IBM: iPhone hype to test handset security
updated 11:40 am EDT, Fri June 22, 2007
IBM on iPhone security
Apple's highly anticipated iPhone -- which recently garnered more than one million enquiries via AT&T's website -- may well attract the attention of malicious users looking to breach the handset's security measures. With so much attention and hype built up around the $499/$599 gadget, experienced crackers are likely to try their hand at attacking the mobile phone, according to IBM. "We've been following it since it was announced," said Neel Mehta, the team lead of advance research group at Internet Security Systems -- IBM's security division -- in an interview with InformationWeek. "It's going to be challenging for the bad guys to exploit them like they do other [smart phones] but there will be a lot of individuals willing to try because of the amount of buzz around it... We've seen some very determined attacks on other mobile phone platforms, like the Symbian platform. A lot of these attacks are going to be very hard to launch against the iPhone."
Hard 2 Attack, Like a Mac
06/22, 11:53am reply
"A lot of these attacks are going to be very hard to launch against the iPhone."
You don't suppose that OSX has anything to do with that, do ya?
wings_rfs
Fresh-Faced Recruit
Joined: Dec 2002
re:
06/22, 12:17pm reply
Or maybe Apple's "Mine" mentality that won't allow much of anything to run on it. The only real known avenue of attack right now is safari.
MhzDoesMatter
Fresh-Faced Recruit
Joined: Jul 2002
OS X
06/22, 12:23pm reply
No, its not because OS X runs on it. If it were, then Apple couldn't possibly argue that the reason not to allow 3rd party apps at this time is because of security reasons.
mhzdoesmatter nailed the actual reason.
testudo
Fresh-Faced Recruit
Joined: Aug 2001
True be told...
06/22, 12:42pm reply
Hacking at the iphone is just like hacking at any other mobile... Let me outline this for you folks:
1) If it makes a WiFi connection, oops I can slip in arbitrary code in the packets. 2) Downloading of email, it displays PDF inline, more code in the PDF to all me to attack. 3) ANY connection between Safari and any other application and from the sounds of it (dial direct from Safari, Steve taunted) I can make a phone number link with malicious code embedded in the URL. 4) Same as above, but with the Google Mapping application. 5) If "apps" (yes even web 2.0 apps) are downloaded and installed then that tells me that I could in theory install a malware program that forces Safari to goto X URL upon opening or other action.
I could easily go on and being that they limited (requested limited) Safari to around 10Mb on downloads, that tells me that one can crash Safari. Now, if Safari crashes do you have to restart the phone or Safari? And I haven't even got into the hardcore hacking at OS level via Bluetooth, GSM data packets, etc.
Boy, I have to admit I am getting excited on getting mine and hacking at it!!!
Worry Some - Secure ALOT! Stainless
stainless
Fresh-Faced Recruit
Joined: May 2005
safari runs in sandbox
06/22, 01:31pm reply
Safari runs in a sandbox so cracking safari won't necessarily give you access to the phone. We'll see when exploits appear, if they do.
chadpengar
Fresh-Faced Recruit
Joined: Oct 2001
Yipes!! testudo is at i
06/22, 02:21pm reply
Mate, you have been wrong so often, why not give up and let IBM's experts do the talking? They just might have a clue!
rjwill246
Fresh-Faced Recruit
Joined: Jul 2003
wow
07/24, 01:27pm reply
First - thank you, testudo, for a good post, they're rare. @stainless - I've had Safari crash on my iPhone(8GB) several times and it never requires a restart of the phone, you just wind up back at the home screen and restart Safari, hit history and go back where you were. Oh rjwill246, IBM has a clue???(can you say 3GHz G5?) next you'll try to tell me that Motorola knew what was good for Apple in the late 90s and early years of the New Millenium... Z
zac4mac
Senior User
Joined: Oct 1999