Home
More Commentary
Get news delivered to you
BYTE Categories
BYTE Newsletter
Keep up with all the BYTE News and Reviews

Subscribe
Larry Seltzer

Larry Seltzer


Commentary

In Apple We Trust, Blindly

Comments | Larry Seltzer, BYTE | September 26, 2012 03:00 PM

Category: Tablets, Smartphones

In August there was a security story in the news about a vulnerability in the Apple iOS iMessage handling of SMS text messages. The vulnerability itself was not trivial, but there was more to the problem than just the vulnerability: It raised the issue of the opacity of Apple's protocol security.

If you use iMessage for a while on an iPhone you notice that it mixes actual SMS text messages and purely IP-based iMessage instant messages in the same message window. The vulnerability allowed the sender of an SMS text message to an iMessage user to spoof the name of the source. This might seem relatively minor, but it could be a major element of a larger, more sophisticated social engineering attack.

Apple actually recommended that users use iMessage instant messages instead of SMS as a workaround, as if that's a solution for people who don't have iOS devices. But why should we trust iMessage? Just because Apple asserts that iMessage is a secure protocol? We can't trust that unless the protocol is documented and challenged.

This approach is old news for Apple. In his keynote at the 2010 WWDC, Steve Jobs introduced FaceTime (that segment begins at 1:29:22). At 1:36:44, he talks about the standards used in FaceTime and declares, "We're going to take it all the way. We're going to the standards bodies starting tomorrow, and we're going to make FaceTime an open industry standard." Apple never followed through on this, nor has it been seriously challenged on it.

FaceTime is an infamously-closed system, unavailable to other networks for interconnection. To open it up Apple would have to document at least some interfaces or conform to standards. That's not the Apple way.

Cryptographer Matthew Green expressed these concerns well in a blog around the time of the iMessage vulnerability disclosure. The gist of his post is that iMessage is really important. Lots of people use it and rely on it and assume it's secure. But we don't know and we can't know. The same goes for FaceTime.

The Apple Way, sad to say, seems to be to resist openness. One day this will likely blow up and users will suffer more than Apple.

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+:



Related Reading

News

Commentary

Most Popular

On the Web

More Insights

White Papers

More >>

Webcasts

More >>


Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

BYTE encourages readers to engage in spirited, healthy debate, including taking us to task. However, BYTE moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. BYTE further reserves the right to disable the profile of any commenter participating in said activities.

COMMENTS
Tune In to BYTE
Facebook Twitter LinkedIn Newsletter RSS
Whitepapers
whitepaper
CIO Strategies for Consumerization: The Future of Enterprise Mobile Computing
In this paper you will learn the five trends shaping the future of enterprise mobility. Learn how the rise of social media as a business application, the lurring between work and home, the emergence of new mobile devices, the demand for tech savvy employees and changing expectations of corporate IT will fundamentally change the workplace.
whitepaper
Media Tablets in the Enterprise
In a survey of more than 1,700 information workers (iWorkers) in North America, notebooks, desktops, and smartphones were found to be “must-have” devices, while tablets, slates, and netbooks were relegated to “nice-to-have” status, according to a commissioned study conducted by Forrester Consulting on behalf of Dell and Intel.
Sponsored by: Dell
Upcoming Events
  • Supporting your BYOD Program with Mobile Enterprise Services
  • Build, Run and Manage Cross-Platform Mobile Apps with a Mobile Application Platform
  • Mobile DevOps - Handling Platform Sprawl
  • App Development for a Multi-Platform Environment that Won't Break Your Back or Budget
  • 2013 Social Media Analytics Best-Practices


    • More Webcasts>>