July 23, 2007
iPhone Wi-Fi Vulnerability
These guys found a vulnerability and then crafted an exploit via the wi-fi connection and Safari. If Safari is going to the platform of Apple's choice for 3rd party app development, perhaps there is a bit more work to be done.
My favorite quote from the page describing the work.
Does this add credence to Apple's position that 3rd party applications are not allowed on the iPhone for security reasons? We don't think so. Almost all of the security engineering effort on the iPhone seems to have been spent protecting the revenue model, rather than protecting the user (which is, of course, an entirely understandable position). For example, a constrained environment is used to prevent users from loading new ringtones onto the phone, but the applications are not run in a constrained environment to contain damage caused by hackers who exploit them."Posted by Abner on July 23, 2007 11:03 AM