Apple's Mobile Insecurity

0 views
Skip to first unread message

kwestin

unread,
Aug 28, 2008, 2:31:59 PM8/28/08
to Mobile Portland
Hello All,

Thank you for allowing me present at the last Mobile Portland meeting,
it is great to see such an active group here in Portland focused on
mobile development.

An interesting follow-up to my presentation is the press regarding a
security vulnerability in the iPhone, which makes the password screen
easily circumventable:

http://blogs.zdnet.com/Apple/?p=2198

By clicking the "Emergency Call" button and then the home button twice
you are able to access favorites, which allows access to the address
book, which allows access to email and other contact details, as well
as Safari. This is a great example of a security feature not being
implemented correctly, the process was not fully thought through.
However, passwords on other mobile phones are easily cracked, it is
not just Apple that has the problem. In general, once an attacker has
physical access to the system all bets are off with regards to
passwords, it is only a matter of time before they gain access...of
course not as easy as the current iPhone hack :-)

This will be a bit of a black eye for Apple, hopefully they launch an
update that includes a fix soon and learn from this.

janine

unread,
Aug 28, 2008, 4:06:29 PM8/28/08
to Mobile Portland
A couple of bits of info that didn't make it into that particular
article:

- Apple did find and fix this in version 1.1.3 of the iPhone software,
but the fix apparently didn't make it into the 2.0 version. I don't
know if that makes it better (they found the problem before it was
splashed all over the Internet!) or worse (their release processes
obviously need some work).

- The best workaround I've seen to plug the hole for now is to go to
Settings -> General -> Home Button and set it to "Home". This sets
where double-tapping the home button takes you, and if you change it
to Home then the password lock works as it should.

I'm brand new to this group, so I'll also take this opportunity to say
hello!

janine
Reply all
Reply to author
Forward
0 new messages