Security Firm Reveals iPhone Vulnerability

[rob@robburns.co]

We actually took it easy on Apple in our interpretation of the white-paper. see this:



There are some kind of damning points from a security perspective. There is no way that Apple should have written every app with admin privileges. That's just stupid.

I'd say that's a rather extreme statement. You do realize every Mac Apple sells ends up with admin privileges by default, don't you? There may be more Apple can do with that, but most of what anyone would care about on the phone needs to have their permissions anyway. It's not really the kind of device for multiple users. And most people aren't even going to password protect the device. So everything that could be stolen would be available from anyone who stole or found the phone. When you hear people talking about needing to lock down the iPhone to security levels below administrator they're not rally providing any constructive advice. Admin doesn't give anyone root access to the phone. It just give someone the user name of an admin. They'd still need to crack the password.

As it's been said before, this sounds like standard buffer overflow exploit (or maybe more hype than anything). Locking down the user account to a non-admin would still have read access to all of the files they're claiming access to.

 

[rob@robburns.co]

...and your "friends" at Starbucks are making backup copies of your private information too....

You should feel really safe!

Are you complaining about T-Mobile WiFi hotspots at Starbucks now? If you don't trust T-Mobile, why would you trust any ISP? I'm not saying you have to trust them, but at that point, all bets are off. Cerainly you can deploy your own servers and peer-2-peer security measures, but this isn't the kind of problem that get wide publicity as a security exploit.

 

[Fairly]

Here's the deal - don't go to random websites that present themselves to you. Simple. I also don't go to dark alleys

If that's OK by you then why leave Windoze?

 

[AidenShaw]

Are you complaining about T-Mobile WiFi hotspots at Starbucks now?

No, "Starbucks" was just a random example of a public hotspot. If Starbucks and T-Mobile are using two-factor authentication and strong encryption, then I apologize for suggesting that one may be at risk while having a tall iced mocha as you surf.

More to the point, I was trying to make fun of the earlier post where it was implied that backing up your data is a security ploy.

It doesn't matter whether *you* backup your data, the more important issue is to make sure that *others* aren't saving your private information as well.

Myself - I use EV-DO whenever possible, and public hotspots as a last resort. Even then, I use a VPN and a SecureID hard token to encrypt everything on the VPN channel (both EV-DO and WiFi). I don't care if someone grabs every packet - it'll be nonsense to them.

It also doesn't matter if someone steals my Windows Mobile phone and/or my laptop. The disks and storage are encrypted, and they'll "brick" themselves after 4 password failures.

 

[Fairly]

I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD.

You're right. They can't be for real. They sound real amateurs to me. Like they use to hang out at MR and all that. Or read yourself.

ISE was founded by Johns Hopkins University professor Avi Rubin. The technical staff at ISE have produced dozens of leading publications in the field of computer security and cryptography. They have won numerous awards including many best paper awards, the EFF Pioneer Award, Baltimorean of the Year, the CRA Outstanding Undergraduate Award, and the MIT Technology Review TR35. The staff includes several Ph.D.s in Computer Science and in Math, as well as Masters degrees in computer science and security informatics.

ISE security analysts have backgrounds that include academia, industry, as well as former employees of the National Security Agency. Several ISE consultants have certifications including Certified Information Systems Security Professional (CISSP), GIAC Certified Forensics Analyst (GCFA), and Red Hat Certified Engineer (RHCE).

Not so much FUD as - what did Howlin' Pelle call it? "A-K-A-I-D-I-O-T"?

 

[Fairly]

Why would this be FUD? Unlike the other recent claims of OS X worms and not to mention the whole Month of OS X bugs debacle, these are "ethical" hackers, disclosing the information to Apple FIRST so that they can issue a fix before releasing the information to the general public.

These kind of independent security analyses actually benefit the end user rather than harm them. There's no FUD here at all. Read their FAQ.

Agreed but for one thing. The "debacle" of MoAB was only a "debacle" because fanboys chose to make it so.

 

[Fairly]

This was bound to happen and shouldn't come as a surprise to anyone - especially not with a complicated device such as the iPhone.

Then you haven't read the PDF. There are security design flaws. Ordinary userland apps run as root, stack, load and heap addresses are not randomised (almost all OSes do this today for obvious reasons) and memory is left both executable and writable - a total no-no. The authors also recommend chrooting all userland apps so they can't get at each other's data.

They also criticize Apple for worrying more about AT&T than security.

 

[Fairly]

It's not a flaw _made_ by Apple. It's a flaw _missed_ by Apple. Big difference.

Then you too haven't read the PDF. Apple made design decisions to not run userland code in userland, to not write-protect executable memory, to not cordon off userland apps and their data from one another, and to not take the rather common precaution today of randomizing addresses. These are not things missed - these are CONSCIOUS decisions. They are "made".

 

[Fairly]

Personally, I think it is fake.

