AllThingsD » Independent Security Evaluators http://allthingsd.com Sat, 26 May 2012 19:52:25 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 http://allthingsd.com/theme/images/logo-rss.jpg All Things Digital http://allthingsd.com/ 144 22 Tell Me Again How Third-party Apps Will 'Extend iPhone’s Capabilities Without Compromising Its Reliability or Security' http://allthingsd.com/20070723/ddv20070723/ http://allthingsd.com/20070723/ddv20070723/#comments Mon, 23 Jul 2007 18:00:01 +0000 John Paczkowski http://digitaldaily.allthingsd.com/20070723/ddv20070723/

[ See post to watch video ]

]]> http://allthingsd.com/20070723/ddv20070723/feed/ 0 Tell Me Again How Third-party Apps Will 'Extend iPhone’s Capabilities Without Compromising Its Reliability or Security' http://allthingsd.com/20070723/ddv20070723-2/ http://allthingsd.com/20070723/ddv20070723-2/#comments Mon, 23 Jul 2007 18:00:01 +0000 John Paczkowski http://digitaldaily.allthingsd.com/20070723/ddv20070723/

[ See post to watch video ]

]]> http://allthingsd.com/20070723/ddv20070723-2/feed/ 0 iPhone to Support Third-Party Security Exploit Applications http://allthingsd.com/20070723/iphone-exploit/ http://allthingsd.com/20070723/iphone-exploit/#comments Mon, 23 Jul 2007 16:30:25 +0000 John Paczkowski http://digitaldaily.allthingsd.com/20070723/iphone-exploit/ header.jpgHere’s an unintended, but perhaps inevitable, corollary to the iPhone’s success: the proof-of-concept security exploit. Researchers at Independent Security Evaluators have discovered a vulnerability that could give an attacker unfettered access to an iPhone, with administrator privileges, and they have written a bit of code to demonstrate it. “In our proof of concept, this code reads the log of SMS messages, the address book, the call history and the voice-mail data,” the ISE team explains. “However, this code could be replaced with code that does anything that the iPhone can do. It could send the user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.”

The vulnerability, which can be exploited by an attacker-controlled WiFi point or Web page, hasn’t yet been reported in the wild. And Apple’s working on a fix for it. That said, we’re certain to see others in the months ahead now that the iPhone has been proved vulnerable.

“Anything as complex as a computer–which is what this phone is–is going to have vulnerabilities,” Johns Hopkins professor Avi Rubin told the New York Times. “The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back.”

Added Steven M. Bellovin, a professor of computer science at Columbia University, “It’s not the end of the world; it’s not the end of the iPhone. It is a sign that you cannot let down your guard. It is a sign that we need to build software and systems better.”

]]> http://allthingsd.com/20070723/iphone-exploit/feed/ 1