View Single Post
Old April 11 2010, 06:33 PM   #4
Lieutenant Commander
Defiant's Avatar
Location: Washington, DC
Re: What can the iPad be used for?

The Stig wrote: View Post
The only sucessful hacks in the wild for iPhone OS-based devices are based on a vulnerability created by jailbreaking the phone/device and not changing the root password. That's hardly Apple's fault and it's more than a little disingenuous on your part to portray it otherwise. Android, on the other hand, has actually suffered a legtimate phishing attack from its own Android Store, the fault for which lies entirely at Google's feet due to their hands-off policy on apps published to the store.

While jailbreaking an iPhone does make it wide open, I have had an expert in iPhone forensics in our Task Force demonstrate several unpublished vulnerabilities of the iPhone. I have seen them for myself.

Even worse is the capability of certain "benign" apps such as "whoshere" to give away way too much information. It makes social engineering through Apple's "blessed" apps way to easy, and I have investigated child exploitation cases where these "saf" apps have been used for nefarious purposes.

And god forbid anyone get hold of your iPhone physically, because every deleted text, email, chat, and even VOICEMAIL is retrievable, if it hasn't been overwritten.

Apple has simply chosen "Security through Obscurity," which is not a valid way to keep info secure. Once the mechanisms are understood by a particular hacker (which they are in the black and gray-hat communities), or (better yet) if you can get hold of the phone for a few minutes (such as at a border crossing), it's game over.

"Either he's dead, or my watch has stopped!"
-Dr. Hugo Z. Hackenbush, MD, PhD, RFD, MC, PDQ, BYOB
Defiant is offline   Reply With Quote