Apple wants an iPhone security engineer - to beat hackers at their own game. Applicants should develop "proof of concept" attacks and undertake risk analysis on potential security threats affecting Apple's embedded operating system products. The role, one of 35 security-related posts open at Apple, was first advertised in …
catch 22, contract violation.
If you've ever accepted the terms for any of Apple's SDKs or other developer tools then no doubt you'd be ineligible for the job.
What happens when you quit or they lay you off, are they going to be hovering over your shoulder for the rest of your career?
Same problem with a penetration test: you will only prove that one specific person with a specific skillset and specific tools could or could not break the phone at that specific moment he/she/it tried.
Whoever gets that job should (a) ensure legal protection, AFAIK it's illegal to do this - there are no exceptions in the law that make doing this legal, even if you have permission and (b) realise that it's a time bomb: it's you against a gazillion others, and you will get the blame if they find a way in.
Doesn't surprise me the job's still open..
If a person gets this job and holds it for any length of time, I'd be willing to bet that they get approached by the Mafia or other organised crime syndicates to hack IPhones in exchange for a large salary or the privilege of not getting killed.
Truly an offer you couldn't refuse.
I'd do the job but have "spent" Criminal Convictions, so the USA would not let me emigrate to Silicon Valley in the 1st place!
Now where is that phone number of the local Mafia...
Mines the one with a Black Hat on the coat rack!
Here's a novel concept: Why not just open the damn thing up so people can subscribe to the cellular carriers they want, with the plans they want? Or, maybe install software that's written for iPhones that they want?
Bottom line, it would still be a win-win for Apple as they could jack up the wholesale price 5-10% to recoop any money lost through long term contractural deals with cellular carriers, they would still be making money through iTunes and they would probably lessen the allure of people trying to "beat the system".
And if I could give Steve just one bit of advice it would be: It's just a stupid phone, with a lot of cool bells & whistles that people will eventually get tired of.
catch 22, apocalypse cloack
of course, I could just be left-handed...
Just the 1
the iphone is a big seller for no real reason, and apple are to poor to employ a small team of 5>10
Re: Classic fallacy
>AFAIK it's illegal to do this - there are no exceptions in the law that make doing this legal
Reverse engineering is illegal? Not even slightly. Here's a few examples: Samba, Wine, other linux/windows compatibility projects. They've been going for years.
The worst case is that you violate a product's EULA which specifically says 'don't reverse engineer me'. But even that won't hold up in jurisdictions which allow reverse engineering to let you make a product compatible with a different product. And being an apple employee and part of their dev team means you won't have to agree to any EULAs, because you're hardly an end user, are you? DOn't be silly.
why does this really ring of the chicago PDs idea of informing criminals they had won a tax refund, and all they had to do was come in to a local school at the weekend to claim their check, where they were promptly busted?
"hi, I'd like the apple jobb"
"what are your credentials?"
"I was a key contributor to the ZiPhone project"
"Good. we'll call you. whats your number, and where do you live?"
mines the tinfoil hat, I guess. Apple just needs to accept that with launching a platform success comes targetting from the blackhat crowd. gone are the tedious crowings of macfans that viruses and attacks dont happen on their systems, and here are the days where apple scrambles madly to cover its ass now that its become a target.
Reverse engineering anything is not itself illegal, it depends how you go about doing it, many companies build interoperability into their software or systems using reverse engineering because the documentation is not out there to support legitimate development. Reverse engineering, esp. in the states has long been seen as a driver for competition, with it being supported in a number of cases by the Supreme Court, however may, if done incorrectly stray into patent infringement. It is obvious to anyone with access to Google that simply reverse engineering, and/or hacking into a system is far from illegal, it depends who owns that system (for example hacking into your own computer is fine, hacking into the governments is clearly a big no). Also why would anyone want to pay someone who is working on the iPhone to open it up specifically to them? Seriously, where is organised crime's benefit in this, none, nothing
Ultimately most major IT firms hire people capable of breaking into their system, why? Because if they are breaking into their own systems they can fix them before these securities holes are widely found and exploited, if someone else is breaking into them no one knows what they're going to do. There are plenty of examples of people being very successful at hacking systems, even if their goals were far from the companies own goals, if I remember correctly the individual behind the most popular Dreamcast boot loader was offered a job at Sega.
