Confirmed: iPhone Security Better, But Still Not Perfect
10:39 am, February 27th, 2008, Leander Kahney
Picture: Kitra Cahana/The New York Times
I’ve confirmed that the iPhone no longer runs software applications as “root” — but the iPhone is still insecure, a security expert says.
As reported on Wired.com, the iPhone used to run all software applications as “root” until recently, a flawed architecture that could give hackers complete control of the device. If hackers found a hole in any application, they could take over other functions, using the iPhone to make calls, take pictures or read and send email.
But last month Apple released a firmware update, version 1.1.3, that put most of the major applications in a new account called “mobile.”
While this is better than running all applications in root, it still lumps the applications together, which doesn’t much improve things: The same vulnerability still exits. If any one application is compromised, they are all vulnerable — and the iPhone can still be taken over, says Charlie Miller, principal analyst of software security at Independent Security Evaluators.
Dr. Miller was one of the first security experts to document the iPhone’s flawed architecture.
In a response to an email query sent yesterday, Dr. Miller writes:
Actually, the important apps have not been running as root at least since 1.1.3. See below. This is obviously better than running everything as root.
However, now they seem to run everything unimportant as the user “mobile”.
This doesn’t really solve their security problems because, for example, someone gaining access through a web server attack will still be able to access emails, dial the phone, etc. (At least it appears this way, I haven’t verified this).
A better approach would have been one like the folks at Google took with their Android SDK.
There, every application runs as a separate user in their own directory.
Therefore, each application cannot access the data of another application without the system having explicitly been told to allow it.
In the above example, an attacker who gains access to an Android phone through the web browser could only access things the web browser deals with, such as bookmarks.
They would not have access to mail contacts, saved messages, SMS messages, etc. (at least without doing a second type of attack).
Hope that helps.
Charlie
# uname -a
Darwin Charlie Miller’s iPhone 9.0.0d1 Darwin Kernel Version 9.0.0d1: Wed Dec 12 00:16:00 PST 2007; root:xnu-933.0.0.211.obj~2/RELEASE_ARM_S5L8900XRB iPhone1,1 unknown # ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
mobile 62 2.8 20.3 325440 24080 ?? Ss 9:36AM 1:15.31 /System/Library/CoreServices/SpringBoard.app/SpringBoard
root 1 0.0 0.4 272956 444 ?? Ss 8:56AM 0:01.06 /sbin/launchd
mobile 12 0.0 1.4 286128 1604 ?? Ss 8:56AM 0:00.37 /usr/sbin/BTServer
root 13 0.0 1.3 282168 1556 ?? Ss 8:56AM 0:03.43 /System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter
root 16 0.0 1.3 275864 1516 ?? Ss 8:56AM 0:15.53 /usr/sbin/configd
root 17 0.0 0.5 273404 592 ?? Ss 8:56AM 0:00.09 /usr/libexec/crashreporterd
mobile 18 0.0 1.4 284764 1632 ?? Ss 8:56AM 0:00.86 /System/Library/Frameworks/IAP.framework/Support/iapd
root 19 0.0 0.7 273732 880 ?? Ss 8:56AM 0:01.69 /usr/sbin/mDNSResponder -launchd
root 20 0.0 1.1 284208 1296 ?? Ss 8:56AM 0:01.25 /usr/libexec/lockdownd
root 21 0.0 0.4 274000 432 ?? Ss 8:56AM 0:07.57 /usr/sbin/syslogd
root 22 0.0 0.2 264644 276 ?? Ss 8:56AM 0:00.66 /usr/sbin/update
mobile 23 0.0 0.7 273576 792 ?? Ss 8:56AM 0:00.12 /usr/libexec/ptpd -t usb
mobile 24 0.0 1.7 290148 2072 ?? Ss 8:56AM 0:03.31 /usr/sbin/mediaserverd
root 26 0.0 0.4 273456 428 ?? Ss 8:56AM 0:01.14 /usr/sbin/notifyd
mobile 64 0.0 2.0 309600 2340 ?? S 9:36AM 0:00.93 /Applications/MobilePhone.app/MobilePhone –launchedFromSB –firstLaunch –
mobile 65 0.0 2.5 309112 2940 ?? S 9:36AM 0:02.78 /Applications/MobileMail.app/MobileMail –launchedFromSB –firstLaunch –su
root 81 0.0 7.8 315532 9324 ?? S 9:43AM 0:37.71 /Applications/Installer.app/Installer –launchedFromSB
mobile 82 0.0 12.7 321948 15036 ?? S 9:45AM 0:21.86 /Applications/MobileSafari.app/MobileSafari –launchedFromSB
root 97 0.0 0.6 273276 764 ?? S 9:54AM 0:00.81 /usr/sbin/sshd -i
root 98 0.0 1.0 274168 1164 p0 Ss 9:54AM 0:00.14 -sh
root 100 0.0 0.3 272876 332 p0 R+ 9:54AM 0:00.01 ps aux
Why was the iPhone architected like this, I asked Dr. Miller? His reply: “I think they did it that way because it was the easiest and quickest way to do it. They had a deadline, they had a great product and they wanted to get it out the door and start making money. Clearly, by not running things as root, they are going back and trying to make the things more secure now that the phones are out and in use. However, adding security after the fact if much more difficult (and expensive) then designing it in from the start.”
