[grahamf]

iPhone security is no better than BB security, huh?

A major security flaw has been uncovered in the Apple iPhone 3GS this week after two security experts discovered it was possible to bypass the device's security and gain nearly full read access using Ubuntu Lucid Lynx. Perhaps even more frightening is the fact that the two believe they're nearing the ability to write data as well.*

Care to explain this?

Posted from my CrackBerry at wapforums.crackberry.com

[Joel S.]

Someone seriously argued that iPhone security is on par with BB security?

They must've been high.

[xxxxpradaxxxx]

Are you referencing a mod in your topic title???

[Pi Guy 3.14]

Are you referencing a mod in your topic title???

He sure is lol

[Bla1ze]

Why all of a sudden is this some BIG news? Anyone who has ran Ubuntu and is an iPhone user could have (and has) found this out. Mount the device, you have full and complete access. Even iPhone developers are looking at this news and going "wtf? who didn't know that?"

[The_Engine]

Why all of a sudden is this some BIG news? Anyone who has ran Ubuntu and is an iPhone user could have (and has) found this out. Mount the device, you have full and complete access. Even iPhone developers are looking at this news and going "wtf? who didn't know that?"

Apparently detective squirrel didn't know this.

Posted from my CrackBerry at wapforums.crackberry.com

[avt123]

So the device needs to be stolen and mounted to an Ubuntu system...the horror. Like Blaize said Ubuntu users/developers have known about this.

This is only a big deal if you lose your iPhone or it gets stolen and the person who happens to steal it/finds it uses Ubuntu.

[Branta]

iPhone security is no better than BB security, huh?
Care to explain this?

Posted from my CrackBerry at wapforums.crackberry.com

Ignore the BGR summary and go direct to the full description. The author is a respected professional...
iPhone business security framework � Bernd Marienfeldt

Scary, all it needs is a USB hookup. I'd call the security "completely broken"

[Branta]

Why all of a sudden is this some BIG news? Anyone who has ran Ubuntu and is an iPhone user could have (and has) found this out. Mount the device, you have full and complete access. Even iPhone developers are looking at this news and going "wtf? who didn't know that?"

The point is that it blows past the device PIN (password in BB terms). It should never do that without a previously established trust scheme.

[stuaw11]

Either way its a moot security point to harp on.

1) Someone has to actually steal your phone
2) you dont remote wipe it
3) they have a Ubuntu machine (NOT EVEN 1% of all computers sold- .71%)

There are QUITE a few steps and circumstances that have to occur to make this "security breach" occur.

Just like the texting bug/"virus" people harped on, the odds of it happening to you are slim to none and involve multiple steps and circumstances to occur to even have a chance of having your data stolen.

People just like to find the smallest thing that could maybe, possibly, could, perhaps, perchance happen if multiple circumstances fall into place while the likelihood of it actually happening to you is less than being struck by lightning and winning the lotto on the same day. Sheer paranoia.

[Jake Storm]

About the same as the odds of losing an iphone prototype at the bar

[grahamf]

The phone doesn't have to be stolen... If you are somewhere public and you took your phone out of your pocket, anybody with a laptop and has downloaded ubuntu has full access.

Posted from my CrackBerry at wapforums.crackberry.com

[Denise in Los Angeles]

About the same as the odds of losing an iphone prototype at the bar

I only find worthless dumbphones at the bar.

[stuaw11]

The phone doesn't have to be stolen... If you are somewhere public and you took your phone out of your pocket, anybody with a laptop and has downloaded ubuntu has full access.

Posted from my CrackBerry at wapforums.crackberry.com

Not stolen? Dont know what else youd call it. "Stealing" doesnt necessarily mean they keep it. If someone takes your car in the middle of the night, joyrides, and brings it back, did they still not "steal" it?

Furthermore, if you leave your phone sitting around in public unattended who's fault is that? What good is security measures if youre going to be irresponsible with the phone in the first place?

