What do you get when you attempt to combine rock music, IT security, and corporate (Intel) sponsorship?
These guys found a vulnerability and then crafted an exploit via the wi-fi connection and Safari. If Safari is going to the platform of Apple's choice for 3rd party app development, perhaps there is a bit more work to be done.
My favorite quote from the page describing the work.
Does this add credence to Apple's position that 3rd party applications are not allowed on the iPhone for security reasons? We don't think so. Almost all of the security engineering effort on the iPhone seems to have been spent protecting the revenue model, rather than protecting the user (which is, of course, an entirely understandable position). For example, a constrained environment is used to prevent users from loading new ringtones onto the phone, but the applications are not run in a constrained environment to contain damage caused by hackers who exploit them."
No time for comment other than to say this was a very hard problem that has the nice side benefit of boosting demand for the book.
NPR Radio Story on Harry Potter Security and why it's good for the book.
Bruce Schneier on the scope of the problem.
Reuters Description of Barnes and Noble Security
British Tabloid on the search for a worker at the publisher who revealed book details.
Description of contracts booksellers and libraries have to sign as well as penalties suffered by those who leaked other books in the series.
Picture of security guard with the books.
The iPhone / Harry Potter virus. Designed to attract Google juice?
Additional sites to check out attempts to turn the iPhone into what users want instead of what Apple thinks users want include:
The Hackint0sh iPhone forum
Hackszine lists a couple of early efforts
There is also a wiki of people attempting to port Linux to the iPhone and other such projects. They don't want direct links to the site, but they aren't hard to find if you are looking that way. Their IRC: #iphone @ irc.osx86.hu (reverse engineers only, eh?)
Finally, the iPhoneDevCamp landed all sorts of press coverage, some of it interesting.
Incidentally, I wonder what the return rates are on these phones as customers find out that the iPhone isn't perfect for them.
(I already know of one return. While he's probably not the exact target market and my sample is abysmally small, email on a smart phone should be flawless)
You heard it here first Someone will be running unapproved apps on the iPhone by the end of July. Wired posted a call to arms and this guy is looking for help with USB drivers. Good fun. Unless of course Apple actually went out and hired some real security gurus to render the hardware tamper proof and harden the OS.
Doubtful. No tamper resistant hardware here...nice teardown.
Side note - I only saw one example of a marketing ploy by a security vendor to cash in on iPhone hype: ISS stating the obvious [iPhone hype] "will make the iPhone a definite target"