Monday, July 23, 2007

Hacked to pieces

Even the hackers fell for the hype and got themselves iPhones, and are now busy getting different kinds of code to run on it. Like hello world. Like remote exploits that let you run custom code as root. It seems Apple didn't pay much attention to security at all. I'm sure they saw this coming, but with their limited experience in the field, they didn't get the maths right: 1 (people like to hack their devices, like Apple TV and the iPods) + 1 (the iPhone has lots of wonderful networking features) + 1 (an iPhone will probably contain some sensitive information) = 3 (legitimate users might actually suffer).

It'd be interesting to see how well a Symbian device would stand the test, but I guess they aren't interesting enough to attract competent people like those responsible for the above mentioned hacks, but some things are obviously done much better in Symbian than in MacOS. Like the web browser doesn't run with full privileges. Like the web browser probably can't even access your text messages. Basically, Symbian OS 9 is built with security in mind, like a smartphone should be these days. The iPhone is a smartphone (as in a very smart phone, never mind how people might define it), but it seems to be designed on the assumption that if you're not officially allowed to run 3rd party native code, you won't. Now there's a mistake.

(I don't know enough about the security features of eg. Windows Mobile to talk about that.)

3 comments:

jrc said...

I don't know how it works on the iPhone, but on Mac OS X, the admin user is not the same as the root user, which is disabled by default.

It may be the case that this is a real exploit (not surprising), but legitimate security researchers do not publicize their findings until after the vendor has had a chance to issue a security patch. It seems that these hackers are breaching convention simply to draw attention to their company.

As for Apple TV, I don't think Apple really cares if people hack it or not.

puterman said...

The article didn't actually say "root", but uid 0.

The details of the exploit have not been published, and won't be until August 2nd. The details have been provided to Apple, so that they can fix the bug. When and where legitimate security researchers choose to publish their results have varied a lot over the years. These guys seem to follow the practices that are most common right now. Just giving Apple a few weeks to fix the bug and roll out a new firmware version might seem a bit harsh, but I doubt that a longer period would help much. Any iPhone user who doesn't choose to upgrade his firmware, or who doesn't sync it very often, will be vulnerable.

Indeed, they don't care if people hack the iPod or the Apple TV, because it's not a problem with those devices. With the iPhone, there is, and Apple seem to have made a mistake here.

jrc said...

:(