Top stories

Journalists Cover Microsoft, Using Macs

It’s not an easy time for Microsoft — with Steve Ballmer having to field questions about being “buffoons” and an “evil empire”  at the shareholder’s meeting (.doc) — so when they get together “the world’s most influential technology pundits and online writers” (nb: we weren’t invited) for Mobius to discuss super-secret mobile tech you’d think [...]

Guide To Black Friday Apple Bargains: Cheap MacBooks, iPods and Accessories Galore

Here’s a guide for finding the best bargains on Apple-related gear during the infamous Black Friday sales on November 27. We’ve compiled a comprehensive list of gear from leaked photos of sales flyers and descriptions of sales.
The bargains include a 2.26 GHz MacBook + $150 gift card at Best Buy for $999.99 ; a 32GB [...]

Review: Voices Is Today’s Best Thing Ever, Grab It Now While It’s Cheap

New on the App Store is Voices from the clever folk at Tap Tap Tap. You can guess what it does.

Open it up, pick a silly voice. Helium is pretty silly. A microphone appears and the app even clears your throat for you (try it, you’ll see what I mean). Now speak your brains, and [...]

Review: Sony Walkman S540 Series Video MP3 Player

Press releases, you will hardly be surprised to hear, are rarely very interesting. But one arrived in my inbox a couple of weeks ago that made me double-take.
“Sony’s S Series Walkman,” it chattered, “is a serious challenger to the iPod Nano.” Gosh, really? Perhaps the Cult had better have a look at one, then, despite [...]

Confirmed: iPhone Security Better, But Still Not Perfect

10:39 am, February 27th, 2008, Leander Kahney

charlesmiller1.jpg

Picture: Kitra Cahana/The New York Times

I’ve confirmed that the iPhone no longer runs software applications as “root” — but the iPhone is still insecure, a security expert says.

As reported on Wired.com, the iPhone used to run all software applications as “root” until recently, a flawed architecture that could give hackers complete control of the device. If hackers found a hole in any application, they could take over other functions, using the iPhone to make calls, take pictures or read and send email.

But last month Apple released a firmware update, version 1.1.3, that put most of the major applications in a new account called “mobile.”

While this is better than running all applications in root, it still lumps the applications together, which doesn’t much improve things: The same vulnerability still exits. If any one application is compromised, they are all vulnerable — and the iPhone can still be taken over, says Charlie Miller, principal analyst of software security at Independent Security Evaluators.

Dr. Miller was one of the first security experts to document the iPhone’s flawed architecture.

In a response to an email query sent yesterday, Dr. Miller writes:

Actually, the important apps have not been running as root at least since 1.1.3. See below. This is obviously better than running everything as root.

However, now they seem to run everything unimportant as the user “mobile”.

This doesn’t really solve their security problems because, for example, someone gaining access through a web server attack will still be able to access emails, dial the phone, etc. (At least it appears this way, I haven’t verified this).

A better approach would have been one like the folks at Google took with their Android SDK.

There, every application runs as a separate user in their own directory.

Therefore, each application cannot access the data of another application without the system having explicitly been told to allow it.

In the above example, an attacker who gains access to an Android phone through the web browser could only access things the web browser deals with, such as bookmarks.

They would not have access to mail contacts, saved messages, SMS messages, etc. (at least without doing a second type of attack).

Hope that helps.

