When communications are critical, don't hook up to a network or you'll get hacked... that's all there is to it.
Would I ever own an iPhone......?
Now where's that old analog popcorn maker of mine?
Posted on 07/23/2007 9:04:40 AM PDT by fight_truth_decay
The Skinny: Team Of Computer Security Consultants Says They Can Take Control of Your iPhone
It didn't take long. The iPhone has been hacked, according to the New York Times. A team of computer security consultants said they could take control of a person's iPhone through a WiFi connection or by tricking users into going to a Web site that contains malicious code.
Although Apple built considerable security measures into the device, according to Charles Miller, the main analyst for the firm, "Once you did manage to find the hole, you were in complete control."
So far, there's no evidence that the flaw has been exploited, and the firm generously offered to sell Apple a plug-in to fix the leak. Which would ease our worries completely, except Miller is described as "a former employee of the National Security Agency," and we all know how hesitant that agency has been to spy on American citizens.
| "..except Miller is described as "a former employee of the National Security Agency," and we all know how hesitant that agency has been to spy on American citizens"-Keach Hagey, CBS, The Skinny. |
Miller from the firm, Independent Security Evaluators, holds a doctorate in computer science. Miller recently demonstrated the hack to a reporter by using his iPhone’s Web browser to visit a Web site of his own design. The site injected a bit of code into the iPhone that then took over the phone. The phone was said to promptly follow instructions to transmit a set of files to the attacking computer that included recent text messages — including one that had been sent to the reporter’s cellphone moments before — as well as telephone contacts and e-mail addresses. Miller says he has "generously offered to sell Apple a fix". Wired.Com (Video of Hack in Action)
CBS hack, "what's his name", take on the top news found no need to further include Miller's academic/bio credentials, only the fact Miller "was a former employee of the NSA", belonging to "the firm" and a "spy on Americans" crack comment.
However, many software companies has suggested an "offer to patch" is an attempt at blackmail. But is it? Isn't Miller's team entitled to "sell" this patch? Legitimate company offering a service, security being the "game"? If one vendor refuses to buy, then another vendor, perhaps a reported competitior of the iPhone -Nokia, Qualcomm- with similar patents as the iPhone may pay to talk with Miller?
More details on the vulnerability can be found at exploitingiphone.com (which currently still redirects to another site, but should be live later today), writes Wired. Independent Security Evaluators plan to demonstrate at the upcoming BlackHat conference on Aug. 2nd.
In the past companies have refrained from purchasing the information themselves, discouraging a pattern of extortion.
A black market has long existed for trading information about vulnerabilities in software from Microsoft Corp., Cisco Systems Inc. and other vendors of products crucial to running computers and sending data over the Internet.
Experts (?)say... government agencies have been buying such knowledge --"not to warn the public but potentially to break into computers for national security or criminal investigations". Named again was, Charlie Miller, "a former National Security Agency employee", one agency who Miller wouldn't name, paid him $50,000 in September. (FederalNewsRadio, July 21, 2007)
Researchers historically have shared knowledge for free, "there's been a market that has naturally evolved where this information is power," said Ken Durham, director of the rapid response team with VeriSign-iDefense. "Our concern is people would start to turn to the dark side(Hollywood drool material) unless they had a responsible avenue."
Has this Computer Science PhD, Miller, and "the firm" hit the big time with a security issue discovery in iPhone?
YAWN
I’ll never own one.
ISE’s mission is to provide the outside technical resources companies need to control their technology risk. The experts at ISE have vast experience in every facet of security. The team includes computer scientists, electrical engineers, and cryptographers. ISE experts have testified before Congress, served as expert witnesses, participated in creating standards, and evaluated systems for both government and private industry.
ISE researchers have published several influential books and dozens of scientific papers in the top refereed conferences and journals. They have also analyzed and helped repair several widely used commercial systems. ISE was formed to offer this expertise to the private sector. -http://securityevaluators.com/
ISE’s mission is to provide the outside technical resources companies need to control their technology risk. The experts at ISE have vast experience in every facet of security. The team includes computer scientists, electrical engineers, and cryptographers. ISE experts have testified before Congress, served as expert witnesses, participated in creating standards, and evaluated systems for both government and private industry.
ISE researchers have published several influential books and dozens of scientific papers in the top refereed conferences and journals. They have also analyzed and helped repair several widely used commercial systems. ISE was formed to offer this expertise to the private sector. -http://securityevaluators.com/
I will or one like, in time.
Have any FReepers purchased an iPhone?
If so, what has been your experience?
Thanks,
Kelly
It's more like extortion.
If one vendor refuses to buy, then another vendor, perhaps a reported competitior of the iPhone -Nokia, Qualcomm- with similar patents as the iPhone may pay to talk with Miller?
I'll speculate that the purported vulnerability is unique to the iPhone, and does not involve any patented technology. More likely, it's a flaw in JavaScript in the Safari browser.
But watching movies or surfing the net using a tiny little screen won’t cut it for me.
Where is the latest glasses projection technology? Put a video port on the device and design some glasses that can project the image.
If cost is right, there will be a demand for this type of projection system.
When communications are critical, don't hook up to a network or you'll get hacked... that's all there is to it.
Would I ever own an iPhone......?
Now where's that old analog popcorn maker of mine?
No more blackmail than an offer to fix a flat tire for a fee.
I'd consider it on the T-Mobile network, but otherwise, not leaving them. T-Mobile@Home is getting me to cut the tether for the landline, a simple bluetooth box allows me to link up to my cell line from any of the phones in my home, and my cost vs savings horizon for adding this, buying equipment, etc, is two months.
Why extortion..an offer to purchase..capitalism at its' "secure" best. Last time I looked iPhone and other soft ware companies are not listed as "charities". They get the big bucks, why shouldn't the 'start up companies' that offer a product needed. Little companies become purchased all the time. Look at the success of google and where they started, Youtube...
Actually there are patents held by Qualcomm, Nokia etc which news of moved their stocks when the iPhone news broke. They were the cutting edge competitors in the lead. Only have to check back in the Business/Stocks section during their stocks aforementioned run time. I also read this story as not just about the iPhone, but about the media to highlight this piece with the Ex-NSA/spy On Americans reference! Legit company, credentials and they can't sell a product? All open and up front.
Never been hacked, Chief.
Since they disregarded what the courts have said, countless times, to OS providers, they’ve got an embarrassing problem on their hands, and a tight concentration of very public targets for hackers to exploit the flaw.
Make your OS, make it as swift as possible, and let everyone else make the programs to run atop it, or it’ll backfire in your face every time.
Guys like Miller are like the countless villains depicted on Steven Seagal and Bruce Willis movies — who hijack the nuclear weapon and offer not to blow up New York City/Hollywood if their “modest demands” are met.
So how are they different from other terrorists — who think they should be rewarded handsomely for not undermining and destroying safety and security for everyone else?
Only in America, instead of getting 40 virgins in paradise, they can get 40 lap dancers at Club Paradise.
Meanwhile, the mainstream media and ACLU is justifying that ensuring their freedom expression and right to assert themselves, protects everybody else’s civil rights — which they will recognize after they’ve been killed.
Safari is just an application. Safari is not a part of the kernel, nor is the kernel part of Safari. Because Safari is not kernel-dependent, it is available on multiple platforms - Mac OS X, Windows and iPhone.
One other note - the Safari browser is based on open-source technology that was originally developed for Linux.
That analogy doesn’t hold. Hijacking a nuclear weapon is illegal before you offer to blow it up. The reality here is that Apple made a mistake. This guy merely discovered it. He didn’t ‘make’ anything. It’s there. And if he can find it, so can someone else. He’s not the one threating to blow anything up or steal someone’s iPhone. He’s saying “if you don’t fix this, someone will do that.”. If Apple wants to be stubborn about it, let them. We’ll see how that holds up when the torrent of iPhone viruses hits.
My husband purchased one. He travels a lot for his job and wanted a device that would allow him internet access with phone and day planning capabilities. He was going to buy a laptop until he heard about he IPhone. He feels it gives him all of what he needed a laptop to do for him and he loved the fact that it would fit into his pocket. He absolutely loves the device!
He has used it on business trips to browse websites and make stock transactions, listen to his favorite music, keep track of his appointments, email, text message and make calls.
The only downside for us is that it is ATT service. However, the service has been fine for the 2 weeks we’ve used it. We have about 18 months left on a family plan with Sprint, so he still has a Sprint phone if he needs it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.