Sec. expert: Apple's iPhone security claims 'exaggerated'
updated 11:55 am EST, Fri February 5, 2010
Decries iPhone sandboxing
The iPhone is not as secure as Apple would like people to believe, claims a software engineer and security specialist, Nicolas Seriot. Speaking at this week's Black Hat Conference in Arlington, Virginia, Seriot commented that while the iPhone OS theoretically sandboxes apps in order to restrict data access, the rules in place are "way too loose." Apple should not be claiming that one app cannot access data from another, he emphasized.
Proof of the vulnerability is said to lie with several apps, such as Aurora Feint and mogoRoad, which were initially approved by Apple yet quietly stole phone and e-mail contacts before eventually being blocked from the App Store. Apple's review process can and does miss security problems, Seriot pointed out, and vulnerabilities may only get worse given the increasing appeal of the iPhone as a target for hackers and criminals. Devices can become still more exposed when jailbroken.
A demonstration app created by Seriot, SpyPhone, is said to reveal e-mail addresses, user accounts, Safari and YouTube searches and server information, although not the password. When an iPhone connects to Wi-Fi the app can also learn which networks a device connects to, a person's phone number, and the last call made. Most severe may be location info, which can be pulled from the cache of Maps.
The best solution is claimed to be a firewall, which would notify people whenever potentially dangerous app actions are occurring.
Fresh-Faced Recruit
Joined: Feb 2009
pop-overs and ads
Please stop with the pop-over inks and especially the pop-over ads. It's just a disgusting, invasive practice. This site is better than that (or it always used to be).