So a new employment opportunity popped up at Apple’s job listings the other day and Apple is looking for an experienced iPhone Security Engineer to create “proof of concept” attacks on current security mechanisms and provide risk analysis of potential security threats. Basically, Apple needs an iPhone Hacker to prevent future jailbreaks, unlocks, and security breaches.
So if any of you are good at what you do and want to work for the “good guys”, go give it a try. Apple is trying to ramp up security to protect enterprises who are adopting iPhone 2.0 and more selfishly, protect their own App Store from competition ahem Cydia & Installer. Either way, Apple is getting serious about security and the iPhone.
What do you think?
ReadVia
Confession: I use 1Password on the Mac a lot. I just used it to login so I could write this preview. I use it (synced via keychain) to my desktop at home, and I’ve used the various incarnations of the 1Password javascript bookmarklet on the original iPhone 2G. But now they’ve gone native, baby!
Internet security is a a huge concern, and with mobile internet security we ain’t seen nothing yet. Browsers the caliber of MobileSafari make it possible to do our transactions on the go, be it logging into our favorite social network, or doing some emergency banking on the road. But what if we get out of the cab and leave our iPhone behind? If it gets snatched? What if someone else takes possession of the tiny little device with all our precious logins on it?
Read on to find out!
Read the rest of this entry »
When Steve Jobs took the stage at the iPhone SDK Roadmap event, it was with business eyes fixed squarely on market leader RIM’s Blackberry device:
“Why aren’t CIOs really worried about security? Every email message sent to or from a RIM device goes through a NOC up in Canada. Now, that provides a single point of failure, but it also provides a very interesting security situation. Where someone working up at that NOC could potentially be having a look at your email. Nobody seems to be focused on that. We certainly are.”
And so is the Indian government it seems! Engadget sums up the current situation, which seems like it couldn’t have been scripted better for Apple if El Jobso himself held the knife… er… pen:
Apparently the Indian government is demanding that RIM either allow it to snoop on its encrypted email service (or worse, drop down to 40-bit encryption), or shut down the entire Indian Blackberry network at the end of the month. That’ll cut off an estimated 400,000 subscribers…
Unlike RIM’s three-tiered true “push” model that routes everything through the NOC, Apple has licensed Microsoft’s competing pseudo-”push” technology, ActiveSync, which relays mail directly between Exchange servers and the iPhone. This would mean that, rather than simply going after a single manufacturer like RIM to snoop on every user’s email, a government would have to go after every single Exchange server in every single business in the country — a potentially much more complicated and difficult process.
Is this a tempest in a teapot, or should Indian Crackberry addicts be worried? Would government “spying” on email lead you away from a Blackberry and towards an iPhone or even (merciful Buddha) a WinMob device? (Treo bone for completeness).
UPDATE (via Engadget):
Today the Indian government ruled out banning the BlackBerry service. Instead, the government will continue working with the Telecom Commission on security matters
figure 1: Munir Kotadia of ZDNet Australia.
The good folks of MYiTablet found an article from ZDNet Australia where Munir Kotadia lambasts “greedy Apple users” for trusting anyone.
“There is no evidence to suggest that this particular jailbreak utility is at all malicious but how long will it be before copycat sites appear that have less honourable intentions?”
Read the rest of this entry »
figure 1: the “Grand Theft Auto” font is a nice, subtle touch
There’s a story floating around about the iPhone being added to metasploit, which is a system used for making shellcode. Shellcode is code that takes advantage of bugs to run otherwise unauthorized code. Incidentally, the more stories I read about it, the more they all seem strangely familiar.
So what is the eventual impact? Well, it means that the iPhone is going to get hacked, likely by some of the best. If there are crippling bugs in the iPhone (and there are always crippling bugs), expect hackers to find them eventually. It could also lead to better unlocks (the official unlock, even), more secure software, and security software suites (unofficial, of course) for the iPhone. Granted, the other edge of the sword brings identity theft and spying, but like Nietzsche said, you can’t have good without bad. If you think Nietzsche was godless swine, pretend the quote comes from The Facts of Life’s opening song instead.
Apple has posted their first update to the iPhone. As has been expected, it’s a patch for the security issues mentioned previously, though there are five vulnerabilities patched in all. Apple’s security note is posted. You can download the patch via iTunes; the iPhone software will be at version 1.01 when all is finished. If you’ve hacked your iPhone, it’s probably worthwhile to restore, update, and then re-hack. It’s also probably worthwhile to figure out what iTunes doesn’t sync over, as you’re going to lose that data. [via, via]
Bit by bit, information is coming out on how the syncing will work, and what it means to have to activate the iPhone before you can use it.
First, AT&T’s return policy has changed: you now only have 14 days to try it out (it used to be 30 days). There’s now also a 10% restocking fee for a return. Don’t worry, though; the contract breakage fee ($175) is still the same if you miss that 2 week deadline. We knew the phone was going to be locked, though it’s a surprise that it may be locked to one SIM card.
Second, you’ll have to activate an AT&T plan before you can even use the iPod functionality of it. Crazy! Without a worth-$3000 2 year plan, that purchase is just a $499 or $599 pretty little brick. Hopefully it will reduce the reasons to steal them. It’s going to be a hot little thing in my pocket, that’s for sure.
The IBM research team is pretty sure that the iPhone will be targeted by hackers and malware. However, they think it will be a very secure device. Choice quotes:
“It’s going to be challenging for the bad guys to exploit them like they do other [smart phones]
….
A lot of these attacks are going to be very hard to launch against the iPhone.”
[via]
