You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our community, at no cost, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is free, fast and simple, so please join our community today!
The iPhone yet again experiencing criticism over poor security
Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones, hasn't been very impressed with the iPhone's security -- or lack thereof. Mr. Zdziarski has indicated that iPhone OS v3.0 is a bit better when it comes to security, but he says with only a few pieces of readily available freeware you can easily crack it in under two minutes. That news must be concerning for the corporations and government agencies that support the hundreds of thousands of business iPhones Apple says it has sold.
Mr. Zdziarski says the iPhone's security woes are entirely unnecessary and are the result of incompetence. He states, "It is kind of like storing all your secret messages right next to the secret decoder ring. I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security."
His statements stand in stark contrast with Apple Chief Operating Officer Tim Cook's cheerful news that 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones apiece and that multiple government organizations had purchased 25,000 iPhones apiece. Mr. Cook had bragged, "We’re seeing growing interest with the release of iPhone 3.0 and the iPhone 3GS due in part to the new hardware encryption and improved security policies. The phone is particularly doing well with small businesses and large organizations."
Mr. Zdziarski says these entities might be in trouble as the encryption on the phone is so poorly implemented a simple software tool makes it as easy to view encrypted files as unencrypted ones. Thieves could extract live encrypted data from the phone in a mere 2 minutes, and have an entire raw disk image in about 45 minutes. Interestingly, the iPhone itself helps with these tasks – it begins to decrypt data on its own automatically after the extraction process has started.
Corporate users often edit finance spreadsheets and other corporate documents on their phone, as well as using the phone to make transactions with corporate credit cards. All of this information is easy pickings for hackers thanks to the phone's woeful security. Mr. Zdziarski surmises, "If (companies are) relying on Apple’s security, then their application is going to be terribly insecure. Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it’s entirely useless toward security. We’re going to have to go with the old imperative of ‘Trust no one'. And unfortunately part of that is, don’t trust Apple."
Still, some companies say that the risks of deployments are worth it. States Lance Kidd, chief information officer of Halton Company, an industrial equipment provider, which lets its employees use iPhones, "Your organization has to be culturally ready to accept a certain degree of risk. I can say we’ve secured everything as tight as a button, but that won’t be true…. Our culture is such that our general manager is saying, ‘I’m willing to take the risk for the value of the applications.’ It’s like business continuity. You prepare for disasters. You prepare for if there’s an earthquake and the building breaks down, and you prepare for if there’s a crack in [information] security."
Not sure if the article touched on this or not but with Bluetooth being more mainstream than ever...I wonder how much that factor plays into how insecure cell phones in general are since many/most users probably aren't even aware of the open doors they leave behind. Especially for the Apple market since they're usually less tech-saavy and more image-conscious generally speaking (don't get your panties in a bunch Apple fanatics, Apple products ease of use is one of the biggest selling points for the Apple brand).
But, bottom line is, how is the data hacked? Is it if I no longer have the phone in my possession? Having some eavesdropping device near my phone? Or just getting my phone controlled remotely? I don't think windows security is bombproof either but everyone uses it.
It's pretty much complete control from what I have read.
Quote:
According to the researchers, they will demonstrate how to send a series of mostly invisible SMS "bursts" that can give a hacker complete control of the iPhone. That control will include dialing the phone, visiting Web sites, turning on the device's camera and microphone, and more. The hacker will also be able to send more text messages to facilitate spreading the iPhone SMS hack to other iPhones.
Hacker Says iPhone is Incredibly Insecure, "Useless" for Business
