http://www.technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-threshold/ By Simson L. Garfinkel Technology Review August 13, 2012 Less than a month after Apple first shipped the iPhone in June 2007, a group called Independent Security Evaluators documented deep security design flaws in the device. Apple's most embarrassing flub: every iPhone application that Apple had written ran with so-called root privileges, giving each one complete control over the entire phone. Hackers found bugs in those apps that could be used to take over the phone from the inside. Apple didn't fix the design flaw until January 2008. But after that rocky launch, Apple invested heavily in iPhone security. It's still possible for a hacker to take over a phone, but it's increasingly difficult, largely because each app runs in its own isolated "sandbox." The phone even verifies its operating system when it boots. Today the Apple iPhone 4S and iPad 3 are trustworthy mobile computing systems that can be used for mobile payments, e-commerce, and the delivery of high-quality paid programming—all of which bring Apple significant revenue in the form of commissions. In fact, in its efforts to make its devices more secure, Apple has crossed a significant threshold. Technologies the company has adopted protect Apple customers' content so well that in many situations it's impossible for law enforcement to perform forensic examinations of devices seized from criminals. Most significant is the increasing use of encryption, which is beginning to cause problems for law enforcement agencies when they encounter systems with encrypted drives. "I can tell you from the Department of Justice perspective, if that drive is encrypted, you're done," Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property Section in the Department of Justice, said during his keynote address at the DFRWS computer forensics conference in Washington, D.C., last Monday. "When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data." [...]Received on Tue Aug 14 2012 - 03:48:38 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 14 2012 - 03:53:40 PDT