Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Apple's iOS Went From Insecure To Most Secure

Posted by ryuzaki0 on from the shaking-in-my-boots dept.

GMGruman writes "There's no such thing as a perfectly secure operating system, but security experts agree — somewhat grudgingly in some cases — that iOS, Apple's mobile operating system, is the most secure commercial OS today, mobile or desktop. It didn't start that way of course, and Robert Lemos explains what Apple did to go from insecure to most secure."

17 of 312 comments (clear)

  1. Frist to get jailbroken... by Anonymous Coward · · Score: 5, Insightful

    Wait... aren't we talking about the same iOS that gets jailbroken like clockwork still?

    1. Re:Frist to get jailbroken... by poetmatt · · Score: 4, Informative

      not only that, but the comments are hilarious as are the arguments:

      * A sandbox isolates programs, and iOS's memory organization makes exploitation more difficult.
              * Applications that run on the iOS are vetted by Apple and can be removed if found to be malicious.
              * Patches can be quickly applied to the iPhone and iPad to close security holes in the operating system.
              * The software is regularly reviewed, especially its open source components.
              * The platform has the advantage of attacker psychology -- attackers still target smartphones far less than desktop systems.

      This is hilarious, considering that the sandbox is the only true thing. Patching is known to break things continually (and done to break things - hello anti-jailbreak?), apple doesn't vet third party apps - you think they vet the browsers or MS office on mac? Said things are open and known security breaches. Same argument can be made for microsoft and google's first party apps being vetted (no shit) on that, and I'm not even a microsoft fan.
      Attacker psychology? What joke of a phrase is that? That's as anecdotal as it gets.

      So in summary, the thing apple does right is put things in a sandbox. that is all. Infoworld sure does have a hardon for apple sometimes.

    2. Re:Frist to get jailbroken... by MrCrassic · · Score: 5, Interesting

      Considering that the last major jailbreak used a PDF rendering exploit in Safari to allow users to jailbreak their devices online, which requires modifications to files in system directories, I'd highly beg to differ.

      And while jailbreaks for iOS happen for almost every point release, they are getting tougher and tougher to find (as in it takes the dev-team more and more time to find a patch).

    3. Re:Frist to get jailbroken... by Enry · · Score: 5, Funny

      Jailbreaking is not really a security problem. Firstly, because "jailbreaking" just means allowing unsigned code to run.

      Why don't you re-read that and tell me where your logic flaw is.

    4. Re:Frist to get jailbroken... by EraserMouseMan · · Score: 3, Insightful

      It's amazing how people lose all objectivity when they've fallen for Apple. Love is blind. The fact is that they love their Apple gear so much they love it and discount all flaws and shortcomings and never stop begging for more.

    5. Re:Frist to get jailbroken... by PopeRatzo · · Score: 3, Insightful

      the article is claiming iOS is the most secure because of the gated app store.

      Ah, there it is. Just a few stories ago, there was the headline about Apple putting some desktop and laptop machines behind the walled garden and maybe phasing out OSX altogether.

      And then..."iOS is the most secure".

      You can start to see the outline of a marketing campaign that will convince people that they really don't need to have anything on their Mac that didn't come from Apple, one way or another.

      As a long-time Mac user and owner of several Mac Pro and MacBook Pro machines, I find this transformation of "machines to make things with" to "machines you can consume content with" quite offensive. It may be good business for Apple, and good for Apple shareholders, but for the future of personal computing for people who don't use Windows or Linux, it kind of sucks.

      --
      You are welcome on my lawn.
  2. An ultimately secure OS by dmt0 · · Score: 5, Funny

    An ultimately secure OS would be the one that does not do anything at all. No inputs and no outputs. Perhaps iOS is closer to that ideal than any other.

    1. Re:An ultimately secure OS by Flyerman · · Score: 3, Funny

      The Ultimate Machine: http://www.youtube.com/watch?v=Gw2Bq0HYu1M

  3. Agreed. by Anonymous Coward · · Score: 3, Funny

    Sent from your iPhone.

  4. Grudging by Altus · · Score: 4, Insightful

    Any expert that holds a grudge like that is no expert I ever care to hear from.

    --

    "In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson

  5. Security is a big selling point by elrous0 · · Score: 4, Insightful

    Apple is going after the market of users who are sick of dealing with security issues/malware/etc. They've done it by created a closed system. And while us geeks hate that, it has a strong appeal to most people. When they go to a closed system on Mac's (and they will), that's who they're going to be appealing to. "Buy a computer where all your software is pre-screened through our App Store and you don't have to worry about viruses" is a powerful (and potentially very profitable) message in a time when malware and assorted hacks have become so common.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Security is a big selling point by kevinmenzel · · Score: 3, Insightful

      Agreed - the eventual limited machines... "consoles" essentially, though for 'work' instead of 'games', will be quite popular. Which does kind of suck for geeks, because our specialty hardware will no longer benefit from the economies of scale, at least not to the same degree.

