Feeds

Will the iPhone be iPwned?

The dark lining to Apple's silver cloud

Providing a secure and efficient Helpdesk

Yet, the hip consumer technology company has done a credible job with security.

For one, Apple turned off as many non-essential services as possible, minimising the software surface area that could be attacked by malicious code. The stripped-down version of Safari, known as MobileSafari, allows very few files types, making it harder to attack. In addition, Apple has quickly produced a patch for the vulnerability found by ISE, releasing an update for the phone on Tuesday. The patches are easily installed through iTunes, making it less likely that people will be carrying phones vulnerable to older flaws.

The iPhone's restrictions on installing non-Apple software can be seen as a security feature as well, as long as the protections make it difficult to create programs for the phone, F-Secure's Hyppönen said.

"From the attacker's point of view, it is a hard device to attack, because there is no SDK (software development kit) - it's a closed system," he said.

Moreover, while the minimalist phone has found favour, the total number of users is still small. AT&T announced earlier this month that 146,000 iPhones had registered with the wireless service in the first two days - a strong showing but short of rosy analyst estimates (registration required) that predicted numbers as high as 500,000. Apple stated in its earnings that the company had shipped 270,000 iPhones during those two days.

Because most attackers target the largest possible population of victims, the iPhone is likely not worth the effort for truly malicious attackers, Hyppönen said.

"The installed base is really low - only a few hundred thousand," he said. "If you attack other phones, such as Symbian phones, you get millions of possible targets."

Yet, if Apple's estimates for sales of the iPhone pan out, the device will only become more appealing. The company aims to sell one million phones by the end of this quarter and ship 10 million by July 2008.

Finally, some researchers question whether compromising an iPhone would gain anything of value for the attacker. While some countries in Asia use cell phones to connect to bank accounts, that is seldom heard of in the United States. And the other data on the device is not necessarily worth stealing, said David Goldsmith, president of security firm Matasano.

"I don't think the attack model of breaking into machines and stealing MP3s is convincing," he said.

Sitting near the Black Hat Security Briefings registration area on Tuesday, Miller agrees.

"There are a lot of other things to worry about right now than my iPhone being hacked," he said.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.