Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Investigating the iPhone

When Apple's iPhone was released at the end of last week, not only were purchasers lined up to get their hands on the device, but security researchers were keenly awaiting physical access to the device.

It didn't take long, with what appears to be a recovery system image posted to a number of sites within a matter of hours of the release of the iPhone. Initial analysis of the files has provided clues about the internal setup of the phone (assuming the files represent an accurate firmware image). The presence of low level accounts (admin and root), along with passwords for them came as a minor surprise. Password recovery tools quickly allowed recovery of the underlying passwords.

Those discoveries are a major assistance to web security researchers on both sides of the fence. Web security researchers sat up and took closer notice after Steve Jobs announced at the recent WWDC that third party developers will be able to develop applications for the iPhone by creating 'Web 2.0' style applications that iPhone users are able to access using the Safari browser on the phone.

Observing what sort of vulnerabilities continue to be discovered for desktop browsers, it is only going to be a matter of time until someone discovers a vulnerability that will allow for complete access to all of the data on the iPhone. Already researchers are busy looking at ways that can be used to access the information stored on the device.

Researchers who are focussed on the network that the iPhone connects to have disclosed that in order to access voicemail across the network a password is not required, merely a valid Caller ID. Guidance on addressing the situation has also been released, which should be followed by all iPhone holders.

Initial analysis of the network traffic coming from the iPhone has raised some interesting possibilities and similarities to OS X, and it is likely that there are going to be some significant results to come from this approach over coming weeks.

The next couple of days are likely to see activation cracks released, according to one group looking at the code, and it is reasonable to assume that arbitrary execution code will only be a matter of weeks away (at most).

2 July 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.