|Home » Learning Curve » Red Hat Diaries
iPhone and Full Disclosure
Are you fat, dumb, and happy?
The people at Hackint0sh (along with JLJ) are certainly working overtime. They're not about to crack the 1024-bit RSA key but they say they've got other ways to get in. And they've published several tools used externally to activate the device and interact with it.
One of the most worrying things has been the discovery ordinary applications are running as root. Apple could in theory come forward and respond to the concerns but that's not their way of doing things. But if they embraced full disclosure a lot of people would sleep a lot better at night.
There's no arguing that 'security through obscurity' offers any advantages. Unix is basically a full disclosure system and it's proved impossible to make any inroads into it. On the other side of the fence sit Redmond with their proprietary code and their system is a total mess beyond repair.
But researchers are going to have to answer their own questions regarding the iPhone - and there are many questions left to be answered. Such as why passwords aren't shadowed; why the root account has a password at all; what function the 'mobile' (admin) account plays; or which applications are owned by root and which are admin owned but set UID. And above all: 'why'.
DSL Reports founder Justin Beech sums it up nicely.
If the iPhone has no higher level hypervisor built in that is watching and blocking key file changes within the OS and if it is true that everything on the iPhone runs as UID 0, the iPhone is less secure than any standard OS X Mac. If someone finds the right kind of crash in the browser, mail or SMS client then crafting the right web page, mail message, or SMS message could install a program that looks for more iPhones and we have the first widespread iPhone virus.
The iPhone, portable as it is from WiFi network to WiFi network, is potentially more exposed to network risks than a standard home Mac sitting happily behind a secured NAT router. I take my evil iPhone into a large WiFi café or airport hotspot and the probabilities are (or will be shortly) there is another iPhone user on 192.168.1.something.
Another poster in the same thread expresses what a lot of people are thinking.
The deafening silence when one mentions mobile device security is a bit distressing. Only when there is a big, ugly, and public exploit will there be a drive to retrofit security. Right now it's a few enterprise ITSEC people who are essentially voices in the desert.
In the meantime, the industry and users will continue on fat, dumb, and happy with their cool new phones that they've loaded with sensitive information.
Effective UID: 0
iPhone and the Media
iPhone OS X System Architecture
iPhone: A Bit of This, A Bit of That
iPhone Bootloader: Hackint0sh Progress Report
Thanks to Devon at Pixel Groovy for the excellent artwork.