Apple Smartphone Lacks Security? iPhone Hacked / Cracked in 20 Seconds? The Whole Story
Smartphone Mobile Security
- 2009: malicious app that steals user information already happened, not a theoretical exploit. The malicious Android App was approved by the Android market few months ago.
- 2007: Symantec Security Response white paper by James O-Connor mentions: While BlackBerry has a “comprehensive inbuilt security framework at both device and server level it is still susceptible to a number of potential attacks.” That’s without involving “vulnerabilities in the BlackBerry device due to hardware, operating system or firmware bugs.”
Apple iPhone Security: 2007, 2008, 2009
iPhone was released in 2007. In as recent as the 2009 Pwn2Own, security experts failed to hack the Apple iPhone.
The zynamics report on the 2010 iPhone hack: “In 2009, researchers failed to compromise the iPhone, confounding general expectations.”
Of course, like Mozilla and Microsoft whose products are also hacked on the first day of Pwn2Own contest at CanSecWest, Apple should also improve its security. However, something is clear. Nothing is completely secure. Looks like no matter what software is scheduled first in the Pwn2Own contest, it is highly likely to be hacked.
Keep in mind, if the organizers scheduled Firefox first in the contest, Mozilla Firefox will be the “first to be hacked.” If the organizers scheduled Microsoft Windows 7 / Internet Explorer first in the contest, W7 / I.E. will be the “first to be hacked.” See the point? Saying Apple software is first to be hacked is a simple failure in reading comprehension.
The hacked in 20 seconds is also misleading. The exploit required weeks of planning, not 20 seconds.
Did the PC Pundits say how many seconds it took to hack Windows 7? What about how long it took to hack Firefox on Windows 7? How about the number of real world exploits against Windows?
Pwn2Own 2010 [dvlabs, TippingPoint Digital Vaccine Laboratories]
iPhone’s SMS cracked in 20 seconds at Pwn2Own [macnn]
thezdi, Pwn2Own contest [twitter]
Symantec White papers [symantec]
Zynamics pwn2own press release [zynamics]
- Pwn2Own Hacking Contest Host, Security Conference CanSecWest Partly Microsoft Sponsored
- NBC: Samsung Android phone hacked in seconds at Sochi Olympics (updated)
- Security: Google Wallet Hacked, PINs Exposed
- Cydia “PDF Loading Warner” Helps Prevent iOS Security Hole Exploit
- Google Chrome = New Microsoft Windows?