- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
When Apple introduced the latest version of its Safari browser two weeks ago, it took the hacking community just hours to start reporting bugs in the beta code. On Friday, the iPhone is likely to get even closer scrutiny from many of the same security researchers. Here's a list of the top items on the typical iPhone hacker's to-do list.
1) Fuzz the Web browser
Apple has made it clear that if you're an independent software developer that wants to write programs for the iPhone, you're going to have to write Web applications rather than software that runs on the iPhone itself. And as the introduction of the Safari 3.0 beta showed last week, Web browser flaws are easy to find.
Security researcher Tom Ferris says he's paid someone to stand in line for him in order to get an early crack at the iPhone. He believes that the iPhone's Safari browser will be similar to the 3.0 beta. And thanks to the iPhone's Wi-Fi support, he expects to be able to run "fuzzing" software that can bombard the iPhone with data over his local network, looking for errors that will cause it to crash.
Ferris says that Safari's support of the Scalable Vector Graphics (SVG) language and the Portable Document Format may provide other avenues for Web attacks. "I'm ready to go," Ferris said. "I've already found some SVG bugs in OS X."
Hackers like Ferris said they discovered nearly 20 bugs in Safari, just hours after the 3.0 release. How many of those will cause the iPhone browser to crash is unclear, but the bigger question is whether or not they will lead to malicious code that the bad guys can actually run on the iPhone.
2) Find a way to debug
Because it wants non-Apple applications to run through the browser, rather than on the iPhone itself, Apple isn't releasing software development tools for its new phone. From a security perspective, this may actually be good news for iPhone users because without any debugging software to tell them what's really going on inside the computer's memory, it will be hard for hackers to develop malicious exploit code to run on the platform. So most iPhone bugs won't do much more than crash the browser.
Though sophisticated hackers could conceivably develop debugging tools for the iPhone it will take more time for real threats to emerge, said Marc Maiffret, chief technology officer with eEye Digital Security. "What you end up having to do is hardware-based debugging which requires physically taking apart the iPhone and using specialized... equipment," he said. "This raises the bar on being able to successfully execute code and hack an iPhone."
The Diane's of the industry should be acknowledged for their understanding of why products fail when...- Anon
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comments (1)
With iPhone launch, a hacker's to-do listBy Anonymous on July 3, 2007, 4:23 pmHi all, I find one interesed topic realted to this thema at this site: Security CENTRAL Forum http://www.SCForum.info
Reply | Read entire comment
View all comments