It is quite disturbing that some people assume that people who do this are highly corrupt, there are plenty of people out there who want to understand who item x or y works without any further desire to do anything, I expect the sole reason this job is still open is that no one with the relevant skills has presented themselves in the correct light for Apple to hire them, have you not considered that a lot of people currently digging through the iPhone in their spare time don't already have better jobs? Simply don't want to work for Apple? Or don't live in the US? I think it's unlikely that any sort of fear of walking into the interview and immediately getting bundled to the ground by the police and dragged off to jail is preventing the qualified candidates who can apply, applying.
I hate it when Open source fanatics don't even aknowledge the advantages of a closed system.
By Keeping the iPhone closed, Apple can act as a Quality check on all software, this means there wont be software that hogs so much of the phones resources that it cant actually act as a phone, or worse, how about an iTrojan?
On a device like a phone, which we need to just plain work, without any risk of malware, a closed system can prevent such problems.
Apple needs to take iPhone security more seriously
The iPhone's security may one day become more important the that of MacOS for the Macintosh. It's scary to think that THE iPhone may become the new preferred vector of choice for virus writers. The iPhone has a large enough user base to attract unwanted attention and we know that the iPhones are syncing to Macs and quite a few PCs as well. If the syncing procedure gets compromised, a virus infected iPhone could detect the OS and inject the appropriate payload--thus killing 2 birds with one stone. And before any Apple-flavored-Koolaid-guzling fanboys say it could never happen "becuase we all know that all Apple software is ultra secure", realize that the software unlocking methods use security flaws in the phones software to inject and run arbitrary code.
Bet it stays open
Yeah, I bet the job stays open too. Anyone interested in cracking phones, I think would not be interested in working to *strengthen* the phone security -- it's purely a mindset kind of thing. Also, I think anyone that would be into security research enough to develop a jailbreak, realizes the fallacy of trying to lock down a computer the person owns -- working for Apple on it would be a waste of time, anything they do would be cracked within days. It's the fallacy of DRM* writ large.
*Fallacy of DRM -- the owner has the algorithm, the encrypted file, AND the decryption key. So, if they're at all motivated they can do whatever they want with the supposedly restricted file. Similar with IPhone, the owner *owns* the phone, you can't lock them out of it. Incidentally, the above reasons for IPhone are I think why most DRM schemes are so laughable -- i.e., not well designed, weak crypto, etc... anyone into crypto knows "unbreakable" DRM is impossible anyway, so the DRM designers get whoever is left to come up with a "good" crypto methods, and they in fact come up with very poor ones.
@ Chad H
On a device like a phone, which we need to just plain work, without any risk of malware, a closed system can prevent such problems.[/quote]
Funnily, this is the same stance Microshaft takes. On a PC , an OS just needs to run. Shame Windows doesnt.
Took a "hacker" by the name of Linus to help deliver a stable operating system to the desktop. Thanks to him, and his mates who do not belong to a closed shop environment, I now have a desktop PC that works.
There are always going to be more people hacking than people employeed to stop the hacking of the iPhone so who's gonna win in the end? The position is pointless but I guess it would be fun for a while.
I have long wanted the reg to change this icon because it helps to perpetrate the mis-conception that left = wrong.
You are *far* more likely to be the victim of a crime by a righthanded villain than that of a lefty purely because of demographics ;)
Information is FREE
When are the damn psychopath corporate going to learn that their money and capital are useless against the pleasure of cracking their greedy package software - this is the era of INFORMATION and it is here to unite mankind.
except it isn't.. western governments are trying to "sanitise" the net and bring about their own government sanctioned net utilising their own "great firewalls"... just check out all of the legislation they are trying to put out and the commercial endevours that will employ DPI backed up with threat of disconnection and/or prosecution.
When they came for those who read "information likely of use to terrorists" we shrugged "why would you need to learn about how a bomb works and can be put together" we uttered.
When they came for the paedos many were whipped into a frenzy and said "too right we should find them and persecute them".
When they came for the freetards we all exclaimed "if we just take everything for free, no-one will make any more".
When they come for us for having an opinion and a thought that wasn't sactioned a governmental body, everyone will cheer because they have been told it's their duty to.
Yes, it's an extreme vision.. but it's one that is all too easy to bring into our reality.
Time for wireless mesh networks operated in private.
"Jobseekers should have a degree in computer studies,"
Now that really bugs me. Why would you need such a qualification? Some of the best hackers around exist because they have curiosity, a holistic approach to problems and a talent/passion for using logic and reason to solve them.
I've met plenty of computer science graduates without those skills and whilst I'm sure they could polymorphificate their way out of an object oriented paper bag a position such as this requires the fresh perspective these non computer studies graduates offer.
You can bet the existing broken security was designed by a "Jobseeker who had a degree in computer studies!"