RSS Alerts

Share

More services

Related Links

Related Stories

  • Learn about how to protect against data-stealing malware
    Data-stealing malware that can evade current security systems could cause serious harm to an enterprise. Trend Micro’s eBook ‘Outthink the Threat’ offers information on data-stealing malware and how to fight it.
  • Tufin Technologies launches open API security initiative
    Tufin Technologies has announced a policy and security network API (application programming interface) initiative and has enlisted the support of several IT security vendors for the program.
  • Six out of ten employees steal company data
    A study of US workers has revealed that six out of every ten employees surveyed stole company data upon leaving their job in the last year.
  • Batten down the hatches
    Due to the horrifying quantity of vulnerabilities, and often limited time and budget, application and database security can be quite a headache. Limiting privileges and access, however, is a good place to start, finds Danny Bradbury
  • Proof-of-concept malware sneaked onto Apple iTunes; developer given the axe
    When is a flaw not a flaw? When it's a feature of the operating system, it seems, as serial Apple Mac cracker Charlie Miller has tapped a feature of Apple's portable operating system and created an iPhone/iPad app that allows almost complete remote access to the device.

Top 5 Stories

News

iPhone forensics specialist reveals iPhone flaws on YouTube

28 July 2009

Jonathan Zdziarski, a data forensics specialist, has come up with a novel way of explaining iPhone security flaws by posting how-to videos on the YouTube video portal.

In a couple of videos, which Zdziarski says have been posted to show that the iPhone 3GS - the latest version of the popular Apple mobile - is unsuitable for enterprise usage, he highlights the flaws.

One of them, Infosecurity notes, shows how an attacker can remove a passcode and get to data on the device.

"Now law enforcement has all of the tools that they need to be able to do this," he said in the video.

"The problem is the bad guys also do too. So while this is good for forensic purposes, it's also quite terrible for the rest of us in terms of our own private security," he added.

In the second YouTube video, he showed how a hacker can use software tools to download a raw `disk image' from the handset, that could provide personal information, deleted voice mails and other data.

The irony of Zdziarski's videos is that Apple is promoting the new version of the iPhone - which includes hardware encryption as standard - as suitable for enterprise deployments.

 

This article is featured in:
Application Security • Internet and Network Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012