  6. Easily Fixable by chill · · Score: 3, Interesting

    More people need to pay attention to http://slashdot.org/firehose.pl and mod stories like this into oblivion.

    --
    Learning HOW to think is more important than learning WHAT to think.
  7. "no economic incentive to attack" iPhones? by mccrew · · Score: 4, Insightful
    from TFA:

    Although iOS has a lot of security going on underneath the hood, its safety could be due in large part to the fact that attackers have not focused on compromising the devices because there is no economic incentive to attack them, says Lookout's Mahaffey.

    Really? No economic incentive?

    Unlike PCs and Macs, every cell phone is directly associated with a credit card. Essentially a cell phone IS money. Bad actors can - and do - monetize this with malware that places calls to sketchy and high-cost phone numbers, or send texts to subscribe to "information services," resulting in (fraudulent) charges showing up each month. And good luck trying to dispute charges with your cellular provider on those. They will just tell you that their hands are tied by federal law and that they can't help you, but nonetheless will turn around and threaten you with collection if you don't pay.

    There's definitely economic incentive to attack mobile phones.

    --
    Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
  8. Um.. No by sl4shd0rk · · Score: 5, Insightful

    OpenBSD has been at it a lot longer. Even as a Linux Zealot, I would choose OpenBSD for security. IOS is a closed Black-Box that nobody but Stevie knows what's inside. Historically we tend to find *cough*siemens*cough* that closed source, proprietary *cough*secureid*cough* offerings do not necessarily equate to a trustworthy or "secure" system. What seems to happen is closed source options provide a layer of obscurity which allow the governing company *cough*dropbox*cough* to take inexcusable risks with customers assets because, basically, they don't need to show anybody. As long as they never get caught, they save a lot of money not having to implement a system to keep them honest.

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  9. Re:Completely useless by pandrijeczko · · Score: 3, Interesting

    Oh, so you can run emulator software on it now, can you?

    Or compile source code into packages that you can install onto it?

    Or go into the boot up processes and turn off or configure any services that you don't want or want to run differently?

    Or create a specific account to run the OS will much fewer permissions so that you're more secure due to the tighter restrictions you've placed yourself under?

    --
    Gentoo Linux - another day, another USE flag.
  10. Re:It's pwned before you get it out of the box.. by mr_lizard13 · · Score: 3, Informative
    Okay, I'll tear a hole in your comment piece by piece then.

    It updates without asking people..

    No it doesn't. You have to connect the device to your computer, launch iTunes, choose 'Download and Install' when prompted and follow the onscreen instructions.

    it disables things without asking people...

    Are you referring to the 'kill switch' built into the operating system? That's never been used. Conversely, the Android kill switch was used in March this year. To kill malware that had been downloaded from the Android marketplace.

    certain types of useful software are internally prevented from ever running on it..

    Which useful software is 'internally' prevented from ever running on it? Apps must be vetted by Apple in order to be included in the App Store, but I can't recall the last time an app was rejected for being too useful. Similarly, I can't recall the last time Apple had to throw a kill switch to kill malware downloaded from the App Store.

    it steals information about me - such as my geographical location and uploads it to a server without me asking..

    No it doesn't. The iPhone stores information about nearby WiFi access points and cellular towers. That information is stored in an on board cache. When you sync with iTunes, that information is transferred to your computer, in order that it can be synced back with other iOS devices you own. The locations of WiFi access points and cellular towers is sent to Apple, but not before it has been anonymised. Apple has no details of where you are, unless you implicitly opt in to sharing your location.

    it won't work unless it has my credit card number

    It works fine without your credit card number. I don't even own a credit card, and yet my iPhone functions perfectly. The sleep/wake button works, the volume buttons work, the SMS and Mail apps work, the Phone app works, the iPod, iTunes and App Store apps all work.

    certain types of software includes any programming language

    Really? http://itunes.apple.com/us/app/basic/id362411238?mt=8

    or anything which "duplicates functionality"

    Quite. Because something which duplicates functionality is extremely useful, isn't it.

    storing your geographical location without telling you.. er, you didn't know about that? at least it does google. See if you can find it.

    I can find it just fine. Now, see if you can find it. (Tip: http://www.apple.com/pr/library/2011/04/27location_qa.html)

    --
    "We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman