[FoRK] iPad and Security

Michael Cummins michael at i-magery.com
Wed Apr 7 11:03:06 PDT 2010


Another interesting article today, this one from Sword and Shield Enterprise
Security.  Some interesting quotes below.  The last bit there makes me
wonder if the Chrome/Android pads to come will be more secure than the
Safari based iPad of today.  "Violating Privacy? There's an App for That"

MEC


http://www.sses.net/2010/04/07/apple-ipad-and-security-vs-freedom/

Roundtable: Apple iPad and Security vs. Freedom

"Kyle Bubp, Systems Engineer, notes that the iPad was rooted less than 24
hours after its release. 'Like the earlier technique, it is believed to use
a browser-based exploit as part of a trick to get root access and let
unsigned apps run on the tablet.' "


"I'd challenge the view that a closed system buys you any more security. I
think it is a dangerous misnomer. As noted by Nicolas Seriot, a Swiss iPhone
security researcher, apps with hidden agendas have already made it through
Apple's review process, and were pulled until the companies cleaned up their
apps. One game was uploading all the iPhone's contacts to the developer's
server, and another was sending iPhone owner data back to the sales
department so that they could "upsell" users who downloaded their app."


"Any security added by having an App Store is only as good as the App
Store's ability to detect and reject malicious code. It seems to me,
personally, that the App Store review team is more concerned with rejecting
competition (read:Google) than detecting and rejecting malicious apps."


"I do agree that the iPad is more secure than a general purpose computing
platform. But bear in mind that although the iPad is a closed system, it
still uses Safari as the Web browser. For the past couple of years, hacking
competitions have shown that the Safari Web browser was the first to fall
when matched up against IE, Firefox, and Chrome."

"And the second browser hacked at this year's Pwn2Own? Safari running on Max
OS X. IE and Firefox later fell. For the second year in a row only Google
Chrome remained 'unhacked.' "





More information about the FoRK mailing list