iPhone security not perfect, but still beats most

The biggest "security" stories spun off from the release of Apple's iPhone 5 earlier this month were about managing crowds and riots. Here's what you might have missed on the real security front.

By , ITworld |  Mobile & Wireless

One would certainly be safe in stating that security wasn't an area of intense investment for Cupertino-based Apple this time around. The most oft-rumored security feature for the phone: a biometric finger scanner, never made it into the iPhone 5. This, even after Apple bought Authentec, the company that made the top mobile device finger scanner. In most other areas, Apple's iPhone 5 and iOS 6 operating system carried over security features from earlier iPhone editions, many without substantial changes. In its press materials and technical specifications for the iPhone 5, Apple touts iOS's built-in security features including strong passwords, data encryption both at rest and in transit, as well as a myriad of features to limit hackers' access to core operating system elements, such as application sandboxing, address space layout randomization and data execution prevention. What it doesn't mention is that all of them are legacy features. Address space layout randomization (ASLR), for example, was released with iOS 4.3, for example, which came out in 2011.

Does that mean iOS and iPhone 5 are hacker-proof already? Sadly, no. In fact, The iPhone 5's design team missed an easy one: allowing anyone to use the phone's Siri voice recognition feature to send Twitter messages and Facebook posts without first unlocking the device. Oops.

More significant: two Dutch security experts from the security firm Certified Secure in the Hague demonstrated a working exploit for a zero-day vulnerability in Webkit on an iPhone running iOS 6 on the same day that Apple's CEO was unveiling his new phone in downtown San Francisco. The exploit could be used to steal sensitive information from the system. There's no way to know if it will work on an iPhone 5, but the researchers certainly seem to think that's possible; they've turned over the exploit to TippingPoint's Zero Day Initiative.

So iPhone 5 and iOS aren't perfect on security. But ask a security expert – even one who has defeated the iPhone's many layers of security features – and they'll tell you they're pretty good. In fact, The Dutch team that bested iOS6 still took time to sing the OS's praises after the fact.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Mobile & WirelessWhite Papers & Webcasts

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness