Contact Info

sean [at] coreitpro [dot] com gpg key

Mastodon

sc68cal on Libera

The iPhone & The Coming Storm

About a week ago, a security firm came out with a report about the iPhone and some security vulnerabilities.

Rixstep initially covered it here, though further articles are being written as the situation unfolds.

Essentially, the iPhone runs applications as UID 0, meaning that it is running as “root” and has the ability to access everything on the system. A more technical brief has been written by Rixstep as well. Anyway, the meat of the subject is that if you have Safari crash when visiting a website, you can run code that can gather up your personal data and transmit it.

Pretty nasty stuff.

What dissapointed me was the reaction of the “Mac Community” on MacRumors.com, a popular mac user site.

"anaknipedro" - I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD. "Dippo" - If this "virus" is for real, then it could be considered a 3rd party app. So then it should be possible to run other 3rd Party apps on the iPhone. Maybe it is good news in disguise. Personally, I think it is fake. "Maui" - Anything with the word "iPhone" in it is going to get tons of press. It is the price for Apple's hyper-successful marketing campaign. "TheNumberOneFan" - they could say anything and us die-hard apple fans would go on using our phones "and years of studies have shown that the iPhone, when used for prolong periods, leads to an acute case of melanoma with common symptoms of explosive diarrhea..." i love my phone

Fitting user name.

"33scottie33" - This vulnerability is stupid just like the rest that will come after this one. BTW, I'm sure only .0001% of iPhones would be affected anyway. If the iPhone was not so popular, we would not be having this discussion. They just want to make a name for themselves. "ajhill" - Independent Security Evaluators Gee, wonder who pays their bills. Someone named Bill perhaps? Never trust any group that tries to tell you that they are independent in the title of the organization. Who are these jokers, and is this as SERIOUS as the Duke University denial of service attack that the iPhone wa supposedly responsible for, that later turned out to be a Cisco router problem. And still they attack Apple Inc. All the way up to $300/share and beyond... "PowerFullMac"OS X seems to have started attracting more hackers, I think we are lucky it was researchers and not black hat hackers who discovered this. "iAmLegend" - Yeah...I'm not worried about this. Now back to playing with my amazing iPhone "WildPalms" - Strikes me that this company is using the iPhone and this 'so called' flaw as a vehicle for cheap self promotion. "fastbite" - Yes, it is spreading like mad. And anybody desiring a new angle to criticize the iphone will be feeling pretty happy. So the sooner they sort it out the better. "33scottie33" - Everyone knows that Apple and their products are not perfect. There is just no flaw that is so significant that it would merit this type of attention. In this society, the only thing people like to see more than a company reaching it's zenith, is to see it fall.

The scary part is that these are the “smartest” quotes. There are some real gems if you care to look

The problem is that these are people that don’t truly understand the significance of what is going on. Their first assumption is that it’s just a PR stunt or an “anti-apple” site funded my Microsoft. Then they resort to questioning the technical abilities of the authors of the report. Then they finally just dismiss it.

Naturally I got all bent out of shape about it, because you shouldn’t have people that don’t get what’s going on just spreading “counter-FUD”