Friday, July 27, 2007

iPhone iCracked, iHacked, iJacked

That's interesting. Get in through the wi-fi and browser. (Who wudda ever thunk that?)
And an interesting quote, too. Looks like they have Apple's number. (Microsoft in drag. Only smaller. Hippy geeks versus the nerdy geeks(?) but these days it's all corporate.)

Does this add credence to Apple's position that 3rd party applications are not allowed on the iPhone for security reasons?
We don't think so. Almost all of the security engineering effort on the iPhone seems to have been spent protecting the revenue model, rather than protecting the user (which is, of course, an entirely understandable position). For example, a constrained environment is used to prevent users from loading new ringtones onto the phone, but the applications are not run in a constrained environment to contain damage caused by hackers who exploit them.
That's a really nice example to support the point.

Are these people for real, though? These look like names that I would have made up.
Who are you guys?
We're Charlie Miller, Jake Honoroff, and Joshua Mason, members of the software security team at Independent Security Evaluators, an information security consulting firm. Matt Green, Avi Rubin, Sam Small, and Adam Stubblefield were also involved in the project. If you're good at doing this kind of analysis, we're hiring.

No comments: