The PhD may be impressive, but the "under the employ of the NSA" simply demonstrates he'd sell his soul to anyone. 🙂 So who's he selling his soul to now?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Firm Reveals iPhone Vulnerability
- Thread starter j/k/Andy
- Start date
- Sort by reaction score
The PhD may be impressive, but the "under the employ of the NSA" simply demonstrates he'd sell his soul to anyone. 🙂 So who's he selling his soul to now?
Let's try to tone down the blind apple loyalty.
If you read the article, you'd see these people aren't particulary anti-apple and realistically toned down the long term implications. But that doesn't exclude the fact that this appears to be a real and serious issue which will likely be patched by Apple before August 2nd.
arn
No, that is not a "big difference". Besides: which company wrote the software (OS X) that has this bug? I believe the name starts with "A" and ends with "e".
PowerFullMac
macrumors 601
OS X seems to have started attracting more hackers, I think we are lucky it was researchers and not black hat hackers who discovered this.
You think flaws in phones are a new thing? They're not, they just usually don't make important news headlines.
That said, wonder if this will change Apple's schedule for the next update.
I have just found a new way to take control of YOUR iPhone!!!
Ship it to me along with your passcode if you have set one up!
Seriously though, I heard on the radio this morning that the company was paid by Apple to exploit the iPhone.
Ship it to me along with your passcode if you have set one up!
Seriously though, I heard on the radio this morning that the company was paid by Apple to exploit the iPhone.
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3)
What's with calling this "fake" or suggesting MS is paying this firm off? They OWN iPhones just like many of us. I'm sure they have the same concerns as I do.
This exploit is pretty minimal in the grand scheme of things. Two issues though:
1. iPhone users shouldn't think their super phone provides security above and beyond a trek or blackberry, and also realize this device will be highly targeted.
2. The NYT and media on the whole will misreport and exaggerate stories luke this to generate fear and negative buzz about the most hyped consumer electronic device of this century. I heard this story on the radio then pulled up MR and kinds chuckled. Insecure wifi APs open you up? Following strange urls even from trusted contacts without proper explanation is a bad practice? Some of this is personal security 101
What's with calling this "fake" or suggesting MS is paying this firm off? They OWN iPhones just like many of us. I'm sure they have the same concerns as I do.
This exploit is pretty minimal in the grand scheme of things. Two issues though:
1. iPhone users shouldn't think their super phone provides security above and beyond a trek or blackberry, and also realize this device will be highly targeted.
2. The NYT and media on the whole will misreport and exaggerate stories luke this to generate fear and negative buzz about the most hyped consumer electronic device of this century. I heard this story on the radio then pulled up MR and kinds chuckled. Insecure wifi APs open you up? Following strange urls even from trusted contacts without proper explanation is a bad practice? Some of this is personal security 101
I read the article and the PDF. I would say they do not come across as particularly anti-Apple. However, they do come across as particularly touting a Microsoft party line. The claim the reason Apple's Mac OS X is more secure (when compared to Windows)i s only because it is on fewer computers. While there may be some truth to that as a factor, that's a sentiment that directly reflect Microsoft's propaganda campaign and its' touted without any qualification. The article also mentions add-on style security measures similar to those used by Microsoft and doesn't mention other sensible security-by-design steps that Apple does take (at least on the desktop), that make these other measure less important.
So, I imagine they found some vulnerabilities. However, often times the tactic is to tout these huge security holes which hit the press hard. Then in a month when it comes time to put-up or shut-up, the press has already forgotten about he whole ordeal and the PR hitmen, can simply slink back into their hole.
Finally, the last claim seems to be a big tipoff If they're actually injecting javascript code to use as a audio-recorder and sending voice over the network connection as an exploit (a javascript exploit), why don't they ship these apps, because their are a lot of iPhone users who have been clamoring for these features.
WildPalms
macrumors 6502a
So, I'm looking on the website, looking for other examples of exploits exhibiting this companies work....and I'm not seeing it. I see a couple of blurbs from CEO's and mission statements...but no other exploits that this company has found.
Strikes me that this company is using the iPhone and this 'so called' flaw as a vehicle for cheap self promotion.
I think this says a lot, considering the source. Wildpalms' theory (above) also seems to be a strong possibility.
They are?
Do you know for a fact that they are wrong in making such a claim? No you do not. So how can you question their claims, since you do not have any hard facts to back up your own viewpoint?
So they and Microsoft share a common viewpoint on some issue, it automatically means that "they are touting Microsoft's party-line!"? By same logic: since Hitler was a vegetarian, and Steve Jobs doesn't eat meat either, does that mean that SJ is "touting Hitler's party-line"?
