With iPhone launch, a hacker's to-do list

The hacking community is ready pounce on the iPhone, looking for flaws.

When Apple introduced the latest version of its Safari browser two weeks ago, it took the hacking community just hours to start reporting bugs in the beta code. On Friday, the iPhone is likely to get even closer scrutiny from many of the same security researchers. Here's a list of the top items on the typical iPhone hacker's to-do list.

1) Fuzz the Web browser

Apple has made it clear that if you're an independent software developer that wants to write programs for the iPhone, you're going to have to write Web applications rather than software that runs on the iPhone itself. And as the introduction of the Safari 3.0 beta showed last week, Web browser flaws are easy to find.

Security researcher Tom Ferris says he's paid someone to stand in line for him in order to get an early crack at the iPhone. He believes that the iPhone's Safari browser will be similar to the 3.0 beta. And thanks to the iPhone's Wi-Fi support, he expects to be able to run "fuzzing" software that can bombard the iPhone with data over his local network, looking for errors that will cause it to crash.

Ferris says that Safari's support of the Scalable Vector Graphics (SVG) language and the Portable Document Format may provide other avenues for Web attacks. "I'm ready to go," Ferris said. "I've already found some SVG bugs in OS X."

Hackers like Ferris said they discovered nearly 20 bugs in Safari, just hours after the 3.0 release. How many of those will cause the iPhone browser to crash is unclear, but the bigger question is whether or not they will lead to malicious code that the bad guys can actually run on the iPhone.

2) Find a way to debug

Because it wants non-Apple applications to run through the browser, rather than on the iPhone itself, Apple isn't releasing software development tools for its new phone. From a security perspective, this may actually be good news for iPhone users because without any debugging software to tell them what's really going on inside the computer's memory, it will be hard for hackers to develop malicious exploit code to run on the platform. So most iPhone bugs won't do much more than crash the browser.

Though sophisticated hackers could conceivably develop debugging tools for the iPhone it will take more time for real threats to emerge, said Marc Maiffret, chief technology officer with eEye Digital Security. "What you end up having to do is hardware-based debugging which requires physically taking apart the iPhone and using specialized... equipment," he said. "This raises the bar on being able to successfully execute code and hack an iPhone."

3) Take a close look at iPhone's networking technologies

David Maynor, the chief technology officer of Errata Security, made headlines (and enemies in the Mac community) last year by claiming to have discovered wireless bugs that affected the Macintosh. He says that the iPhone's wireless stack is one of the first things that he will be looking at Friday. "I have yet to meet a driver that hasn't had bugs, " he said.

But Maynor is also interested in taking a look at how the iPhone uses Bluetooth, which has been a common source of security problems in other devices.

Because Apple hasn't previously developed its own mobile phone, there is bound to be lots of new and possibly buggy networking code in the device. "One of the things we'll look at as well is the new code that will have to be developed for a phone platform," said Neel Mehta, a researcher with IBM Corp.'s Internet Security Systems division. "With any piece of new code there's always a risk that there could be vulnerabilities in it."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?