“Technology fetishists aren’t the only folks itching to get their hands on an iPhone. Hackers want to play with Apple Inc.’s new toy, too,” Robert McMillan reports for IDG News Service. “Within hours of Apple’s iPhone unveiling on Tuesday, the iPhone was a hot topic on the Dailydave discussion list, a widely read forum on security research.”
McMillan reports, “In an e-mail interview, one of the hackers behind the ‘Month of Apple Bugs’ project, which is disclosing new Apple security vulnerabilities every day for the month of January, said he ‘would love to mess with’ the iPhone. ‘If it’s really going to run OS X, [the iPhone] will bring certain security implications, such as potential misuses of wireless connectivity facilities [and] deployment of malware in a larger scale,’ the hacker known as LMH wrote in an e-mail. He declined to provide his real name… ‘This is all speculation right now, until a technical specification is released by Apple on its features and technology,’ he added.”
McMillan reports, “David Maynor is another security researcher interested in the iPhone. Maynor’s videotaped demonstration of a MacBook being hacked over a wireless network received widespread attention at last year’s Black Hat USA conference, although Maynor and his co-presentor were later criticized for the way they presented their research. They demonstrated these flaws using a third-party wireless card rather than the one that ships with the MacBook, and they still have not published the code they used. ‘I can’t wait to get one,’ said Maynor, who is chief technology officer at Errata Security LLC. ‘There’s already a lot of discussion going on, and it’s not coming out for another six months. People are salivating over it.'”
Full article here.
Perhaps McMillan should next interview Rob Glaser and Steve Ballmer about the health benefits of a good diet and regular exercise?
“…If you watch those ‘Get a Mac’ commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette…” – David Maynor, August 02, 2006
Related article:
The massive FUD campaign against Apple’s iPhone ramps up – January 10, 2007
Daring Fireball’s Gruber doubles reward offer to ‘60-second MacBook hijackers’ challenge – September 05, 2006
Daring Fireball’s Gruber issues public challenge to ‘60-second MacBook hijackers’ – September 01, 2006
The curious case of the supposed Apple MacBook Wi-Fi hack – August 21, 2006
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
It may be speculation, but it’s where my head’s been at with the phone since Steve said it runs OS X.
I´been using Mac OS X since the first version with out antivirus, Why should I get worry about OS X security in a smaill device that does not have all the OS X applications?
As far as Malware is concerned, Mac OS doesn’t have any, so whats the likyhood of the iPhone running the same OS have of getting Malware?
… Exactly…. none…
Viktor
becasue the purpose of that small device is to connect to the world in as many ways as possible and therefore -if you let the world in …
They haven’t managed to hack OSX on a mac. So, it is hard to believe that they would have any better luck with a reduced version on a mobile phone. If they are so skilled shouldn’t we be bombarded with stuff on OSX at this very moment? I smell FUD.
Speaking of Month of Apple Bugs, were they only able to find 1 and 2 quarters bugs? They seemed to stop after day 3.
I’d like to stick a lit cigarette in the eye of asshats like Maynor and other blackhatters mentioned in the above article!
<sarcasm> for those who don’t get it.
Yeah, Month of Bugs seems to have morphed into ‘Month of Bugger All’
Yea the month of bugs has only come up with 2 and none of those are really anything that I would be concerned with. The last one wasn’t even to do with Apple it was VLC player. They already released an update for that too.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Were 15 days into January and they could only find two worthless meaningless bugs. I think that shows just how good OSX really is.
Mom! I’m out of Cheetos and Mountain Dew! Can you bring more down to the basement?
Get your fat ass up and get it yourself. You’re 34, for christsake. Get a job!
How many of those buying an iPhone will be using it as a portable computer?
How many phones run their own firewall?
If you can’t crack OSX on the desktop, why try the phone? (this isn’t Win’lite, y’know)
Where’s all those “security through obscurity” types?
Yes. They will try. They are a trying lot.
Yes, they may actually succeed. The same day they crack OSX.
This is a tempest, this is a teapot, insert one into the other and release it to the press.
DLMeyer – the Voice of G.L.Horton’s Stage Page
Much ado about nothing.
