Friday, February 5, 2010

iPhone Security Not Up To Snuff: Apple Claims Exaggerated

"Apple's claims about iPhone privacy and security are exaggerated, according to software engineer and security expert Nicolas Seriot, who gave a presentation yesterday about the iPhone at the Black Hat Conference in DC."

"Seriot noted a number of iPhone apps, including one called Aurora Feint and another called mogoRoad, that made it into Apple's App Store before being de-listed for privacy violations involving the harvesting of iPhone users' contacts, e-mails and phone numbers. Apple reviewers can be fooled, and the likelihood of this continuing to occur appears high, especially as the iPhone, now at about 34 million devices in the market, becomes an increasingly appealing target for [cracking], he said."

- PCWorld - iPhone Privacy, Security Not What Apple Claims, Researcher Says

This article illustrates something I have been harping on for decades in the internet world, and prior to that the online service, shareware and (fidonet) bulletin board world.

People don't understand that the internet is like a giant third world market. There is little policing, and pretty much everyone is one their own. Would you go wandering around a market in Kinshasa with your wallet in plain sight, flashing your cash everywhere, wandering into dark alleys and talking to strangers about who you are and where you are staying?

Before downloading "free" software a person has to at least do a cursory check of whether or not the software has any malware complaints against it. Would you hire a house cleaner and give them keys to your house without checking their references - just because they seem nice or are good looking? That is the criteria most people i see willy nilly downloading apps on their cell phones and computers - "It's funny", "Look at this, it's hilarious", "But it's pretty" (I hear that one mostly from women), "It has pretty colours, how else will I be able to get the perfect shade of cherry mauve blossom on my screensaver?"

When someone has cleaned out your bank account (has happened), turns your computer into a slave for an attack and the police show up on your doorstep (has happened), all your data and pictures are gone forever because of the virus (malware) embedded in your download (happens more times than can be counted), and on and on - then will the few minutes it might have taken to just check around on that app be such an onerous event?

Or will you just call your nearest computer nerd and whine at them about how you don't know what has happened, and then get mad at them when they can only recover part of your computer and information (**** yes, yes, yes, personal baggage alert - the preceding scenario has happened to me at least twice a year for about the last 20 years ****).

Bottom line: Be careful. Read first. Research first. Do not impulse install apps or install one just because your friend says it's cool and it's safe.

No comments:

Post a Comment