justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| iphone OS userspace apps run as root »rixstep.com/2/1/20070703,00.shtml
I bet this potential issue gains traction & speculation over the next few weeks. There haven't been any mac OSX viruses that spread from mac to mac (via email or apple listening ports) that I know of, but if you imagine all the iphones as little macs (no need to imagine, that is what they are) and if they can reach each other "somehow" (poisoned mail messages, or corrupted itunes installs, appear to me to be more likely than open ports) .. then there is fertile ground for an "iphone virus". | |
|
 
nil
Java Geek
join:2000-11-27 | Re: iphone OS userspace apps run as root Yikes.. that's dumb. | |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | I'm glad I decided to wait on the next generation iphone. | |
|
|
|
Epyon9283
Premium
join:2001-12-26
Dayton, NJ | Do any other operating systems on mobile phones have concepts of file and user permissions? | |
|
 |
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Re: iphone OS userspace apps run as root said by Epyon9283  :Do any other operating systems on mobile phones have concepts of file and user permissions? well I don't know how you can have a smart phone without a filesystem, so thats files. As for permissions, since this phone is OSX it is commonly understood that the standard way for the OS to insulate itself from exploitable crashes by common applications is to have them run under their own permission level so that they have no simple way to modify OS files.
Which is why a Mac running OSX needs the administrator password to be provided for patches and so on.
Windows never defaulted to this setup out of the box which is why any windows program appears to be able to write DLLs to any system directory without requesting the administrator password, and probably 99% of the windows users out there run "with full administrative rights".
So if the iphone has no higher level hypervisor built-in, that is watching and blocking key file changes within the OS & if it is true that everything on the iphone runs as uid 0, the iphone is less secure than any standard OSX Mac. If someone finds the right kind of crash in the browser, mail or SMS client then crafting the right web page, mail message or SMS message could install a program that looks for more iphones and we have the first widespread iphone virus.
One would have thought they'd have designed the iphone to be MORE secure than a Mac, first because it is likely to keep the AT&T lock-in alive in the marketplace for longer, and to keep buggy and destabilizing 3rd party applications from being offered all over the net, and second because the iphone, portable as it is from wifi network to wifi network, is potentially more exposed to network risks than a standard home Mac sitting happily behind a secured nat router. I take my evil iphone into a large wifi cafe or airport hotspot and the probabilities are (or will be shortly) that there is another iphone user on 192.168.1.something .. | |
|
| | 
Khaine
join:2003-03-03
Australia | Re: iphone OS userspace apps run as root Well this is apple, the company whose products "just work". I mean look at appletalk, sure you didn't need to configure addresses for any computers in your network, but they were very chatty, and susceptible to many forms of attack. | |
|
| dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| said by Epyon9283 :Do any other operating systems on mobile phones have concepts of file and user permissions? I think Windows CE does not.
(To comment on Justin's interpretation of the question: yes, Windows CE has a file system. No, Windows CE does not have file permissions. As far as I know.) | |
|
| | |
| | |
justin
Australian
join:1999-05-28
Brooklyn, NY | Re: iphone OS userspace apps run as root Yes I think thats the difference. If iPhone can limit optional programs to sandboxed browser plugins, java applets and flash, then it is probably not much less safe than a windows CE smartphone. | |
|
hirschbuhl
join:1999-11-07
Jacksonville, FL | Couldn't you put the iphone in a Zip-Loc bag until the virus has run it's course? | |
|
| 
orph4824
I Ate What??
join:2001-04-26
Greeneville, TN
| Re: iphone OS userspace apps run as root said by hirschbuhl :Couldn't you put the iphone in a Zip-Loc bag until the virus has run it's course? As long as you wrap the iPhone in tinfoil(hmmm tinfoils hats for phones who'da guessed) before placeing it into the condom(plastic bag) 
--
Life's 3 rules: 1. Stuff happens 2. Stuff happens on a regular basis 3. Better get used to the first two... (not the actual saying but you get the drift) | |
|
zteardrop
join:2005-12-20
Brooklyn, NY
| said by justin :» rixstep.com/2/1/20070703,00.shtmlI bet this potential issue gains traction & speculation over the next few weeks. There haven't been any mac OSX viruses that spread from mac to mac (via email or apple listening ports) that I know of, but if you imagine all the iphones as little macs (no need to imagine, that is what they are) and if they can reach each other "somehow" (poisoned mail messages, or corrupted itunes installs, appear to me to be more likely than open ports) .. then there is fertile ground for an "iphone virus". Wait, but its an Apple. Apples dont get infected  | |
|
|
| |
| |
justin
Australian
join:1999-05-28
Brooklyn, NY | Re: iphone OS userspace apps run as root It depends how much control of the phone side some "root" code on the iPhone has. How about an iPhone virus that quietly called one of those charge-per-minute numbers and ran up huge bills for the benefit of the ultimate owner of the number? | |
|
| | | |
| | | | 
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| Re: iphone OS userspace apps run as rootYou forgot the "sales, profit margins, share holders gains" off the point you made.
----------------------------
They obviously are ingoring some basic principles.
My mobile phone is for phone calls, my computer is for the internet, but then I'm not a businessman with needs at the touch of a button, nor the cofidential data at risk.
Sorry state of affairs. 
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke | |
|
|
|
|
·
·