“Cybercriminals and hackers will always be one step ahead of
developers.”
This is the mantra you tend to hear regularly spouted by top
security experts. The idea, of course, is that as soon as new security
technology becomes available, someone will immediately break it, leaving
developers and security gurus in a frustrating reactionary state.
And this concept couldn’t have been better demonstrated than
it was this past week when some Dutch researchers developed a hack for the iPhone
5… days before its release.
The researchers developed the hack using a developer model
of iOS 6 to test their methods, which means the same vulnerability is present
on the official iPhone 5 release.
"It took about three weeks, starting from scratch, and we were only working on our private time," says Joost Pol (photo left), CEO of Certified Secure, a nine-person research outfit based in The Hague. Pol and his colleague Daan Keuper used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a "clean, working exploit." [ZDNet]
The hack earned the team a $30,000 cash prize at the Pwn2Own
contest.
But despite the early security breach, the developers
contend that the new iPhone is not only a very secure device, but the safest
mobile device available in today’s market. Unfortunately, that’s not saying
much when it took only three weeks to hack it.
"We really wanted to show that it is possible, limited
time, with limited resources, to exploit the hardest target. That's the big
message. No one should be doing anything of value on their mobile phone,"
Pol said. “It's important for people to understand, especially businesses, that
mobile devices should never be used for important work."
We couldn’t agree more.
No comments:
Post a Comment