Experts fret over iPad security risks
Apple's much hyped iPad tablet may come tightly locked down but the device is still likely to be affected by many of the security issues that affect the iPhone, as well as some of its own. Security experts polled by El Reg were concerned about a variety of risks, in particular phishing attacks and browser exploits. Graham …
I'm not Apple Fanbois and think that the iPad isn't of any particular value. But the so called experts in this story should at least analyse the damn thing before making up comments like this. Just saying the Iphone had issues doesn't necessary mean that the iPad will have the same, it seems like John Leyden is trying to find reason to bash it.
On the basis of this story perhaps you should print this:-
iPad will be crap for DIY
The iPad will be useless for DIY uses say industry experts.
Top screwdriver jockey and driller thriller, Iain McHammer said " I've tried knocking in a nail with a iPhone and the damn thing just broke, Looking at the iPad I think it wouldn't do the job either."
He added "Got any tea love, Milk and 2 sugars please."
I'm almost looking forward to the first one of these potential exploits to hit the ipad/phone - I am interested to see where abouts Apple will stand, as I assume they will decline virus scanning/exploit checking software from being added to the app store... unlike on windows or snow leopard, where the user gets a choice as to whether they protect themselves and their data properly, they don't with something like the ipad... so where does that leave Apple legally...?
Personally, I'm not sure I am all that bothered about the iPad, I couldn't afford one even if I wanted one anyway... I'm sure it's a nice bit of kit to play with though.
We've been waiting for years to hear of one for iPhone.
And jailbreaking then being dumb enough not to change your root pass doesn't count.
so, what you're saying is that the iPad will pose the same number of security risks that anyone who surfs the web faces (regardless of platform) but has the added benefit of being safe from flash attacks?
i don't get the point about pdf files. you can open them by default in OS X. i thought the vulnerability there lay in Adobe Reader's execution of code within the pdf? but it's not Reader that you'll be using to view them on the iPad
well shit, better go back in time and tell my grandfather before the second world war starts, this is really important information.
Security experts commenting on a product that they have no real details of, running a tweaked OS that they have not looked at and that they have not actually managed to get their hands on.
It says something very bad to me.
I'd rather trust someone who had taken the time to actually look at the product and its security features rather than someone who was willing to rubbish it without taking the time to know anything about it.
Since Apple does not use Adobe code, and since 99% of the vulnerabilities in PDF are in the Acrobat Viewer from Adobe, how will these "vulnerabilities" affect the iPad.
The only vulnerability I have found for PDF on OSX was patched nearly 2 years ago.
Of course, I agree that there are always going to be bugs and vulnerabilities, but they could have least not talked out of their asses
They're saying it's just as vulnerable as any other computer, except maybe a little less so because it doesn't suffer flash? And maybe a little less private because it doesn't support easy encryption? Or was that about the iPhone? Can they stick to the subject, perhaps?
Crossing the road is also dangerous if you don't look left and right.
"The device is really close to an iPhone, so we should expect a similar security. However, unlike the iPhone, it would be able to open PDF documents by default."
Dunno about yours, but my iPhone is perfectly capable of opening PDFs and indeed does so if you click on a link to one in Safari. Not sure what you mean by "by default": what else can you do with a PDF apart from open it? Download it I suppose, but Safari on the Phone doesn't do saveable downloads unless you jailbreak the phone.
What intrigues me is what are all these security vulnerabilities and who is exploiting them? Not that I'm saying iPhones are somehow immune to such problems (I'm not a fool), but they don't seem to be widely publicised (all I can think of from memory was something about malformed text messages which IIRC was fixed a couple of OS updates ago), and so far to my knowledge the only successful attempts to attack iPhones with malware have only worked with jailbroken phones left with gaping holes by the jailbreaking process.
So far Apple's policy of not allowing third-party apps to multitask or write to areas outside the app's own folder seems to be working pretty well, despite its unpopularity among some punters here.
It's only just been announced and people winging about now flash and now there already trying to ride the release to eppen there security expertise. What a lod of crap; Wait and see.
On that note, why dont they go drama lama about no AV on consoles and the like and take the news approach to hyping that angle.
"Security experts polled by El Reg were concerned about a variety of risks, in particular phishing attacks and browser exploits." I hope it was a long pole with a sharp end!
Experts in the tea industry today confirmed that the new Apple iPad will be vulnerable to attack by hot mugs of any beverage placed upon it and lacking any kind of edge would also be unlikely to adequately support any cold beverages in an ustable environment, for instance at sea. A source close to the local pub said today it was unlikely they would be introducing the iPad as a service aid any time "in the near future" although there was potential for third party add-ons to be constructed that might at some point make this more feasible and he could imagine some kind of "iCover" that might be useful in this regard.
What's the point in asking for security experts opinions if those so-called experts don't know what they're talking about?
"However, while the iPad uses the same OS as the iPhone, it is more powerful; that means attacks based on doctored PDF files may potentially become a risk, explained Luis Corrons, technical director of PandaLabs." --WTF?? my iphone has always opened pdfs
"The other major vector could be Flash..." --What flash
"'The existing iPhone is not very good on encrypting data. It is unclear iPad will be any better,' she added. The iPhone OS only allows one (third-party) application at a time to run on the device so providing security software, which needs to run in the background, for either the iPhone or iPad is limited." -- iPhone actaully has very good hardware based encryption and quite what this has to do with background apps is beyond me.
It strikes me the only thing these experts should be fretting about is their dumb-ass intelligence. And yours too Reg - shame on you for giving voices to such idiots
FFS we won't have a leg to stand on when people find out they don't need anti-virus software on their shiny new devices. And btw, why exactly should we accept it on our proper computers? Oh god, please let Microsoft come up with a tablet edition as well so we can flog some a/v on these unsuspecting cretins.
On a slightly related note, and something which I feel has been overlooked by the mainstream media as well as the blogging punditry, is the one fact we owe Steve our thanks for. Apple has finally, after so many years, produced a device of which I have no intention of buying, thereby saving me some much-needed cash. In this time of international economic crisis, I'm sure you would agree this was the only sensible thing Apple could have done.
Everything with software or firmware which accesses the internet or external media in any way whatsoever is potentially at risk...
Twats.
Really!
Wow, you guys really hate this thing, don't you? This article is basically saying that anyone who surfs the web is vulnerable to phishing attacks. What is it about the iPad that makes it more vulnerable than other platforms? How many real exploits for iPhone (same OS) are in existence? A highly locked-down device running a UNIX kernel that allows virtually nothing to run outside of user space. Compare that to something that runs windows.
For shame, Reg. There are so many other holes to pick in this device (and you've gone to great lengths to do that) but security is not a weak point in this machine.
So, the iPad is likely to be as secure as the iPhone. In nearly three years of its existence, we have had:
- an SMS parsing flaw that could crash the phone but has been fixed.
- a serious vulnerability for the small percentage of people who: jail-broke their phones, installed an ssh client, didn't change the default password.
Remind me again why AV software is necessary on these platforms? Oh, that's right, it isn't.
So, the snake oil peddlers are trying to drum up the fear of phishing and other social engineering attacks. Fair enough, but AV software isn't the solution, education is.
seriously, if these guys have nothing more intelligent to say, they should just STFU
I saw an ad the other day from Natwest promoting use of the iPhone for banking. That's a really, really bad idea. The iPad will be even worse...
I like it, but I'm not sure I'd buy one.... ;)
I agree just use a NexusOne! They have this really cool all purpose banking app that, whoa wait a minute, that was really malware and it's been pulled? Oh, snap!
The only thing worse than the usual anti-Apple anything cabal is the ones that do't understand the features and capabilities of the iPhone let alone an unreleased product. if these "experts" can't even get the fact that the iPhone CAN open PDF files by default correct, I'd have to say all their assumptions are more than suspect, their junk! Carry on!
Charmless bandwagon-jumping PR-driven rentagob bizniss... His existence is enough to put you off their products, to be honest.
Police experts say living in a large city increases the odds someone will ask you for bus fair.
The Reg needs beer money so they're at their hit-hooring best posting load of tripe this one.
Ask an IT dork about an Apple product and they'll cook up some manner blithering FUD about it. in this case, does it matter that they've never even seen touched or used the product?
Clearly not.
Sign up, sign up for The Register's weekly IT security newsletter - click here
