1. sting7k's Avatar
    With all the hoopla surrounding the SMS exploits for the iPhone (and other GSM phones) it has got me thinking about the future of the iPhone. More specifically the iPhone's version of OS X.

    Windows gets a lot of flack for supposedly being full of holes. But a big part of it I always have thought was that when you have ~90% of the market you have a huge target on your back. Hackers are naturally going to target the system that has the highest penetration to do the most damage. Windows has always been that target.

    Smart phones are just now really exploding. While there are still far more WinMo, BB's, S60, etc. phones out there not much attention is paid to them or potential exploits that I remember in years past. Now we have the iPhone. Unlike the others the iPhone is all over the mainstream news almost weekly and not just blogs for the hardcore users.

    We also know that iPhone sales do not seem to be slowing down at all and more and more (as well as iPod Touches) are being sold to business professionals down to probably some very lucky children.

    In the near future the iPhone OS will be very big. Probably 100 million units between the iPhone and iPod Touch pretty soon. With all the attention does anyone else feel that the iPhone OS could be come the Windows of the smart phone world? With more and more focus on the iPhone more and more real hackers will take notice and be looking for exploits. It's probably only a matter of time before more are found or real attacks start against smart phones.

    Thoughts? (Also please do not try to turn this into Windows vs. OS X, as I'm just thinking about the future of the iPhone as it gets bigger and bigger.)
    07-31-2009 12:11 PM
  2. Jeremy's Avatar
    The sms exploit has nothing to do with the iPhone rather all GSM phones regardless of the OS. Nothing is bullet proof. Just the way things go.

    Also keep in mind when you sell 5 million plus phones others will be looking to exploit it any way possible.
    07-31-2009 12:17 PM
  3. sting7k's Avatar
    I know the SMS thing isn't iPhone specific. But as you see the frenzy from it was focused on the iPhone. With more and more focus, users, and hackers out there looking to steal info or launch attacks there are bound to be more holes found some where.

    No one sees a parallel? Pretty much all virus and hack talk for computers is focused on Windows. Now it's going to the iPhone for smart phones.
    07-31-2009 12:54 PM
  4. Jeremy's Avatar
    I know the SMS thing isn't iPhone specific. But as you see the frenzy from it was focused on the iPhone. With more and more focus, users, and hackers out there looking to steal info or launch attacks there are bound to be more holes found some where.

    No one sees a parallel? Pretty much all virus and hack talk for computers is focused on Windows. Now it's going to the iPhone for smart phones.
    I highly doubt that will happen to the iPhone alone. Apple has is locked down fairly well and perhaps the reason for that is them protecting their customer base from things getting out of control.
    07-31-2009 01:02 PM
  5. rrrl17's Avatar
    The sms exploit has nothing to do with the iPhone rather all GSM phones regardless of the OS. Nothing is bullet proof. Just the way things go.

    Also keep in mind when you sell 5 million plus phones others will be looking to exploit it any way possible.
    excpet for things that are actually bulletproof lol
    Last edited by Jeremy Sikora; 08-01-2009 at 02:32 AM.
    08-01-2009 01:53 AM
  6. Jeremy's Avatar
    excpet for things that are actually bulletproof lol
    Regarding electronics and security...
    08-01-2009 02:33 AM
  7. rrrl17's Avatar
    Regarding electronics and security...
    what about the iphone for the army, im pretty sure its bulletproof...
    08-01-2009 02:44 AM
  8. iPhones4life's Avatar
    I reckon windows will step up their game and bring out a remake operating system. It is predictable since 3.0 and 3GS.
    08-01-2009 05:12 AM
  9. chobbs1's Avatar
    Your post beings up a good point. And if the the iPhone becomes a pain in the ___ to own then I'll move to a less targeted platform. But till then I am not going to worry. I am just going to enjoy my phone.
    08-01-2009 10:33 AM
  10. dan_mtl's Avatar
    Short answer YES. Long answer... As Apple achieves continued market success, and dare we say even some good 'ol market dominance all the same problems that Microsoft has endured over the years will start to happen to Apple.

    Apple's current attitude on the matter of Malware, Viruses, Spyware etc is that the design of MAC OSX and by extension the IPhone precludes the majority of Malware from being an issue.

    Lets give Apple the benefit of the doubt and say that OS X is more secure and better than the competition. The problem I see is that even the most secure software is eventually manipulated in such a way as to let some sort of malicious activity to occur. It's simply the nature of the beast. Humans make software, humans are fallible. ergo Software will never be perfect.

    Here is where Apple needs to improve. They must establish a well documented and transparent disclosure and communications strategy. I would be happy to see them copy Microsoft on this one as they have without question made great strides in how to handle disclosures. (maybe not always with expediency of supplying a patch but that is another issue entirely)

    Many people might argue "Apple has the right to handle bugs anyway they please" and fundamentally people who argue that are probably correct. The issue is that if Apple wants to finally establish credibility in the Enterprise and Corporate markets, they need to be open about issues.

    A great example of this was the SMS bug. Sure they showed that the bug was in other devices, but considering how long they knew about this bug, and considering that they released the patch the next day after the bug was publicly discussed, I am disappointed apple didn't make some sort of disclosure before hand. I'm not saying they need to disclose the fine grained details, but they need to acknowledge these kinds of vulnerabilities up front so that before the patch is released organization may take the proper precautions.

    For those who believe that Apple can continue to do it "their way" that's fine. The consequence will be sound corporate rejection of Apple technology.
    Last edited by dan_mtl; 08-01-2009 at 12:50 PM.
    08-01-2009 12:48 PM
  11. gludington's Avatar
    The sms exploit has nothing to do with the iPhone rather all GSM phones regardless of the OS. Nothing is bullet proof. Just the way things go.
    Yes and no. The exploit itself was not iPhone-specific, but, out of the three platforms invovled, the iPhone was by far the most seriously compromised, as it was the only one to easily allow executable code in that space. The others were merely inconvenienced; the iPhone was "pwned."

    Also keep in mind when you sell 5 million plus phones others will be looking to exploit it any way possible.
    That is actually the point. One of the recurring themes at the last few Black Hat conferences has been that OSX is actually not difficult to compromise, and it has been relying upon its low market profile (compared to Windows) as its best defense against attacks. If an attacker does target the Mac, some vectors find less resistance, since OSX does not implement some security measures (earlier conferene specifically mentioned address space randomization, but I think that was added in Leopard), that Linux and even Windows have put in place. Charlie Miller, our favorite Mac/iPhone hacker, sums it up in this article at Ars:

    [Apple is] advancing. Our concern is that they are just not advancing as fast as they are gaining market share
    The iPhone shares many core characteristics with its desktop cousin, but, unlike the Mac, the iPhone is not the marginal player slowly advancing market share but not worth attacking; it *IS* the 800-lb gorilla in the smartphone market in everybody's crosshairs. That position brings a whole new level of security obligations, and Apple will have to step up their game quite a bit to meet that challenge.

    (Not trying to be a doomsayer -- typing this on a Mac, with my iPhone charging, but Apple has some work to do.)
    08-02-2009 01:59 AM
LINK TO POST COPIED TO CLIPBOARD