The other side of iPhone security

440Forums.com | MacMusic.org | PcMusic.org | Zicos.com | AudioLexic.org

The other side of iPhone security

Wednesday October 10, 2007. 03:33 PM
MacDevCenter

Since the introduction of the iPhone, Apple has been the focus of criticism from many a member of the computing community: keeping the platform closed is an outrage, a Microsoftian move, living proof of the evil that lurks underneath the company’s cheerful facade. Whether you agree with these points or not, one cannot deny Apple has pulled all the strings to indeed keep people out of the iPhone and send a firm message to those who had dared trespass - and I am not even talking about “bricked” iPhones here since knowing whether the side effect of the upgrade was intentional or coincidental is still everyone’s guess. Surprisingly, however, keeping the iPhone closed may be a good thing. Mac OS X and the iPhone’s OS, “OS X” have a lot in common. They’re not quite the same beast but it is a reasonable assumption that they share more than a few common traits. If rumors about the iPhone migrating to Intel processors at some point are true, they will have even more in common. Over the past few weeks, hackers and enthusiasts have given the iPhone’s platform a thorough massage, attempting to break through Apple’s barriers. More often than not, such breaks progress not by unraveling Apple’s attempts at locking things down but rather by circumventing them through the exploitation of some bug or vulnerability in a component of the OS. Mobile Safari and Mobile Mail have come under a lot of scrutiny - imagine creating a (paying, of course!) web page that iPhone users could visit to automatically unlock the phone through the crafty exploitation of an image-based bug. In many ways, unlocking research has turned into security research. Sure, the unlocking community may not be comprised of security experts and their proceeding as far as uncovering vulnerabilities may be hit and miss. Yet, for as long as evident exploitable vulnerabilities will exist in Mobile Safari and OS X, Apple won’t be able to keep the platform really locked down. Not all vulnerabilities are exploitable, that is for sure. Contractually however, could Apple justify ignoring a potential means of unlocking even if no exploit yet exists? Only their own lawyers know but I guess this is a chance they would prefer not to take. Since the locking people seem insistent on catching up with the unlockers, one can only hope they will be given incentive to look into these security vulnerabilities and give a couple nudges to those in charge. If a patch is written for OS X, one can only hope that it will be written for Mac OS X too, even if that means waiting for a WebKit update. In the end, our Macs may end up being a smidge more secure thanks to the iPhone. (And let us not forget the launch of the iPod touch and its predictable trickling down the iPod lineup can only accentuate the crowds’ desire to break into OS X, pushing the phenomenon further.) Idle speculation? Wishful thinking? Watchathink?

	Read more at MacDevCenter
	www.oreillynet.com/mac/blog/2007/10/the_other_side_of_iphone_secur_1.html?CMP=OTC-13IV03560550&ATT=The+other+side+of+iPhone+security