free viagra
buy viagra online
generic viagra
how does viagra work
cheap viagra
buy viagra
buy viagra online inurl
viagra 6 free samples
viagra online
viagra for women
viagra side effects
female viagra
natural viagra
online viagra
cheapest viagra prices
herbal viagra
alternative to viagra
buy generic viagra
purchase viagra online
free viagra without prescription
viagra attorneys
free viagra samples before buying
buy generic viagra cheap
viagra uk
generic viagra online
try viagra for free
generic viagra from india
fda approves viagra
free viagra sample
what is better viagra or levitra
discount generic viagra online
viagra cialis levitra
viagra dosage
viagra cheap
viagra on line
best price for viagra
free sample pack of viagra
viagra generic
viagra without prescription
discount viagra
gay viagra
mail order viagra
viagra inurl
generic viagra online paypal
generic viagra overnight
generic viagra online pharmacy
generic viagra uk
buy cheap viagra online uk
suppliers of viagra
how long does viagra last
viagra sex
generic viagra soft tabs
generic viagra 100mg
buy viagra onli
generic viagra online without prescription
viagra energy drink
cheapest uk supplier viagra
viagra cialis
generic viagra safe
viagra professional
viagra sales
viagra free trial pack
viagra lawyers
over the counter viagra
best price for generic viagra
viagra jokes
buying viagra
viagra samples
viagra sample
cialis
generic cialis
cheapest cialis
buy cialis online
buying generic cialis
cialis for order
what are the side effects of cialis
buy generic cialis
what is the generic name for cialis
cheap cialis
cialis online
buy cialis
cialis side effects
how long does cialis last
cialis forum
cialis lawyer ohio
cialis attorneys
cialis attorney columbus
cialis injury lawyer ohio
cialis injury attorney ohio
cialis injury lawyer columbus
prices cialis
cialis lawyers
viagra cialis levitra
cialis lawyer columbus
online generic cialis
daily cialis
cialis injury attorney columbus
cialis attorney ohio
cialis cost
cialis professional
cialis super active
how does cialis work
what does cialis look like
cialis drug
viagra cialis
cialis to buy new zealand
cialis without prescription
free cialis
cialis soft tabs
discount cialis
cialis generic
generic cialis from india
cheap cialis sale online
cialis daily
cialis reviews
cialis generico
how can i take cialis
cheap cialis si
cialis vs viagra
levitra
generic levitra
levitra attorneys
what is better viagra or levitra
viagra cialis levitra
levitra side effects
buy levitra
levitra online
levitra dangers
how does levitra work
levitra lawyers
what is the difference between levitra and viagra
levitra versus viagra
which works better viagra or levitra
buy levitra and overnight shipping
levitra vs viagra
canidan pharmacies levitra
how long does levitra last
viagra cialis levitra
levitra acheter
comprare levitra
levitra ohne rezept
levitra 20mg
levitra senza ricetta
cheapest generic levitra
levitra compra
cheap levitra
levitra overnight
levitra generika
levitra kaufen
Posted by Leander Kahney in Software, iPhone | Comment on this article
How is this different from the Mac OS X desktop running all of the user’s apps under the privileges of that one user?
All else being equal, additional segmentation (as in Android) sounds good, but is this a real issue, or is just another in the long line of articles trying to piggy-back on iPhone popularity for the purposes of self-promotion?
JoeP, on February 27th, 2008 at 10:57 am
My Mac doesn’t run every application as an individual user and that is considered secure. It is by design that an application can access the data of another e.g. the maps application accessing the phone application. Running as separate users would seem to require the removal of that kind of functionality which is what Dr Miller suggests.
Dr Miller admits he hasn’t tested the attack he is suggesting therefore, I am not sure it is correct to make comments about the iPhone security purely based on a comparison to the user/application model used between iPhone and Android. It doesn’t seem valid since the model used in the iPhone seems to be similar to the OSX model which is considered pretty secure by most standards.
RM, on February 27th, 2008 at 11:04 am
Flawed? Get off your high horse and get real. That’s why Apple has insisted no one hack their phone and hasn’t released the SDK until their ready. Any developer writing iPhone apps already know about this ‘flaw’ and as your own article reports, there slowly working towards higher security and public applications.
Do the internet a favor and read Steve Job’s statement on iPhone security and stop wishing that the world could be like what you want in your head. There are many developers still working on the iPhone and they still need time to work. By writing articles like this it only makes your site look foolish and ignorant, or possibly that your being paid by google to write bad iPhone news. There is already enough bad reporting out there.
aaron, on February 27th, 2008 at 3:36 pm