You're right - professors at Johns Hopkins go around making things up all the time.
http://securityevaluators.com/people.html

 

[Fairly]

Stick with major, trusted forums like macrumors.
You'll lead us out of the darkness, Mr. Blue?

 

[Fairly]

Nevermind.

The all-time classic. Title is "Still a Fake" and it's still a fake because despite the impressive resume of the researchers behind the news Mr. Dippo still proclaims it to be a fake. Good thinking, Mr. Dippo.

Do you have any faith healers amongst your many and varied relatives?

 

[rob@robburns.co]

Then you too haven't read the PDF. Apple made design decisions to not run userland code in userland, to not write-protect executable memory, to not cordon off userland apps and their data from one another, and to not take the rather common precaution today of randomizing addresses. These are not things missed - these are CONSCIOUS decisions. They are "made".

A buffer overflow is the exploit. That was not a conscious decision; that was a mistake. The other issues which — I haven't read an independent confirmation of — may be conscious decisions. However, without the buffer overflow, they wouldn't do a hacker any good.

 

[Fairly]

i love my phone

Yes. We know. And yesterday it told us it loves you too.

 

[rob@robburns.co]

No, "Starbucks" was just a random example of a public hotspot. If Starbucks and T-Mobile are using two-factor authentication and strong encryption, then I apologize for suggesting that one may be at risk while having a tall iced mocha as you surf.

I don't know what two-factor authentication is, but tmobile offers an 802.1x connection with strong encryption. Most people probably do not connect that way and they make it difficult for non-Windows users to figure out how. However, even with the tightest security, if your ISP wants to peek in on what you're doing they're free to do so (unless you take other measures like you mentioned).

 

[Fairly]

BTW, I'm sure only .0001% of iPhones would be affected anyway.

So you have inside information that iPhones are configured differently?

They just want to make a name for themselves.

Too true. That's the way of all those Johns Hopkins professors. Always trying to make a name for themselves. There might be one person visiting this forum who has the academic credits to even be poorly compared with them. Most haven't finished high school and most can't spell but you're better than Johns Hopkins professors.

The last to leave the Mac Rumors forums please turn off the lights.

 

[Fairly]

Independent Security Evaluators

Gee, wonder who pays their bills. Someone named Bill perhaps?

Exactly. JHU is totally owned by Microsoft.
http://www.jhu.edu/

 

[defeated]

This particular story appears vague and any vulnerability on Safari is well reported (and soon to be plugged by Apple apparently).

This is the funny excuse I see every apple fanboy use. They always has confidence that apple will "patch this soon". And guess what? Apple is the slowest to patch their security holes.

Did I mention anything about windows, firefox, IE7, etc? Or you guys just always jump out in any situation to bash others, even when we are clearly discussing apple's problem?

 

[Fairly]

Who are these jokers

Why ask when you can find out yourself like anyone else on this board? They're not the jokers but there's definitely a major joker in this scenario.

 

[Fairly]

Also, Safari crashes over nothing, the same site will work fine on one load, then cause Safari to crash the next time.

That's the impossible dream. Browsers are always vulnerable because people can throw anything at them they want. Consider a graphics editor or a text editor you use on your system. Which apps write the files and which apps read them? The same ones. That's not the way the web works.

 

[Fairly]

These "jokers" include Charles Miller, a computer science PHD, formerly under the employ of the NSA. Ahem, and you are, who?

Exactly. LMAO Thanks. That felt good. Haha. Finally.

 

[Fairly]

the "under the employ of the NSA" simply demonstrates he'd sell his soul to anyone.

Oh it does? As eyebye asked - "ahem who are YOU?"

 

[Fairly]

Let's try to tone down the blind apple loyalty.

If you read the article, you'd see these people aren't particulary anti-apple and realistically toned down the long term implications. But that doesn't exclude the fact that this appears to be a real and serious issue which will likely be patched by Apple before August 2nd.

arn

Thank you for injecting sanity into this chicken coop. Some of us might actually sleep tonight as a result. It seems you arrived just in the nick of time. Thanks.

 

[Fairly]

Seriously though, I heard on the radio this morning that the company was paid by Apple to exploit the iPhone.

Not saying it isn't true but no one else is running that story.

 

[Fairly]

However, they do come across as particularly touting a Microsoft party line.

Oh is THAT ever stretching it. Only one person with a "party line" seen around here right now, friend.

 

[Fairly]

Strikes me that this company is using the iPhone and this 'so called' flaw as a vehicle for cheap self promotion.

Good call. I can sense already you're a knower of men and with an incredibly colourful background in academia and the computer security industry. For it was just my thought exactly but you beat me to it: all these millionaire Ph.D.s with tenures and their own books in the libraries and all those fancy parties and BMW's and all that - all they really want to do is make a name for themselves.

But make a name with who exactly? The people in MR forums?