(Page 2 of 2)
The ability to run any code is significantly different from "jailbreaking" a phone, a term used when the owner of a phone breaks the security locking that device to a particular provider or operating system, because it requires physical access to the device, Miller says. "Jailbreaking is, you have your own phone, you have it in your hand, and you want to do something to make sure you can put nonsigned code on it," he says. "You own the device, so you can do certain things to it."
In fact, at the CanSecWest Conference in March, Miller, Alvarez, and other researchers realized that attacks that work on jailbroken phones would not work on regular (non-jailbroken) iPhones. They had assumed that the attacks they had found on a jailbroken iPhone would work on nonbroken devices. Instead, they found that their attacks would not work.
"Basically, what happened was that everybody made the same mistake, and we all have learned from it," Recurity's Alvarez says. "We used jailbroken iPhones in order to be able to debug."
While the researchers could not come up with any legitimate uses for running unapproved code on the iPhone, Miller stresses that the research is valuable. Like nearly 40 million other people, he carries an iPhone containing work information, personal details, and family pictures. Knowing the limits of the device's security is important, he argues.
"The thing is, I'm pointing out exactly what bad guys can do against the device," he says. "They are likely doing parallel research, except they don't share their results. It is better for everyone to understand the strengths and weaknesses of the security of devices, and make informed decisions about what devices they should use and how they should use them, rather than having only the bad guys know how they work."
Of course, Apple may have already fixed the issue. Later this month, the company will release version 3.0 of the iPhone operating system, and Miller will have to make sure his attack still works.
"With iPhone 3.0 coming out, that might change a lot of this stuff," Miller says.
A new program analyzes iPhone apps and finds the ones that are grabbing your data.
Phones don't have to be smart to be vulnerable.
Many apps collect and share sensitive data, and the developers may not even realize it.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Guest (ronnie.williams)
iPhone Hacks a Real problem !
I am an iPhone user for that last one year, I have gone through all the security phases of this gadget, the first generation firmware 1.1.4 has a lot more security holes an compared to currently running version 3. However one thing remains the same that both can be cracked easily.
I was living in a country where I can’t use iPhone, because iPhone lunched with at&t career service but at that time the web was full of scripts and software to unlock and jailbreak the iPhone and this all works good for me and I used the apple iPhone where apple was not authorized to be used.
Later on when apple launches unlock iPhone, at that time iPhone apps were taking hype and that was the hottest topic of iPhone, people start working to run cracked apps (from Cydia and Installer), later on App store hit the market but I can surely say that iPhone security is not very good. You name any app and I can assure that it will be available on the web to run right away.
At first I need to follow certain steps to crack the iPhone OS to run application synced from iTunes, this was done by changing the permissions of some files in iPhone OS/firm ware, files can easily be accessed through wi-fi. (WinSCP). Now there are websites which offers cracked applications, just download and sync with your iphone to run. There are cracked applications to run directly on your iPhone OR you can change permissions of your iPhone’s firmware files to run original apps.
I think apple should take serious steps to get real benefit out of App Store. A friend of mine told me about some of the security measures taken by Apple at hardware level, which results in compatibility issues to iphone 3g accessories with iPhone 2g and iPhone 3gs.
Reply