Tuesday, July 22, 2014

iPhone back doors - Apple supplies the tools to hack your phone, and you'll never know.

While I believe the iPhone is more secure than android, that's sort of damming with faint praise.  Neither phone is secure.

Here's a recent article by a computer forensics guy about the API in iOS that let's people with the know how, log into your phone and download - well pretty much everything, including stuff you can't access yourself - all with out a password.

So how does apple protect this rather massive security hole in their system - which they put there, on purpose - they don't document it.  Yeah, that helped a lot.  

What we need is a new OS, open sourced, built with the following priorities.

Security
Portability
Cross Platform development tools
Size/Speed
Extensibility

I'm not sure if you could start with any existing OS, as none of them were designed with Security as the primary design criteria.

Each and every decision made needs to be evaluated for potential security issues.  There are hurdles, big ones.   I'm not sure it's possible given the linkages between existing processors, bluetooth, and wifi.  Starting with a new hardware platform would be better, but unless someone has a few spare billion laying around to start a new phone company....  You'd have to source a processor from your own manufacturing to be sure they didn't build back doors into the chip itself, and work your way up. No Chinese made processors, or hardware.  No NSA involvement - and how do you filter out the NSA spies from the development team?   Yeah, I'm not sure either.

Sadly, security ultimately relies on human beings an frankly - that's not a very trustworthy foundation to build anything on.


No comments:

Post a Comment