Post-launch iPhone security concerns
It’s a little too early to start wondering if, a decade now, you’ll ask your friends, “Where were you when the iPhone went on sale?” But that doesn’t take away from the fact that Apple’s latest and greatest gadget launch was an unqualified success - at least in terms of living up to the hype.
Scammers have also had their turn with iPhone madness, sending out scam emails that download malware or try to acquire financial information from recipients.
The researchers are hard at work as well, taking the iPhone apart and looking for any security vulnerability they can find.
Here’s some post-launch security analysis of the iPhone launch:
“Within hours of Apple’s introduction of the latest version of its Safari browser two weeks ago, the hacking community began reporting bugs they had discovered in the beta code. Today, the iPhone is likely to get even closer scrutiny from many of the same security researchers. Here’s a list of the top items on the typical iPhone hacker’s to-do list.
3. Take a Close Look at iPhone’s Networking Technologies
Because Apple hasn’t previously developed its own mobile phone, there is bound to be lots of new and possibly buggy networking code in the device. “One of the things we’ll look at as well is the new code that will have to be developed for a phone platform,” said Neel Mehta, a researcher with IBM Corp.’s Internet Security Systems division. “With any piece of new code there’s always a risk that there could be vulnerabilities in it.”
- Anand Vardhan, Anand Varhan: Flex Developer, July 2, “A hacker’s to-do list – iPhone”
“Yup. After waiting a day to get the darn thing activated, we found a bug within a few minutes. We are cheating, of course; it’s just the same bug we found earlier on Safari. Also, our Bluetooth fuzzer locks up the device, so that’s an interesting sign. (As we’ve said in the past, we’ll disclose all our bugs to Apple when they publish acceptable vuln handling guidelines).
The thing that interests us most, though, is that we think the iPhone is inherently more secure than competing smartphones (such as those based on Windows Mobile or Symbian). While Apple is slightly behind Windows on the desktop/server (that Samba bug still appears to be unfixed), it’s still light years ahead of the mobile vendors. The mobile market is completely screwed up right now: while carriers know about the widespread vulnerabilities in their phones, the carriers are unwilling to patch them…
At the same time, Apple is going to have the same problem that Windows has. While they may have better theoretical security, they are going to be a bigger target. Hackers know a lot more about breaking into Mac OS X than they do competing platforms like Windows Mobile or Symbian. Thus, even though Apple will patch sooner, they’ll also have more bugs to patch because of increased hacker interest.”
- Robert Graham, Errata Security blog, July 1, “Our first iPhone bugs”
