Mac And iPhone Security Issues Mounting - InformationWeek
IoT
IoT
Government // Mobile & Wireless
Commentary
7/30/2009
01:10 PM
Jake Widman
Jake Widman
Commentary
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Mac And iPhone Security Issues Mounting

New ways to break the iPhone's security and reports of new Mac exploits should serve as a warning to Mac-based businesses not to become complacent.

New ways to break the iPhone's security and reports of new Mac exploits should serve as a warning to Mac-based businesses not to become complacent.The annual Black Hat technical security conference is going on in Las Vegas this week, and just like every year, some enterprising security experts have shown up with demonstrations of security flaws in Apple products. We should probably pay attention.

The demonstrations are usually proofs of concept that never seem to actually get exploited in the wild. It may seem that the experts are like the hackers who cried "wolf" -- but if you remember how that story ended, it wasn't a happy outcome for the sheep or the boy.

This year, security researcher Dai Zovi showed a way for hackers to take control of Safari and steal encrypted data. But more worrying is his prediction that as the Mac market share grows and hackers start targeting them, Macs will prove to be more vulnerable than we've come to expect. Reuters quoted Dai Zovi as saying, "There is no magic fairy dust protecting Macs."

His prediction is seconded by Charlie Miller, who wrote The Mac Hacker's Handbook. He said, "[Apple's security efforts] are advancing. Our concern is that they are just not advancing as fast as they are gaining market share."

Black Hat also saw the demo of a method of taking control of an iPhone by sending malicious SMS messages. The vulnerability was discovered by the same Charlie Miller, who said "SMS is an incredible attack vector for mobile phones. All I need is your phone number. I don't need you to click a link or anything."

And last week, two researchers posted a video on YouTube demonstrating how easy it can be to break the encryption and retrieve the passcode an on iPhone 3GS -- the same encryption that Apple describes as "highly secure."

The takeaway here isn't that Macs and iPhones are particularly vulnerable. It's that they aren't as invulnerable as we Mac users, who've never had to confront serious attacks on our machines, have come to expect. Don't assume your sheep, I mean your Macs, are safe just because the previous warnings didn't pan out.

Update: Apple has since released a free patch that supposedly fixes the SMS vulnerability. At the same time, there are new warnings out of Black Hat about, basically, SMS phishing.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll