06-08-10 07:02 AM
42 12
tools
  1. grahamf's Avatar
    iPhone security is no better than BB security, huh?
    A major security flaw has been uncovered in the Apple iPhone 3GS this week after two security experts discovered it was possible to bypass the device's security and gain nearly full read access using Ubuntu Lucid Lynx. Perhaps even more frightening is the fact that the two believe they're nearing the ability to write data as well.*
    Care to explain this?

    Posted from my CrackBerry at wapforums.crackberry.com
    05-27-10 03:17 PM
  2. Joel S.'s Avatar
    Someone seriously argued that iPhone security is on par with BB security?

    They must've been high.
    05-27-10 03:24 PM
  3. xxxxpradaxxxx's Avatar
    Are you referencing a mod in your topic title???
    05-27-10 03:43 PM
  4. Pi Guy 3.14's Avatar
    Are you referencing a mod in your topic title???
    He sure is lol
    05-27-10 03:52 PM
  5. Bla1ze's Avatar
    Why all of a sudden is this some BIG news? Anyone who has ran Ubuntu and is an iPhone user could have (and has) found this out. Mount the device, you have full and complete access. Even iPhone developers are looking at this news and going "wtf? who didn't know that?"
    05-27-10 03:56 PM
  6. The_Engine's Avatar
    Why all of a sudden is this some BIG news? Anyone who has ran Ubuntu and is an iPhone user could have (and has) found this out. Mount the device, you have full and complete access. Even iPhone developers are looking at this news and going "wtf? who didn't know that?"
    Apparently detective squirrel didn't know this.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-27-10 04:05 PM
  7. avt123's Avatar
    So the device needs to be stolen and mounted to an Ubuntu system...the horror. Like Blaize said Ubuntu users/developers have known about this.

    This is only a big deal if you lose your iPhone or it gets stolen and the person who happens to steal it/finds it uses Ubuntu.
    05-27-10 04:14 PM
  8. Branta's Avatar
    iPhone security is no better than BB security, huh?
    Care to explain this?

    Posted from my CrackBerry at wapforums.crackberry.com
    Ignore the BGR summary and go direct to the full description. The author is a respected professional...
    iPhone business security framework Bernd Marienfeldt

    Scary, all it needs is a USB hookup. I'd call the security "completely broken"
    05-27-10 09:18 PM
  9. Branta's Avatar
    Why all of a sudden is this some BIG news? Anyone who has ran Ubuntu and is an iPhone user could have (and has) found this out. Mount the device, you have full and complete access. Even iPhone developers are looking at this news and going "wtf? who didn't know that?"
    The point is that it blows past the device PIN (password in BB terms). It should never do that without a previously established trust scheme.
    05-27-10 09:23 PM
  10. stuaw11's Avatar
    Either way its a moot security point to harp on.

    1) Someone has to actually steal your phone
    2) you dont remote wipe it
    3) they have a Ubuntu machine (NOT EVEN 1% of all computers sold- .71%)

    There are QUITE a few steps and circumstances that have to occur to make this "security breach" occur.

    Just like the texting bug/"virus" people harped on, the odds of it happening to you are slim to none and involve multiple steps and circumstances to occur to even have a chance of having your data stolen.

    People just like to find the smallest thing that could maybe, possibly, could, perhaps, perchance happen if multiple circumstances fall into place while the likelihood of it actually happening to you is less than being struck by lightning and winning the lotto on the same day. Sheer paranoia.
    Last edited by stuaw11; 05-27-10 at 10:48 PM.
    05-27-10 10:40 PM
  11. Jake Storm's Avatar
    About the same as the odds of losing an iphone prototype at the bar
    05-27-10 11:49 PM
  12. grahamf's Avatar
    The phone doesn't have to be stolen... If you are somewhere public and you took your phone out of your pocket, anybody with a laptop and has downloaded ubuntu has full access.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-28-10 12:56 AM
  13. Denise in Los Angeles's Avatar
    About the same as the odds of losing an iphone prototype at the bar
    I only find worthless dumbphones at the bar.
    05-28-10 01:01 AM
  14. stuaw11's Avatar
    The phone doesn't have to be stolen... If you are somewhere public and you took your phone out of your pocket, anybody with a laptop and has downloaded ubuntu has full access.

    Posted from my CrackBerry at wapforums.crackberry.com
    Not stolen? Dont know what else youd call it. "Stealing" doesnt necessarily mean they keep it. If someone takes your car in the middle of the night, joyrides, and brings it back, did they still not "steal" it?

    Furthermore, if you leave your phone sitting around in public unattended who's fault is that? What good is security measures if youre going to be irresponsible with the phone in the first place?
    Last edited by stuaw11; 05-28-10 at 01:39 AM.
    05-28-10 01:36 AM
  15. grahamf's Avatar
    **** happens. Eventually you will realize that. Just look at BP.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-28-10 02:06 AM
  16. avt123's Avatar
    It's still is not that big of a deal. Until Ubuntu is used by more people, this security breach will most likely never be replicated, or only happen a few times.
    05-28-10 02:36 AM
  17. The_Engine's Avatar
    I thought this was somewhat relevant to this discussion...

    AT&T exec: 4 out of 10 of our iPhone sales to enterprises | ZDNet

    And here is where I am wondering if the AT&T Execs know about this vulnerability:
    Most of our monthly reporting is all built into an app that gets updated when our systems get updated, and we do an automatic fetch. And any time I want to look at where we sort of sit from a financial point of view in ABS, it now resides on my iPhone as an app. So it starts to change the way you think about your business. It changes the speed with which you can make decisions.
    So they have financial data on their iphones!? I mean it can be remote wiped and there are some locking features, but that seems somewhat risky. I have to assume they have to login to a web site or something...
    05-28-10 07:51 AM
  18. JRSCCivic98's Avatar
    Big deal. Nothing is safe from old school ways. I'm the one that came up with a way to pull off all the Java OS files off a BB using nothing more then a text editor, Excel, and a batch file. Lol. Look it up in the Storm forums.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-28-10 10:56 AM
  19. xxxxpradaxxxx's Avatar
    +1

    If there's a will, there's a way.
    05-28-10 11:09 AM
  20. amazinglygraceless's Avatar
    First off - It's not Detective Squirrel, it is Vinnie "The Squirrel" DeLuca

    Secondly, I think the point has been made that your whole "BAM!! there it is" is a
    truly moot issue.

    Lastly, while this is fun you still have failed to do THE ONE THING I asked you to do
    and that is to explain the underlying security architecture of the BlackBerry and
    why it is better than any other platform. Everyone repeats that mantra, I have
    yet to see one of you, you know, kinda sorta like maybe explain it.
    05-28-10 11:15 AM
  21. grahamf's Avatar
    1. We do not know if the JVM is a Berkely derivative or Linux, or just developed in-house, so we cannot do direct execution.
    2. The only way to write code for the BB is in Java, which is inherently designed in a sandbox for each app. That is problably why there is very limited application management on a BB (you can only close an app from within it or by a battery pull.
    3. Pakistan and another nearby country banned blackberrys because they cannot monitor bbm. That has to say something.
    And I'm writing a test soon so that is all o can add for the moment.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-28-10 11:35 AM
  22. amazinglygraceless's Avatar
    Graham, I am not arguing with you or yanking your chain. This is in the
    interest of our community.

    All I am asking is ONE person write a lucid and detailed explanation as to what makes
    the security employed by RIM better (or as some say, bulletproof) than everything
    else on the market.

    Otherwise, it is just people reciting what they have heard but with nothing to
    back it up. That simple.
    05-28-10 11:47 AM
  23. pkcable's Avatar
    I can't believe all these mods posted in this thread and no one changed the titled? Were we all laughing too hard??? LOL! Anyways I made the title more descriptive of the content, except for the questions regarding the old title which I will leave for there amusement factor.


    EDIT: Unless AG wants to remove them. (and this edit!)
    05-28-10 12:18 PM
  24. WillieLee's Avatar
    It's big news because Apple is trying to push deeper into the Enterprise market by selling their security features and when their PIN system is confirmed(Apple at first stated it was limited to the phones used by the security company and no fix has been issued yet) to be useless it's big news.

    I've seen a lot of people post "Who cares? They have to get access to your phone!". Enterprise companies care because corporate espionage is a threat. A few minutes with an iPhone might be all someone needs to get critical information about a competitor. And it's not just this issue with the PIN, Apple has many other security issues because of the choices they have made for their device. Safari is the biggest target for hackers in competitions such as Pwn2Own.

    RIM has taken a lot of criticism because they've been slow to implement a webKit browser, but security is the reason. Their biggest Enterprise customers demand end-to-end encryption and RIM can't tell the US government not to worry if they can't meet that because "They would have to get your phone! lolz!".

    It does matter, you have to look no further than RIM's financials as they've gone from $50 million in annual revenue ten years ago to $15 billion. The majority of that was off the back of their BES architecture.
    05-28-10 12:33 PM
  25. amazinglygraceless's Avatar
    EDIT: Unless AG wants to remove them. (and this edit!)
    PK, I was good with the title. Graham and I are cool and I know it was just
    his dry wit, not a jab or insult.

    We'll leave it up to him
    05-28-10 12:50 PM
42 12
LINK TO POST COPIED TO CLIPBOARD