[grahamf]

**** happens. Eventually you will realize that. Just look at BP.

Posted from my CrackBerry at wapforums.crackberry.com

[avt123]

It's still is not that big of a deal. Until Ubuntu is used by more people, this security breach will most likely never be replicated, or only happen a few times.

[The_Engine]

I thought this was somewhat relevant to this discussion...

AT&T exec: 4 out of 10 of our iPhone sales to enterprises | ZDNet

And here is where I am wondering if the AT&T Execs know about this vulnerability:

Most of our monthly reporting is all built into an app that gets updated when our systems get updated, and we do an automatic fetch. And any time I want to look at where we sort of sit from a financial point of view in ABS, it now resides on my iPhone as an app. So it starts to change the way you think about your business. It changes the speed with which you can make decisions.

So they have financial data on their iphones!? I mean it can be remote wiped and there are some locking features, but that seems somewhat risky. I have to assume they have to login to a web site or something...

[JRSCCivic98]

Big deal. Nothing is safe from old school ways. I'm the one that came up with a way to pull off all the Java OS files off a BB using nothing more then a text editor, Excel, and a batch file. Lol. Look it up in the Storm forums.

Posted from my CrackBerry at wapforums.crackberry.com

[xxxxpradaxxxx]

+1

If there's a will, there's a way.

[amazinglygraceless]

First off - It's not Detective Squirrel, it is Vinnie "The Squirrel" DeLuca

Secondly, I think the point has been made that your whole "BAM!! there it is" is a
truly moot issue.

Lastly, while this is fun you still have failed to do THE ONE THING I asked you to do
and that is to explain the underlying security architecture of the BlackBerry and
why it is better than any other platform. Everyone repeats that mantra, I have
yet to see one of you, you know, kinda sorta like maybe explain it.

[grahamf]

1. We do not know if the JVM is a Berkely derivative or Linux, or just developed in-house, so we cannot do direct execution.
2. The only way to write code for the BB is in Java, which is inherently designed in a sandbox for each app. That is problably why there is very limited application management on a BB (you can only close an app from within it or by a battery pull.
3. Pakistan and another nearby country banned blackberrys because they cannot monitor bbm. That has to say something.
And I'm writing a test soon so that is all o can add for the moment.

Posted from my CrackBerry at wapforums.crackberry.com

[amazinglygraceless]

Graham, I am not arguing with you or yanking your chain. This is in the
interest of our community.

All I am asking is ONE person write a lucid and detailed explanation as to what makes
the security employed by RIM better (or as some say, bulletproof) than everything
else on the market.

Otherwise, it is just people reciting what they have heard but with nothing to
back it up. That simple.

[pkcable]

I can't believe all these mods posted in this thread and no one changed the titled? Were we all laughing too hard??? LOL! Anyways I made the title more descriptive of the content, except for the questions regarding the old title which I will leave for there amusement factor.


EDIT: Unless AG wants to remove them. (and this edit!)

[WillieLee]

It's big news because Apple is trying to push deeper into the Enterprise market by selling their security features and when their PIN system is confirmed(Apple at first stated it was limited to the phones used by the security company and no fix has been issued yet) to be useless it's big news.

I've seen a lot of people post "Who cares? They have to get access to your phone!". Enterprise companies care because corporate espionage is a threat. A few minutes with an iPhone might be all someone needs to get critical information about a competitor. And it's not just this issue with the PIN, Apple has many other security issues because of the choices they have made for their device. Safari is the biggest target for hackers in competitions such as Pwn2Own.

RIM has taken a lot of criticism because they've been slow to implement a webKit browser, but security is the reason. Their biggest Enterprise customers demand end-to-end encryption and RIM can't tell the US government not to worry if they can't meet that because "They would have to get your phone! lolz!".

It does matter, you have to look no further than RIM's financials as they've gone from $50 million in annual revenue ten years ago to $15 billion. The majority of that was off the back of their BES architecture.

[amazinglygraceless]

EDIT: Unless AG wants to remove them. (and this edit!)

PK, I was good with the title. Graham and I are cool and I know it was just
his dry wit, not a jab or insult.

We'll leave it up to him