Security Flaw Found That Allows Control of iPhone 176
i_like_spam writes "The NYTimes is running a story about an iPhone flaw that has been found and documented by researchers from Independent Security Evaluators. Attackers were able to gain full control of the iPhone either through WiFi or by visiting a website with malicious code. The exploit will be demonstrated at BlackHat on Aug. 2nd at 4:45pm. Until then, 'details on the vulnerability, but not a step-by-step guide to hacking the phone, can be found at www.exploitingiphone.com, which the researchers said would be unveiled today.'"
Update Deployment (Score:4, Interesting)
The Difference is Responsibility... (Score:5, Interesting)
The Apple community should not in any way, shape or form, harass this group like they harassed InfoSec Sellout. I.S.E. are the good guys and as a 15-year Apple veteran, I give my best to those who are out to help Apple keep security at its tightest on their products and services.
Re:The technical paper is the article (Score:5, Interesting)
Most interesting pieces of information from the article:
Under their suggestions:
I don't see how that'd help on a single-user computer., tho (another of their suggestions) chrooting all the running apps would be a step in the right direction. The researchers are politicians, too:
Translation: Running iTunes in a chroot jail makes the iPhone insecure, because my unicorn says anything done for the sake of AT&T is insecure.
Neat - the interesting thing will be the response (Score:5, Interesting)
One functionality change that _should_ come out of this, though - I would turn off the default behavior of scanning for open networks and asking to join them. It wastes battery power, and the pop-ups for new networks are intrusive. In its place I'd put the AirPort icon in the display full-time (instead of just replacing the EDGE "E" when you are on a WiFi network) and allow quick access from there. I think, altogether, iPhone will be a pretty secure device after the initial flushing out of bugs, but this is a little different from traditional devices. iPhone has a classic desktop OS stripped down into a cellphone, whereas mainstream other devices (Palm, Windows CE, and Symbian) were designed more as cellphone systems (or PDA systems) and scaled up.
(not replacing my iPhone with a Razr anytime soon!)
Re:no wonder they don't allow programming the thin (Score:4, Interesting)
This was a bit tricky but it worked fine on Nokia Series 60 phones an on Sony Ericsson P800 and P900.
I don't think that Symbian managed it in version 8 and 9 to build in a ground up security, because the SDK is huge with thousands of classes.
Re:Duke WAS NOT Apple's fault (Score:3, Interesting)