access your private-I (lol)!

  26.10.2007 14:09 #9