Some of these journalists give the impression that they want to see OS X hacked and infested with malware. I guess to make themselves feel better about having chosen Windows and they want to share the misery.
From an objective point of view, I must admit that it is likely possible to create malware for OS X. The fact that it has not happened in the wild is a thundering statement of the Mac’s security. And yet, out media whores can only dream of the day when the world’s most secure operating system is hacked, so they can write a told-you-so article. Pathetic.
My source here tells me that the first thing he does is u.. uhhmmm… hack the iPhone! And I tell you folks…he’s is the best….he is the mean, lean, south-dutch hackin machine with no mercy….and I tell you…stock will fall like shit from a cows ass and above all: I, myself and I will be the first publishere of the book ” How to hack the iPhone” …well sort of, I am not sure about th title….second choice “How to tell a great pile of M$ smelling bullshit and making money with it”…..so….dillemma.. argghhh. Anyway, I will tell the news as soon as it comes from my very very reliable source. Oh yeah, his nickname is “BWMTS” (Bill wants more so i talk shit)……
cheers,
MacB Netherlands.
The Month of Apple Bugs project has released a bug announcement each day January. Their list stands at 14 now. They haven’t stopped although today’s bug does seem to be pretty late in coming. Now whether each bug is an Apple/Mac bug is up for debate. See this page for their list.
http://projects.info-pull.com/moab/
like i said, this is exactly why you can’t run ANY 3rd party apps on the iPhone..
Apple will just have to screen Apps before loading them for sale on iTS, or dl from Apple’s website..
Drool drool drool..
Assh*les like that think they are BIG frogs in a little teeny weeny pond. Both of them have tried and failed spectacularly. Neither has any credibility. Surprised, actually, that they are still willing to show their faces in the hacker community.
I call this Maynor guy as dangerous. He needs monitoring.
“Hackers ‘salivating’ over Apple’s iPhone”
That’s a good way to get one dirty.
And don’t be asking to use mine.
Now go empty your drool bucket!
How come MDN Stopped publishing the Apple bug of the Day?
The Magic word: What “happened”
this is completely unrelated to the “vulnerabilities” etc…
But I’ve been thinking about the lack of click wheel on the iPhone. I wonder if it’s possible for a mini click wheel around the home button just for scrolling. And if it is possible, why don’t they do it. As much as I think the touch screen is cool, I hate finger prints and the action of going around in circles infinitely is more appealing to me.
Month of Apple Bugs… ahhh yes I remember – the soft twat who goes by the handle of LMH (Little Maggot Head maybe?) and says he has the skills to pay the bills by revealing terrible flaws in OS X.
LMH, I’m waiting. Come on boy, where’s the beef?
Do you really think Apple are going to release a phone, that Steve Jobs has said they’ve been working on for 2 and a half years, without making it ultra secure. Does LMH think he’s more intelligent than the entire lab department at Apple HQ? Is he really just a disgruntled Apple Genius who was fired for downloading Leopard from BitTorrent?
I think this is 10 pounds of hogwash in a five-pound bag.
MW: whether. Whether or not LMH is a disgruntled ex-employee is irrelevant. He is however, punching well above his weight and needs to stop spouting his crap before he’s caught and jailed for being an irresponsible idiot.
The ‘Month of Apple Bugs’ hasn’t gone away, it just hasn’t gotten any significant press, apparently.
I’m no debugging or security expert, so I can’t comment on the validity of LMH’s code, although others have done so.
I CAN tell you from the website, that of the 14 issues presented to date:
2 of them can’t do anything but crash your system.
4 of them are not Apple flaws, but 3rd party vendor software bugs, such as OmniWeb, VLC Media Player, etc.
Only 5 of the 14 seem to be really serious issues – 2 with Quicktime (including the much-publicized bug that plagued MySpace recently), and 3 with Disk image files.
While it is worth noting that known workarounds are being included on the bottom of the page for each bug (lending just a hint of responsibility and maturity to the pages) this is probably more than balanced by the juvenile graphics showing various ‘shredded’ or ‘cored’ apples, and one page including the infamous drawing of the Unabomber. CLASSY.
McMillan should also interview Ballmer on the virtues of anti-perspirant.
Boom