титле
You make it, and they will come.
Kudos to the first person to run Linux on an iPhone.
The game is on for hackers trying to spot security vulnerabilities in Apple's iPhone and already they're scoring points. Less than 72 hours after the iPhone's introduction, researchers have reported at least one flaw that could allow an attacker some level of control over the device, while other hackers have uncovered passwords …
While Apple Kool Aid Drinkers are in constant denial, anyone in IT knows that Apple OS X and products are the buggiest in the industry, and every Apple update either makes then buggier or are buggy themselves.
I love this! Go Blackhat Hackers!!! Humpty Dumpty Jobs had a great fall.... bwah ha ha ha ha ha ha .....
Here's a thought , replace both safari and os with portable Damn Small Linux and Firefox/(Iceweasel) , that way , it will kill two insecure back door birdies at the same time!(it made Ipod gen 1 to 3 more useful as DRM free devices with 25% longer play time as well)
Sounds like Iphone has either Alpha 2A or Beta 1 OS software , with preprogrammed debug back and side doors still live within the code , due to the usual Apple crap software rush jobs !
Or as the conspiracy theorists will say a very deliberate Government blackhat over ride control code , for given the large memory but crap camera an excellent spy/industrial data smuggling tool (well A T & T / Cingular did yield to the notional government pressure to spy on it's own customers without either due process or any legal documentation as required by both the Homeland Security Act or the 1986 Telecommunications Privacy Act!)
Gen 1 cutting edge devices are always risky , as the real end users are the both the guinea pigs and the debuggers at the same time!
"Apple representatives didn't respond to a request for comment."
They don't need to - the MacAddicts will take care of the issue for them by spamming the threads that mention the issue with strident denials and strawman attacks on Windows (but not Linux). They are coming right now, and it's a safe bet to say there will be a comment from a drooling turtleneck before the day is over.
As you can see, there already has been an initial warning shot.
"Gen 1 cutting edge devices are always risky , as the real end users are the both the guinea pigs and the debuggers at the same time!" - heystoopid
It's the only way to fully test a product. Testing in a controlled environment is okay up to a point, but in the end it needs to be out there.
Just feel sorry for those poor sods that have been suckered into buying it.
Like you said 1st generation cutting edge devices are always risky. That's why it's best to wait for 2nd or 3rd generation.
Have you even used Windows Mobile 5? there's plenty of serious bugs in that which Microsoft never bothered to fix. I'm sure 6 is no better.
An annoying one was POP3 accounts vanishing when battery gets low, when you try and create it again it says an account of that name already exists.
Kool Aid drinker? it's you who is blinkered.
Sure, hack the thing if it makes you feel good. And if you find security vulnerabilites, well done, thanks.
But you're not going to *fix* the iphone that way. Seems to me that the software is pretty good, or will be once Apple have patched it a couple times.
It's the hardware that sucks. Hack that...
Never buy version 1 of anything, at least wait for the patch fix, or better wait for version two.
You always pay for being an early adopter, and its never really worth it. Unless you need the pose factor, and if you need teh pose factor perhaps there is something messing in your life.
Its a nice phone, the Interface at least, and weather its a good phone (Which I doubt for the European and Japanese markets) the UI should at least fire a rocket at Nokia et al.
For me the nicest feature, has nothing to do with the touch screen, its the way it deals with voice mail.
Everything has bugs, it's just the most popular products which end up being hacked the most as they're the most attractive targets. Hence Windows, iPod, iPhone, etc. They're a victim of their own success.
I would be careful about saying Apple products are 'more' buggy - expose an alternate modern smartphone to the same levels of hacking and you're sure to come up with comparable results.
in addition to the bugs mentioned in the article there are other shortcomings in i(nferior)phone:
1, NO 3G/High Speed Internet(YES, its available from the same at&t in major cities & i'm using since Nov-06, works fine between 700 to 1400 Kbps)
2, NO GPS
3, NO MMS(did apple design this in 16th century?)
4, NO A2DP(NO Support for Stereo Bluetooth & they call it best ipod ever?)
5, Just Crappy Bluetooth(only good for Headsets, Can NOT transfer pics etc between PC & phone)
6, NO Video Recording
7, NO Custom Ringtones(can NOT use your own MP3s as Ringtones)
8, NO freedom to install/run 3rd party apps(Like I watch some LIVE TV, CNN-IBN, thru TCPMP on at&t 8525 OR NO internet radio thru GS Player. There literally hundreds stations available for FREE, so u don't have to buy itunes)
9, Guess you can NOT watch Xvid/DivX videos either
10, Can NOT copy/edit text or documents(as per engadget)
So my question to all of you fine folks is...is that 'i' stands for inferior in iphone?
