toggle

AAPL Stock: 112.12 ( -0.53 )

Printed from http://www.macnn.com

App-related bug threatens iPhone security

updated 04:25 pm EST, Tue November 11, 2008

App bug & iPhone security

A bug revealed within the handling of apps on the iPhone could represent a serious security threat, developers claim. The bug is specifically connected to an image file called "Default.png," which is displayed whenever any app is being loaded on an iPhone. While third-party software is limited to a static version of the graphic, Apple's own apps are able to change the file in order to display items such as the date, or a simulated preview. According to developer Patrick Collison, it is possible to fool the iPhone firmware into thinking third-party code should be allowed access to a dynamic PNG file.

The key issue is said to be that in implementing the hack, the iPhone API could be made to think an app comes from a trusted source, and is thereby allowed to access secure areas of the firmware. By linking this with an arbitrary code attack, an iPhone could in theory be made to do virtually anything, a collection of developers is said to be arguing.

It is further worried that a hacker could implement this strategy while bypassing Apple's App Store screening, which has so far been successful in preventing any serious threats. Although much of Apple's efforts appear to be devoted to perceived intellectual property, the company is also invested in technical aspects, such as bugs and abuse of cellular bandwidth.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. lockhartt

    Joined: Dec 1969

    +8

    ?

    This sounds both non-trivial, and unlikely.

    This scenario sound like it would require the app to be distributed ad hoc, which would explicitly limit the threat to begin with.

    Mind you, I'm all for closing off any potential risk... but, as usual on MacNN, the headlines blows this WAY out of proportion.

  1. jhawk95

    Joined: Dec 1969

    +6

    But wait, there's more!

    Developer Patrick Collison has called a news conference for Wednesday, November 12th, where he will not only preview a live demonstration of this possible attack, but will also give details on how EVERY person who owns an iPhone can purchase protection from this possible attack on their phones for the low, low price of just $4.99.

  1. eldarkus

    Joined: Dec 1969

    +3

    could...

    "Could" appears 4 times in this article. and guess what... anything COULD happen folks.

    Correction.. "in theory", anything COULD happen, folks.

  1. macnixer

    Joined: Dec 1969

    +2

    not a real threat

    but percieved that someone at Apple could insert the dynamic png file.

    Moreover social engineering is anyways a scenario that cannot be prevented.

    BTW using the word "hacker" not correct while describing malicious code writer. A "hacker" is a person with extreme programming capabilities directed towards good.

  1. Guest

    Joined: Dec 1969

    -1

    v2.2 fix?

    In 9 days, v2.2 will be released.
    I wonder if this problem will be fixed.

  1. themacjedicali

    Joined: Dec 1969

    -1

    New Guinnea

    PIGS! LOL! Thanks to all the guinnea pigs testing out this phone for me. I wont be able to pay you but I thank you for your time and effort in securing this for both me, and Apple. When I do get an iPhone, hopefully it will be more secure by then! haha just kiddin about the guinnea pig part

  1. sammaffei

    Joined: Dec 1969

    +1

    To themacjedicali

    Playing with daddy's computer again. What a naughty boy...

    Don't you have school or something?

    P.S. By the way, "the prequels" suck. Lucas hasn't done anything good since ROTJ. So there!

  1. themacjedicali

    Joined: Dec 1969

    -1

    New Guinnea

    PIGS! LOL! Thanks to all the guinnea pigs testing out this phone for me. I wont be able to pay you but I thank you for your time and effort in securing this for both me, and Apple. When I do get an iPhone, hopefully it will be more secure by then! haha just kiddin about the guinnea pig part

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented