Rich Fiscus
23 Oct 2007 12:57
Security experts are comparing the iPhone's security to that of Windows 95, which is to say it has none. "It really is an example of 'those who don't learn from history are condemned to repeat it'," says Dan Geer, vice president and chief scientist at security firm Verdasys.
The problem according to Charlie Miller, principal security analyst for Independent Security Evaluators, is that every program on the iPhone runs with root priviliges, meaning full access to everything on the phone. A vulnerability in the Safari browser discovered earlier this year by Miller and his colleagues has already been addressed by Apple, but the root permission problem, also criticized in the paper detailing the Safari vulnerability, remains.
Apple has announced plans to release a public SDK so anyone can develop iPhone applications. As part of the announcement, CEO Steve Jobs said there were security issues being addressed in conjunction with the release. Hopefully that means OS updates that resolve this vulnerability. Access to data on an iPhone or its connection to a mobile phone/SMS/data network could be much more than an annoyance for iPhone users and mobile providers alike.
Source: Wired