Reading a thread like this is incredibly disheartening. You have a bunch of people who know nothing about the security issues commenting on an absurd post by an alarmist with an axe to grind and a product to sell. Truly representative of the Internet at its worst.

First - the iPhone is incredibly insecure to a determined, knowledgeable hacker. It would be incredibly easy to trick a large number of users with jailbroken phones into downloading a "program" via Installer.app that would immediately own their iPhones. A bit more work could do the same via a webpage. Once the code is on the phone, it runs as root (unlike on your Mac) with full privileges to the entire phone. Any number of Really Bad Things(tm) could then be done to the phone, to the wireless network, to the owner's contact list, etc.

On the other hand, let's face facts. This is a tiny minority of the phone-using population. Why would anyone spend *any* effort on this? For what gain? Especially when there's a huge market of wide-open Windows PCs out there, ripe for the picking? Not to mention that the jailbroken community has been living with this since June and it gets harder to spread viruses with each rev. Common sense indicates that anyone wanting to crack the iPhone would do so sooner rather than later - more visibility and easier to do.

It's called common sense, people. Have you frickin heard of it?

Hmm ... there were a few key assumptions which foster an unfair characterization of the iPhone 1.1.2 firmware. For those who are not familiar I will go through it and explain why a stock 1.1.2 iPhone is fairly secure. The statements made in the article, while they do not explicitly state the fact, do imply that a stock unmodified iPhone running firmware 1.1.2 is somehow a magnet for malware.

First off Apple closed the TIFF bug which allowed an outside agent to gain access to the iPhone protected areas. If your phone has been upgraded to 1.1.2 or came that way to start with *and is unmodified* then that avenue is closed.

If you install third party software on your iPhone you must downgrade the firmware. Once that is done you have in effect bypassed the patch. One the phone is downgraded you can alter it in such a way that when it is upgraded again, the base filesystem is changed and will allow an external agent to gain access to the protected areas again.

If you install third party software on your iPhone it will currently run as root. One should always be careful installing software and make sure you trust the source. Obviously, should you choose to give your house keys to someone , you should trust them not to steal your valuables. One should treat their phone the same way. Getting into the phone that way is a conscious decision, and while it can be labeled "malware", its extremely easy to avoid.

Lastly, it may not be a huge priority for Apple to "lock out" all of the third party applications. It *is* a priority for Apple to protect the iPhone from external programs for which the user does not explicitely grant access. In this case, closing the TIFF loophole certainly is a major step in the right direction.

You won't downgrade your iPhone by accident. Nobody currently can send you to a web page or send you e-mail which will magically take over your iPhone if you are running version 1.1.2 that I know of. Lastly, the speed by which a group can gain access to a device through authorized channels (asking the user to explicitly follow manual steps) is considered social engineering and not part of hardware/software security although it *definitely* is part of a total security solution.

Now ... if the author has an example of malware which can be installed remotely on a stock 1.1.2 iPhone that would be a much more interesting article. Until that time has arrived, definitely upgrade your iPhone to 1.1.2 to fix the TIFF exploit. It is clear that Apple will continue to create and supply patches to its devices for known and documented security issues. I'm not sure that one could ask anything more from them.

> You have a bunch of people who know nothing > about the security issues commenting on an absurd > post by an alarmist with an axe to grind and a > product to sell.

Mr. dogzilla, you are assuming a lot about your fellow readers. But let us have a closer look at what this F-Secure employee really says, according to the original article. He claims that 1.1.2 is a security risk because it could be so easily hacked. I fact the only known way of "hacking" 1.1.2 at this moment is to COMPLETELY erase the OS partition and COMPLETELY replace it by a different one (namely 1.1.1). The analogy is not too far fetched to say that an Intel Mac is inherently insecure because you can install Windows on it. Yes, that would be a security risk but it is hardly a thing that would happen casually.

"First - the iPhone is incredibly insecure to a determined, knowledgeable hacker. It would be incredibly easy to trick a large number of users with jailbroken phones"

So let me get this straight. You're calling us all idiots for debunking the F-secure guy because it's all FUD - and then your only argument to "prove" the iPhone is still vulnerable involves reverting it to 1.1.1?

Are you serious? If you had bothered to read our responses, you would have seen us mentioning iPhones that were on 1.1.2 - NOT 1.1.1. Just like the guy who wrote the article, you have no proof that iPhones on 1.1.2 are vulnerable. Don't tell me that hacked iPhones on 1.1.1 are vulnerable. That's a retarded argument. Prove that iPhones on 1.1.2 are vulnerable, and then we'll have something to talk about.

It's called common sense, Dogzilla. Have you frickin heard of it?

People - EVERY device in the world is vulnerable. Someone could come in my house and hack my microwave to burn everything. A hacker could re-wire my cable box to only get p***. A malicious sneak could short-sheet my bed.

So, we must buy devices to secure all these things against these horrible attacks.

Geesh.

Doofuses.

Currently I am running Wife 2.0 I do fear that Wife 1.0 could come in proximity of Wife 2.0 and a System crash could occur. I do know that Wife 2.0 has much better coding and will come out on top if this rare occurrence ever happened. But I am afraid because I have NOT upgraded my Water Heater to a secure platform and the Plumber may be part of a social engineering plot to gain access to my Hot water and with the terrible coding of Wife 1.0 a cataclysmic occurrence may occur.

I did upgrade my security program (FRONT DOOR KEY) to 2.0.1 and feel fairly secure but someone may have CROWBAR 1.0 and bypass this first line of defense. Good thing I have ALARM 1.0.2 which is programed to make a system call to the security Program POLICE 7.2

In the end if you text "MRG3, The power to crush all other microprocessors." To a hacked iPhone running 1.1.1 it will cause a system wide meltdown and cause the self destruct mechanism to initiate with a 5 second delay.

I have a foreboding feeling that my DVD player (ENTERTAINMENT APPLIANCE 6.2) may get hacked because I have been renting DVD's without first spraying them anti-bacterial spray thus I could be spreading a virus.

Oh noes........ Any suggestions?