Charlie

# uname -a
Darwin Charlie Miller’s iPhone 9.0.0d1 Darwin Kernel Version 9.0.0d1: Wed Dec 12 00:16:00 PST 2007; root:xnu-933.0.0.211.obj~2/RELEASE_ARM_S5L8900XRB iPhone1,1 unknown # ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
mobile 62 2.8 20.3 325440 24080 ?? Ss 9:36AM 1:15.31 /System/Library/CoreServices/SpringBoard.app/SpringBoard
root 1 0.0 0.4 272956 444 ?? Ss 8:56AM 0:01.06 /sbin/launchd
mobile 12 0.0 1.4 286128 1604 ?? Ss 8:56AM 0:00.37 /usr/sbin/BTServer
root 13 0.0 1.3 282168 1556 ?? Ss 8:56AM 0:03.43 /System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter
root 16 0.0 1.3 275864 1516 ?? Ss 8:56AM 0:15.53 /usr/sbin/configd
root 17 0.0 0.5 273404 592 ?? Ss 8:56AM 0:00.09 /usr/libexec/crashreporterd
mobile 18 0.0 1.4 284764 1632 ?? Ss 8:56AM 0:00.86 /System/Library/Frameworks/IAP.framework/Support/iapd
root 19 0.0 0.7 273732 880 ?? Ss 8:56AM 0:01.69 /usr/sbin/mDNSResponder -launchd
root 20 0.0 1.1 284208 1296 ?? Ss 8:56AM 0:01.25 /usr/libexec/lockdownd
root 21 0.0 0.4 274000 432 ?? Ss 8:56AM 0:07.57 /usr/sbin/syslogd
root 22 0.0 0.2 264644 276 ?? Ss 8:56AM 0:00.66 /usr/sbin/update
mobile 23 0.0 0.7 273576 792 ?? Ss 8:56AM 0:00.12 /usr/libexec/ptpd -t usb
mobile 24 0.0 1.7 290148 2072 ?? Ss 8:56AM 0:03.31 /usr/sbin/mediaserverd
root 26 0.0 0.4 273456 428 ?? Ss 8:56AM 0:01.14 /usr/sbin/notifyd
mobile 64 0.0 2.0 309600 2340 ?? S 9:36AM 0:00.93 /Applications/MobilePhone.app/MobilePhone –launchedFromSB –firstLaunch –
mobile 65 0.0 2.5 309112 2940 ?? S 9:36AM 0:02.78 /Applications/MobileMail.app/MobileMail –launchedFromSB –firstLaunch –su
root 81 0.0 7.8 315532 9324 ?? S 9:43AM 0:37.71 /Applications/Installer.app/Installer –launchedFromSB
mobile 82 0.0 12.7 321948 15036 ?? S 9:45AM 0:21.86 /Applications/MobileSafari.app/MobileSafari –launchedFromSB
root 97 0.0 0.6 273276 764 ?? S 9:54AM 0:00.81 /usr/sbin/sshd -i
root 98 0.0 1.0 274168 1164 p0 Ss 9:54AM 0:00.14 -sh
root 100 0.0 0.3 272876 332 p0 R+ 9:54AM 0:00.01 ps aux

Why was the iPhone architected like this, I asked Dr. Miller? His reply: “I think they did it that way because it was the easiest and quickest way to do it. They had a deadline, they had a great product and they wanted to get it out the door and start making money. Clearly, by not running things as root, they are going back and trying to make the things more secure now that the phones are out and in use. However, adding security after the fact if much more difficult (and expensive) then designing it in from the start.”

Posted by Leander Kahney in Software, iPhone | Comment on this article

About the author

Leander Kahney

Leander Kahney is senior editor of Cult of Mac, editor of two books about technology culture, Cult of Mac and Cult of iPod, and has written for Wired, MacWeek, Scientific American, and The Observer in London. Follow Leander on Twitter @lkahney and Facebook.

Email the author | Read more posts by Leander Kahney.

Related posts from Cult of Mac

3 comments

    How is this different from the Mac OS X desktop running all of the user’s apps under the privileges of that one user?

    All else being equal, additional segmentation (as in Android) sounds good, but is this a real issue, or is just another in the long line of articles trying to piggy-back on iPhone popularity for the purposes of self-promotion?

    JoeP, on February 27th, 2008 at 10:57 am

    My Mac doesn’t run every application as an individual user and that is considered secure. It is by design that an application can access the data of another e.g. the maps application accessing the phone application. Running as separate users would seem to require the removal of that kind of functionality which is what Dr Miller suggests.

    Dr Miller admits he hasn’t tested the attack he is suggesting therefore, I am not sure it is correct to make comments about the iPhone security purely based on a comparison to the user/application model used between iPhone and Android. It doesn’t seem valid since the model used in the iPhone seems to be similar to the OSX model which is considered pretty secure by most standards.

    RM, on February 27th, 2008 at 11:04 am

    Flawed? Get off your high horse and get real. That’s why Apple has insisted no one hack their phone and hasn’t released the SDK until their ready. Any developer writing iPhone apps already know about this ‘flaw’ and as your own article reports, there slowly working towards higher security and public applications.

    Do the internet a favor and read Steve Job’s statement on iPhone security and stop wishing that the world could be like what you want in your head. There are many developers still working on the iPhone and they still need time to work. By writing articles like this it only makes your site look foolish and ignorant, or possibly that your being paid by google to write bad iPhone news. There is already enough bad reporting out there.

    aaron, on February 27th, 2008 at 3:36 pm

Buy Inside Steve's Brain Buy from Amazon.com Buy from Barnes & Noble