Operator talking-shop the OMTP (Open Mobile Terminal Alliance) has published its white paper on handset security, saying something along the lines of Symbian Signed is a good idea, and that if Apple had listened to it the iPhone would never have been cracked. The document (pdf) spends a lot of time explaining what mobile …
Signing hurts the freeware developer
When the SPV Windows Smartphone was released it had signing and wouldn't install unsigned apps. It resulted in a lot of negative PR and upset owners. Orange lifted the restricted eventually.
End users and freeware developers don't want signing, mobile operators and handset makers seem mad on it. Handset makers like it since the signing process earns them money, mobile operators are keen to stop the phones being unlocked.
I buy my phones SIM free as I don't like all the restrictions, it also means I can change the phone after a few months and get back most of the value. (try doing that after 18 months with your battered contract phone). Even a SIM free phone is subjected to this signing rubbish, it's bonkers.
Perhaps they wanted it cracked...
Just look how much publicity it gets them, every time they break it or someone cracks it, they get more publicity - If you were cynical, you'd say they wanted it hacked wouldn't you?
That's all fine
But iPhone would not have needed the layered security if they'd released it unlocked in the first place.
Does seem odd that everything runs as root
So root is disabled by default on Mac OS X (a good choice).
Now why would they turn their back on this rather strong secuirty model, and not only enable root, but run everything as root by default?
It's like the people working on the iPhone OS never used Unix before.
Or even like if Paris Hilton wrote it. BTW is it too much to ask for a Lindsey and Britney icon as well? And maybe a Naomi Campell one. Oh and we need a Dalek in there.
Signing != Unlocking
Understand that signing and locking are two different things. Locking is an attempt by the carrier to prevent you using your handsets on other networks and vice-versa. They want to own not only the calls you make but also the handsets that you use.
Code signing is a mechanism to ensure that you know who build the apps you're running and to let the system identify code that is tampered with by unauthorized third parties. The only thing you need to sign code is a certificate from an approved Certificate Authority (CA). So long as the device manufacturer/carrier allows apps signed by CA's that offer reasonably priced digital signing certificates, there's nothing to stop freeware software providers from writing apps that could be installed and used on the system.
The iPhone was rushed out...
The consensus is that the current iPhone code is a mess. The lack of an API/SDK proves this; just look how Jobs is shouting about the new SDK due in Feb; there's no way on earth he wouldn't have released it before if it was possible.
So, if the first version of the iPhone software is a mess, what's coming?. I wonder if version 2 is just around the corner. One would imagine that this v2 OS will use proper layering, will have embedded security, and whole lot more security, not to mention new applications. No doubt all of this new software will sit on new hardware (3G, better camera?).
On the other hand, if the target is to flog 10 million of the things next year, then they sure as hell aren't going to shift in those quantities unless they're unlocked -- sorry, unlockable. Just look at the US market; they have the phones, the price has recently dropped, but people still aren't rushing to buy them at a around million per month (it's around 1.5M of them over 4 months to date).
Why? Is it the price is too high for the target market? It's not unreasonable to assume it's the price that AT&T charge that's putting people off -- it's definitely the price that Otoo will be charging in the UK that will put me off. Therefore a lot more will be flogged if they're unlockable -- I'm not risking £280 for an iBrick.
I can only speak for myself, but I'm looking very carefully at the idea of buying one and unlocking it. If it looks as if Apple will brick the phones, I simply won't buy one -- I will not pay Otoo's prices. It's interesting that the price of the phone isn't putting me off; it's the ongoing price of the contract that is the deal breaker.
My money's on a version 2 iPhone early next year with new hardware and a completely different OS (or great chunks re-written). Of course Apple will never reveal this as they don't want their market to evaporate overnight. I wonder if it will coincide with the release of the SDK? Or soon after?
Kudos to Steve Jobs for keeping application writers away from the iPhone until it's ready. Either that, or it really is a complete rats nest!
Isn't it obvious?
If Jobs says the phone will ship on June 29th that's when it ships.
So the Devs had 5 months to turn a prototype into something that will reliably work on the network, and it had better look damn good doing it.
A result of this is the very visible slippage of Leopard as devs were appropriated to ensure the iPhone Just Works™
A less visible result was the massive focus on the UI rather than the underlying OS, funnily enough it's probably only Apple that would ever develop in this manner, 'ensure it's pretty and a joy to use, we'll clean up the insides later'.
So basically, if you want to know how the code inside the iPhone will evolve over the next few firmware updates just head over to Apple.com, and peruse the security features in Leopard.
How long will that take? Jobs says February, and those Apple devs won't make him a liar if they know what's good for them.
I think jubtastic1 has it right. Steve has a successful precident to this. The first ever Mac. It was released with an OS where everything - user code and all - ran in supervisor mode. The reason was that they simply didn't have time to get a proper OS security model sorted before they had to release the product. Eventually they cleaned it up. It took a lot longer then they might have hoped however. Luckily for the iPhone the underlying OS still supports all the security models needed. So moving to a sensible setup should be reasonably easy. Early versions (mostly beta versions) of OS-X were not exactly paradigms of a good security model either, it took a while to get the thing straight, but they did, and it is good.
Running as root
You do realise that most phones have no concept of a user at all, or privilege separation?
Another useful article:
If it was an MS OS...
the amount of people slagging it off for having a poor security model would be huge.
The article posted above is full of personal attacks, and a decent rebuttal by Ms. Zetter herself in the comments.
"It was released with an OS where everything - user code and all - ran in supervisor mode. The reason was that they simply didn't have time to get a proper OS security model sorted before they had to release the product. Eventually they cleaned it up. It took a lot longer then they might have hoped however"
Sounds a lot like XP and Vista to me, but bleh.
Why do I have an inherent dislike of Apple? Because I know that if I had bought an iPhone, I would have to buy another in six months instead of just downloading a SP and I would be at a disadvantage featurewise. It's the same reason I bought a decent MP3 player instead of an iPod and the same reason I'd rather a PC than a Mac.
"..saying something along the lines of ...that if Apple had listened to it the iPhone would never have been cracked."
So was this true or PR puffery? Would have been nice to have such analysis in the article...
"The consensus is that the current iPhone code is a mess."
I have no idea what you are talking about, and I don't think you do either. :-) Consensus? By whom, others like Kim who claimed that the Apple security was terrible cause everything runs in root????? Yep and she did not know what she was talking about either. LOL See the roughlydrafted.com article. :-)
Just because you can hack your own phone does not mean its insecure.
Can others hack into it when you visit a web site?
Can others use wi-fi to hack into your phone and change code?
Hey, I can drive over my phone with a car but that does not mean that you can make me put my phone under your car tires. LOL
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Updated + vids WHOA: Get a load of Asteroid DX110 JUST MISSING planet EARTH
- 10 years of Facebook Inside Facebook's engineering labs: Hardware heaven, HP hell – PICTURES
- Very fabric of space-time RIPPED apart in latest Hubble pic
- Massive new AIRSHIP to enter commercial service at British dirigible base