24-07-07

as foreseen Iphone can be webhacked

http://www.securityevaluators.com/iphone/

 

the real lesson is that any application on any tool can be compromised if it can go on the web without proper protection and limitations and the more functionalities and code you put on a machine the more vulnerabilities you will create.

 

Another lesson is that this iphone seems not to have gone through proper security testing as the exploit was written with the help of fuzzing (tools that attack code to find mistakes) that could be used by the securitypeople from Apple. Fuzzing an application or tool before releasing it in the wild should be standard for commercial firms or bigname opensource operations (with social responsabilities).

 

The last lesson is that this is the first (but not the last one) exploit that gives an active possibility to bring down phone networks (DDOS by SMS), smishing (phishing by SMS), spam in SMS and ID theft. Some have proposed that the phone should be used for identification, payment and authentification for anything from petrol, shopping and access controls. This first hole shows that this would only be acceptable if security tools are installed on phones and phone networks. Or maybe we should just use a small very very stupid phone for that stuff (no java, no music, no games, no internet).

 

Another date to keep in mind is that the exploit will become public the second of august and that we may hope that Apple will release a patch before and that everybody will have it installed before. But what happens with the iphones that have hacked their way around the ISP lockin ? It are the same questions as with websecurity.

16:01 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.