The iPhone: Don't Trust the Client
A timeless lesson applies to the iPhone: If something is under the control of a user, we must assume it will be tampered with.
We now have some additional information, however. There have indeed been several weaknesses published regarding the iPhone. Although none have succeeded in completely compromising the device, theyve all found various weak points that can be exploited by an attacker for different purposes.
Last week, just before the Black Hat conference a coincidence, Im sure Apple released a few security patches to the iPhone that corrected at least some of these security defects. The patches were released using Apples standard firmware upgrade process on the iPhoneiTunes. Now, any iPhone owner who plugs his device into his Mac or PC to synchronize the device will automatically receive the updated firmware.
|Recent Alignment Articles|
Spammers Find New Ways Around Filters
Big deal, right? Weve been updating devices this way for quite a while. Why is this one different? Well, I see a couple things. One is that several published reports have said that the update also scans the device for possible end-user modifications that have been done on the device and it undoes them. Most view this as Apple trying to wrest control of the device back.
Theres the cat-and-mouse game, as well as the timeless lesson. There are at least two ways of viewing Apples counter move here. One is that theyre taking control back by undoing what the attackers have done. This forces the attackers to re-analyze the system and possibly re-engineer their modifications so that theyll work with the revised device.
The other view is that this control is nothing more than a temporary illusion. Face it, the device is owned by its user, and the user can basically do whatever he wants with the device. If security defects exist, they can be exploited. Sometimes theyll be exploited accidentally; sometimes deliberately; sometimes maliciously; but they will be exploited inevitably.
And theres our timeless lesson to pay attention to. Dont trust the client. Or, more generally, dont place trust in that which is not worthy of trust. If something is under the control of a user, we must assume it will be tampered with.
Now, I will say that I find it encouraging that Apple is doing some things better or at least quite differently than many who have gone before it. Automating the updates via the software that the end user uses to synchronize content is a brilliant mechanism. Indeed, the user would have to opt out of updates in order for a device to not get the latest patches. (Though I still hate the idea of periodic patches, they remain our most viable option.)
Apple has also made their device much more closed than many other devices. In this context, by closed I mean that the end user cannot easily extend the functionality of the device. The method of adding applications to the iPhone is via web apps through the devices browser. Thus, theyre moving to a more centralized model in which the apps sit in a data center, not in the device itself.
There are numerous security benefits from this model, as well as some operational disadvantages, since you must be connected to a net to run the apps. From a security standpoint, all the code sits in one place. Updates affect all users effectively simultaneously. There are also big configuration management benefits from this approach.
My last observation from watching the great iPhone saga comes from comparing it with its competition. Ive used different mobile devices for years, and Ive tried all the big guys: Nokia, Ericsson, Motorola, Blackberry, you name it. These firms have all been making mobile devices for decades. Apple has been in the game for a month, and theyve already managed to have an update mechanism that seems to me to work better than any of the others. Theyve also revolutionized the user interface and such in one step.
The one thing that makes all of this possible is the software. The fact that they clearly recognize that gives me confidence that theyll place equal emphasis on the security of the software.
August 03, 2007
And then some. A Black Hat hacker proves more than just a Blue Pill can stymie the operating system.