Well, in recent years Microsoft HAS been improving the security of their software at the design-level as well, as opposed to just bolting on firewalls and antivirus-tools.
So you are saying that their findings are genuine? So what are you complaining about then? Because they make Apple look bad? because they said something partially unrelated that you disagree with?
rdrr
macrumors 6502a
There may be an update coming soon, but I betcha it will be a security fix only, and not an enhancement/bug fix.
macnews
macrumors 6502a
Unlike other "hacks" in the past how this was posted (i.e. contacting Apple first, not telling other people how to do it when you posted and seems to not just bash Apple rather go out of there way to defend Apple - comment about protecting the revenue model) I think these guys are for real and just trying to make the iPhone better and safer for everyone.
I find it interesting the same hack potential exists in Safari on OSX and Windows. This is all good to know and I hope it does get fixed soon. Also notice they will plan on releasing details of how they did this. Not all hackers have been so willing to do so, often leaving out key details which only serves to seriously question if the hack really exists (i.e. the "wireless" hack - was it just third party wireless or did they ever prove this works on the built in wireless?)
I find it interesting the same hack potential exists in Safari on OSX and Windows. This is all good to know and I hope it does get fixed soon. Also notice they will plan on releasing details of how they did this. Not all hackers have been so willing to do so, often leaving out key details which only serves to seriously question if the hack really exists (i.e. the "wireless" hack - was it just third party wireless or did they ever prove this works on the built in wireless?)
dejo
Moderator emeritus
Isn't it considered better etiquette to wait a period of time for a response from the notified (i.e Apple in this case) before making any public announcement? We don't know when they first notified Apple but I find it hard to believe Apple has been given ample time to respond before this vulnerability was publicized.
Yeh you're right, Apple has just been holding out on adding additional features, waiting for a Security issue to get them going. 🙄 The issue would be addressed and that's it.
Peace
Cancelled
This sounds more like a Safari vulnerability than the iPhone specifically.
Still serious but fixable.The quicker Apple fixes it the better off they are going to be.This report is spreading like wildfire and I'd guess has caused some people to not purchase one.
[edit]
This is the reason I am personally opposed to Apple doing web 2.0 apps.They are asking for trouble with this vulnerability being web based.Put out a iPhone Dev kit Apple !!..
[/edit]
Still serious but fixable.The quicker Apple fixes it the better off they are going to be.This report is spreading like wildfire and I'd guess has caused some people to not purchase one.
[edit]
This is the reason I am personally opposed to Apple doing web 2.0 apps.They are asking for trouble with this vulnerability being web based.Put out a iPhone Dev kit Apple !!..
[/edit]
Cleverboy
macrumors 65816
😡 Wow. I love my iPhone, but when I commented on the last security problem, it seemed that the most interested response was from somone trying to *downplay* the problem... for no clear benefit either. 😕 It was clear to me then, that if Apple wasn't looking for this type of problem, then there's probably many other things one could do. I was tempted to actually do a test run on a series of things I could imagine to be insecure (based on the fact that the existing bug hadn't been caught, so related exploits might not be either), but I had better things to do. Apple needs to update this, or its all downhill on security from here. 🙁
NOTICE TO iPHONE APOLOGISTS: Don't make excuses. Say NOTHING if you can't stop dismissing serious problems. Understand what FUD is. It's not "real problems", its fear and doubt surrounding nothing. It's clear the existing exploit was not "NOTHING"! Downplaying the problem only encourages people to make a much more damaging headline to have it taken seriously.
~ CB
fastbite
macrumors 6502a
Yes, it is spreading like mad. And anybody desiring a new angle to criticize the iphone will be feeling pretty happy. So the sooner they sort it out the better.
The fanboy-ism on these forums sometimes astound me. It's really amazing to me that some people on here really cannot find or *refuse* to find *ANYTHING* wrong (or potentially) wrong with Apple and their products.
Absolutely amazing. GET YOUR HEAD OUT OF THE SAND.
w00master
Absolutely amazing. GET YOUR HEAD OUT OF THE SAND.
w00master
Everyone knows that Apple and their products are not perfect. There is just no flaw that is so significant that it would merit this type of attention.
In this society, the only thing people like to see more than a company reaching it's zenith, is to see it fall.
No, it's just that once a "flaw" is mentioned for *any* Apple product, there are people that come out of the Macrumors woodwork and cry that there is some sort of incredible conspiracy.
Sorry, but I just don't see a "conspiracy" in this instance, and it's something that Apple *should* fix, and their users to recognize the importance of security which *many* on here continue to deny.
w00master
Don't worry, I'm sure Apple has already fixed the issue and we'll get the update soon. As of now, it's not an issue unless you are within WiFi range of this hacker's location. Besides, it's been reported that Apple paid them to do this anyway.