ANTenna Blog -- Apple
Mac And iPhone Security Issues Mounting
Posted by Jake Widman Thursday, Jul 30, 2009, 01:10 PM ET
New ways to break the iPhone's security and reports of new Mac exploits should serve as a warning to Mac-based businesses not to become complacent.
The annual Black Hat technical security conference is going on in Las Vegas this week, and just like every year, some enterprising security experts have shown up with demonstrations of security flaws in Apple products. We should probably pay attention.
The demonstrations are usually proofs of concept that never seem to actually get exploited in the wild. It may seem that the experts are like the hackers who cried "wolf" -- but if you remember how that story ended, it wasn't a happy outcome for the sheep or the boy.
This year, security researcher Dai Zovi showed a way for hackers to take control of Safari and steal encrypted data. But more worrying is his prediction that as the Mac market share grows and hackers start targeting them, Macs will prove to be more vulnerable than we've come to expect. Reuters quoted Dai Zovi as saying, "There is no magic fairy dust protecting Macs."
His prediction is seconded by Charlie Miller, who wrote The Mac Hacker's Handbook. He said, "[Apple's security efforts] are advancing. Our concern is that they are just not advancing as fast as they are gaining market share."
Black Hat also saw the demo of a method of taking control of an iPhone by sending malicious SMS messages. The vulnerability was discovered by the same Charlie Miller, who said "SMS is an incredible attack vector for mobile phones. All I need is your phone number. I don't need you to click a link or anything."
And last week, two researchers posted a video on YouTube demonstrating how easy it can be to break the encryption and retrieve the passcode an on iPhone 3GS -- the same encryption that Apple describes as "highly secure."
The takeaway here isn't that Macs and iPhones are particularly vulnerable. It's that they aren't as invulnerable as we Mac users, who've never had to confront serious attacks on our machines, have come to expect. Don't assume your sheep, I mean your Macs, are safe just because the previous warnings didn't pan out.
Update: Apple has since released a free patch that supposedly fixes the SMS vulnerability. At the same time, there are new warnings out of Black Hat about, basically, SMS phishing.
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
- Phone Systems Guide - What kind of phone system is right for your business
- Web Design Guide - What to look for in a Web designer
- Merchant Services Guide - Credit card processing and more
- Online Marketing Guide - Leverage the Net to market your business
- Alternative Financing Guide - How to find the cash your business needs
- View all guides
Explore ANTenna Blog
Most Recent Posts
- Nasuni Offers Cloud-Based Primary Storage
- Automobiles: The Next Network Security Challenge?
- Cachengo Rolls Out Appliance + Cloud Storage Option
- For SMBs, PayPal Could Mean Risky Business
- Internet Access Options Grow
ANTenna Blog Topics
- Apple
- Backup
- bMighty
- Business & E-Business
- Business Continuity
- Cloud Computing
- Company Size: 1,100-1,500
- Company Size: 250-999
- Company Size: 50-249
- Company Size: 1-49
- Disaster Recovery
- Economics
- Education
- Entrepreneurs
- Finance/Accounting
- Finance/Banking/Insurance
- Government
- Green Business
- Hardware & Software
- Healthcare
- Hospitality
- How-To
- HR
- Imaging How-To
- International
- Internet/Web
- iPhone
- IT
- Linux
- Management
- Manufacturing/Mining
- Messaging
- Mobile
- Networking & Communications
- Non-Profit
- Open Source
- Operations
- Piracy
- Printers/Printing
- Professional/Creative Services
- Retail
- Unified Communications
- Sales/Marketing
- Start-Ups
- Security
- Server How-To
- Services
- Social Networking
- Software-as-a-Service
- Storage
- Strategy/Analysis/Biz Dev
- Technology/Telecom
- The rANT
- Transportation
- Travel
- Windows
- Web 2.0
- Women in Business
ANTenna Bloggers
ANTenna Blog Roll
- ANTenna Archive
- Ars Technica
- Business Know-How
- ChannelWeb Hot Topics
- ChannelWeb The Chart
- Datamation
- Duct Tape Marketing
- The Entrepreneurial Mind
- Freakonomics
- GigaOmNet
- Guy Kawasaki
- Inc.com
- IT Organization Management
- IT Manager's Journal
- IT Toolbox
- LifeHacker
- Mashable
- MonkeyBrains
- Network Computing Blog
- Scott Berkun
- Search Engine Land
- Search Engine Watch
- SmallBizResource
- SmallBizTechnology.com
- SmallBusinessHub
- Small Business Trends
- TechCrunch
- Technologizer
- Tech Republic
- The Secret Diary of Steve Jobs
- USA Today Small Biz Connection
- Valleywag
- Walt Mossberg Feed - All Things Digital
- Web Worker Daily
- WorkHappy.net
- WSJ's Business Technology
InformationWeek SMB email newsletter!
Browse by Category
IW SMB Tech
Term Of Day:
Boost your tech
vocabulary!
InformationWeek SMB's
TechEncyclopedia
defines more than
20,000 IT terms.
FREE Technology Services Locator!
Search our database of 200,000 solution- provider locations by business activity, technology, vertical market, and customer size. Find a technology partner NOW.
go
|
