Essential Computer Security

Tony Bradley on Facebook
Tony_BradleyPCW
- Microsoft Needs a Tablet Strategy, Not a Tablet. http://bit.ly/d15SFa about 1 hour ago from TweetDeck
- Microsoft, Get Back to Work! http://bit.ly/c8OiP1 about 9 hours ago from API
- How Froyo Will Boost Business. http://bit.ly/drrtRS about 15 hours ago from API
- Major companies jumping at the chance to download Facebook profile data from BitTorrent. http://bit.ly/acZSmB about 16 hours ago from TweetDeck
- pcworld: Facebook on the Job: Educating, Monitoring Are Key http://bit.ly/ddxCBW (via @NetworkWorld)- pcworld: Face... http://is.gd/dTCJE about 18 hours ago from tweet hopper
“Tony is a very knowledgeable consultant with a very extensive background in Infosec. He is a very committed individual and is considered a celebrity in the industry. It was a true pleasure to have Tony on our team.”
Tony Tran
BT
My Sites

Web Vulnerabilities Plague iPhone

Posted on October 9th, 2007 by Tony Bradley

Okay. The headline of this post is more or less sensationalist FUD (Fear, Uncertainty and Doubt). It plays off of the fanatic popularity of the Apple iPhone to grab attention. In reality, the security weaknesses found in the iPhone are more a function of Web-enabled mobile phones in general, and not a specific flaw or error on the part of Apple. However, while the iPhone did not innovate most of the features it is known for, it did herald a paradigm shift in mobile phone design, and its popularity means that it has established the bar for what users will expect in future mobile phones from all manufacturers.

For example though, I had a Cingular 8125 mobile phone which I recently upgraded to an AT&T 8525 (after cracking the LCD display of the 8125). They are essentially the same, so I have had the same basic functionality for about the past 2 years. My phone has a large, touch screen display. My phone plays MP3’s. My phone switches from portrait to landscape display. My phone has integrated wireless and 3G access to the Web (3G is actually a feature missing from the iPhone). The iPhone is slimmer and “sexier”. The iPhone represents a higher degree of simplicity and improved functionality in many areas. But, for the most part, my phone does everything the iPhone does, and it has been doing it since long before the iPhone came out.

Phones like mine, or the iPhone, are a new breed of mobile phone. They blur the line between mobile phone, digital music player, and portable computing device. The main issue, from a security perspective, is the ability to initiate a phone call on the mobile phone by clicking on a link within the Web browser. As this article points out, it would be possible to hide or obfuscate the true URL, and possibly trick users into sharing information, or even luring them into initiating a call to a 900-number so that the attacker can generate income without having to steal and exploit the user’s data. Check out Web Vulnerabilities in the Age of the iPhone for more information.

Tags: Blog // Comments Off

Computer Security In Plain English For Normal People

Tony_BradleyPCW

My Sites

Web Vulnerabilities Plague iPhone

Recent Posts