|
23 October 2007 12:57 by Rich "vurbal" Fiscus
| 9 comments
Security experts are comparing the iPhone's security to that of Windows 95, which is to say it has none. "It really is an example of 'those who don't learn from history are condemned to repeat it'," says Dan Geer, vice president and chief scientist at security firm Verdasys.
The problem according to Charlie Miller, principal security analyst for Independent Security Evaluators, is that every program on the iPhone runs with root priviliges, meaning full access to everything on the phone. A vulnerability in the Safari browser discovered earlier this year by Miller and his colleagues has already been addressed by Apple, but the root permission problem, also criticized in the paper detailing the Safari vulnerability, remains.
Apple has announced plans to release a public SDK so anyone can develop iPhone applications. As part of the announcement, CEO Steve Jobs said there were security issues being addressed in conjunction with the release. Hopefully that means OS updates that resolve this vulnerability. Access to data on an iPhone or its connection to a mobile phone/SMS/data network could be much more than an annoyance for iPhone users and mobile providers alike.
Source: Wired
Permalink to this article
| |
Related articles:
Apple updates Safari to fix security problems (17 April 2008)
Multimedia phones to outsell TVs next year (28 November 2007)
Security analysts warn of QuickTime exploit (25 November 2007)
Apple iPhone firmware broken almost immediately (12 November 2007)
iPhone sales keep booming (21 October 2007)
Apple to open up iPhone (18 October 2007)
Latest iPhone firmware is unlocked (11 October 2007)
Hackers attempt to reverse iPhone update effects (3 October 2007)
Update turns iPhones into paper weights (27 September 2007)
iPhone sales have tripled since price drop (12 September 2007)
Apple patches iTunes bug (7 September 2007)
Apple says iPhone supports third party applications (11 June 2007)
|
|
|
| Discuss this article! |
| WierdName (Senior Member) 23 October 2007 21:15 |
|
|
All I can say it's the security being low is obvious. Giving out root permissions to everything that runs is just asking for a complete compromise resulting in the demise of the device. Just hope that they don't pull a Vista and block root permissions to everything except stuff released directly by the company.
|
| fuxorated (Inactive) 23 October 2007 21:30 |
|
|
Shrug. It's better to take a conservative view like that in this case. Better to block all third party software than to risk infection.
|
| cousinkix (Newbie) 24 October 2007 2:47 |
|
|
Or... Don't buy an over priced I-Phone that work only on the AT&T network in the first place. The warranty is no good, if you hacked the damn thing; so that's it works with a different company's system...
This message has been edited since posting. Last time this message was edited on 24 October 2007 2:48
|
| duckNrun (Member) 24 October 2007 3:14 |
|
Actually it wouldn't be surprising to see that this vulnerability in the iPhone was actually a feature meant to benefit apple. They have already released a firmware update and bricked numerous phones from the first or second wave of phone buyers. Now at a point later IF you want you phone to be secure you will HAVE TO update it. This will mean bricking all the phones 'liberated' since the last bricking. I can see some suit... oops some kahki (since it's apple lol)... figuring this was a good ploy to help maintain that the phone is used the way they say it should be-- which means apple receives it planned residuals instead of the phone being unlocked and thus not tied to apple apps or AT&T.
The question is will a customer who was/is/or will be bricked go out and buy a new iphone and play by the Jobs rules or will they say screw it and buy a different phone? If that consumer already had signed up for the AT&T service though it means apple wins either way due to the cell service contract residuals from their contract. |
| borhan9 (AfterDawn Addict) 24 October 2007 17:33 |
|
|
This is crazy does this now mean that we have to get anti virus software for the phone i guess Norton's is out of the question due to the fact it being a resource hog :P
|
| WierdName (Senior Member) 25 October 2007 1:29 |
|
Originally posted by borhan9:
This is crazy does this now mean that we have to get anti virus software for the phone i guess Norton's is out of the question due to the fact it being a resource hog :P
LOL. Mcafee is way out of the picture too. And I can see it already: "AVG iPhone Edition"
EDIT- "if" to "is"
This message has been edited since posting. Last time this message was edited on 26 October 2007 20:31
|
| plazma247 (Newbie) 25 October 2007 15:12 |
|
|
|
| pryme_H (Senior Member) 26 October 2007 8:50 |
|
I am dumbfounded by the remarkable sales of this product depsite the endless complaints about security, lack of 3G and the inadequate support for third party apps. Great! Now, Apple can develop their own AV for the iPhone and profit from that one too! It makes you wonder sometimes who crafts viruses, is it the people who sell the cure?
Whatever's clever...
|
| duckNrun (Member) 26 October 2007 14:09 |
|
lol @ AVG iPhone and Norton comments.. and COULD Norton really make a piece of software that could function with only 4 GB of memory to suck up? It would be like dialing:
555 [popup] out of memory error (/popup}
;-)
Apple could probably go to the Goodwill and buy up all the used underwear, slap a logo on it and sell it as iBriefs for $45 and make a killing. And the hole in the crotch would not be a bug but a feature for easier access your private-I (lol)! |
|
|
Latest newsLatest news from AfterDawn.com.  Syntax-Brillian, maker of Olevia HDTVs, files for bankruptcy
9 Jul, 2008 | 3 comments Apple Canada punishing Rogers over iPhone 3G?
8 Jul, 2008 | 4 comments Milliamp offers 1 day iPod Touch battery replacement
8 Jul, 2008 | 5 comments SomaFM's streaming radio available on the iPhone
8 Jul, 2008 LightScribe DVDs now available in color
8 Jul, 2008 | 11 comments DreamStream clarifies: no MPAA endorsement
8 Jul, 2008 | 7 comments New Zenith DTV converter features analog pass through
8 Jul, 2008 | 1 comment Pioneer to begin offering Blu-ray recorders
8 Jul, 2008 | 1 comment Nero passes 5 million downloads on AfterDawn
7 Jul, 2008 | 11 comments LeapFrog's new handhelds offer educational gaming and web connectivity
7 Jul, 2008 | 7 comments Sony to release PS3 firmware update 2.41 this week
7 Jul, 2008 | 37 comments Italian music file-sharing forum shut down
7 Jul, 2008 | 4 comments
More news...  Search for headlinesSearch through our news archive. Latest threadsRecently updated
discussion threads.
More... Last week's most popular software downloadsMost popular devicesLast week's most popular devices in our hardware section. More products... Top linksMost popular links - Blasteroids.com
Download game trailers, demos and more - TorrentReactor.Net
The most active torrents on the web - Digital-Digest
Latest DivX, XviD, DVD, Blu-Ray, HD DVD News - OpenSubtitles.org
download DivX subtitles from the biggest open database - CDRInfo.com
The Hardware Authority - DVDHelp.us
DVD help, tutorials, FAQ, and very popular free help forum! - Torrentreactor.TO
The most active torrents on the web - Digital-Forums
Discussion about Video Encoding, Blu-ray, DVD, (S)VCD, Hardware & Software, Consoles, etc..
|
Post your comment
DVD Shrink v3.2.0.15
Nintendo Wii
Directv R15
Sony PlayStation 3 60GB
Sony PlayStation Portable
Nokia N95
Retroshare for Linux (Ubuntu) v0.4.10a Development release