July 23, 2007

iPhone Wi-Fi Vulnerability

These guys found a vulnerability and then crafted an exploit via the wi-fi connection and Safari. If Safari is going to the platform of Apple's choice for 3rd party app development, perhaps there is a bit more work to be done.

My favorite quote from the page describing the work.

Does this add credence to Apple's position that 3rd party applications are not allowed on the iPhone for security reasons? We don't think so. Almost all of the security engineering effort on the iPhone seems to have been spent protecting the revenue model, rather than protecting the user (which is, of course, an entirely understandable position). For example, a constrained environment is used to prevent users from loading new ringtones onto the phone, but the applications are not run in a constrained environment to contain damage caused by hackers who exploit them."

Nice "pre-Blackhat / starting the company up and looking to hire" marketing move too. NYT gets the scoop even those surprised that it only took three weeks.

Posted by Abner on July 23, 2007 11:03 AM

Recent Entries
iPhone's SIM Locks: Hardware vs. Software vs. Lawyers
Even (or especially) contests could use a security review
Vendors Responses: Voting Machines and the Pwnie Awards
Dude "Security Rocks"
iPhone Wi-Fi Vulnerability
Harry Potter Security
iPhone Hacking & Fustrations
Let the iPhone Hacking Begin
Geer heads to Washington, Again
This Just In: DRM still doesn't work
Phishing meets Internet Advertising
How long to unlock the iPhone Operating System?
Predictive Markets For Politics
The Irony of Phone Security Google Ads
Why Biometric Fingerprint Readers Are A Waste
How to Blag an Interview
Yet another Boston marketing flub
MAC vs. Vista Security
The latest in physical security
Data Loss Archive
Guerrilla Marketing Backfires in Boston
NY Times on the "Market" For Software Vulnerabilities
Not marketing security, marketing *during* security