From the Errata Security report: "...we think the iPhone is inherently more secure than competing smartphones (such as those based on Windows Mobile or Symbian)"
Upshot is, virtually ALL phones have more or less serious bugs in them, most of which NEVER get fixed by the network operators. However, by synching your iPhone to iTunes every time you charge it up, and with Software Update updating iTunes automatically, it's likely that any bugs in the iPhone will be patched pretty quickly and seamlessly.
Jeez look at all the frothing going on. Guys, wise up, it's got a browser therefore it will have an exploit. Show me one that doesn't!
So there's a couple of passwords and "as of yet they don't have a specific use"? Wow... big deal. I mean, wouldn't it be a bigger headline if there were no exploits found?
I can't yet see the point in unlocking this phone. In case you guys have had your head in the sand for the past 6 months you'd know there's a server side component that's only implemented on AT&Ts network so unlocking it would gain you a phone even dumber than than the i(nferior)Phone anyway. Sounds to me like you can't decide whether it's inferior and noone would want it or so cool you'd want it without even its basic feature set on another network?????
Jags - xvid/divx isn't supported on any iPod yet so why the iPhone would be any different I dunno. No doubt it supports the same as the others in the Apple family. As to the other points, yeah they overlooked a bit didn't they! 1 & 2 are down to size / battery life but it'll be interesting to see what software updates are released over the next couple of months.
Oh and Phreaky, best pop back to Trolls'r'us for a refund on the "anyone in IT knows that Apple OS X and products are the buggiest in the industry" one-liner, just shows you don't apparently have any mates in IT.
So far no one has actually gained access and gone around deleting things on random peoples phones, which is what crackers are generally known for. These are hackers as they are finding out as much as they can about the iPhone for their own personal knowledge. As for the iPhone being buggy, didn't the beta of Safari teach us anything?...
Firstly I don't have an iPhone and have no intention of getting one until it has the functionality I require (3G, decent camera, etc...) but why on earth would you want to run Linux on it? I own a Sharp Zaurus, I bought it to play with. But as a PDA is bloody useless. I kept changing the software, different versions from Sharp, different versions of Opie etc. and when ever something new worked something else didn't. I lost the ability to sync with Linux, or the ability to use bluetooth and connect to my cellphone, or IrDA failed, or the e-mail client was IMAP only.
Hardware is just hardware, its the software that matters. If you don't want iPhone software why buy an iPhone? Especially why buy one to run some incomplete software which has no quality control procedures and no guarantee...
As soon as I saw the words "errata" mentioned as the source... i stopped reading the article.
That should sum it up.
As for the boneheads who think OS-X is the buggiest software... enjoy your deillusional world that you live in.... must be running vista or something.
Never ceases to amaze me.
I can count the number of times on one hand alone as to the times my mac has crashed... oh wait... that would be... none?
And my winblows XP tower?
well its in the hundreds...
I do agree about safari...but that very same exploit(s) resulted in 100 more for windows...THATS SOFTWARE PEOPLE.... not an operating system... the only exception of course is MS IE... wich is integrated with the OS last i checked.
Try coming back down to earth when you get the chance.... you might find reallity.
All phones have issues.... some people make it a bigger one than it should be. Odd's are about 75% of the problem is the service.. not the phone.
I'm pleased to not see too many stupid remarks, especially including the: "its getting popular and it's going to be more targetted".
Also, when it comes to "hacking" the windows/symbian line of devices; their developpers allow the use of 3rd party apps. Apple does not, so any extra steps taken to "learn" about it is impressive to me. (less than proding the board)
Hooray for being a poor student and not having to care about these crazy fads. Yes Apple is a fad as was the razr (if you went to a semi-rich school in US EVERYONE had them). It will be the same when I go back to school. All the rich and semi rich kids will have an iPhone, and I won't care because my phone works just as well for $450 less and it's less exploitable. It also isn't super proprietary like Apple or Sony. At least I can choose what stuff to use and really I don't use much. A phone is a phone. Why do I need a web browser that can't see half the page? Why do I need a device that allows for only bluetooth accessories? The answer is I don't.
RE: Sad.. :
If your 'Winblows' machine crashes then you are probably just inept. I have easily gotten 200+ day uptimes on my Windows, OS X, and Slackware desktops. Barring power failures, the odd kernel recompile / software update, and reformats, I'd never have to reboot. And that is because I treat my machines nicely (to an extent...) I have, however, seen people that have the ability to make nearly any machine unstable.
Plus, OS X has odd ways of handling things that it does not expect. I keep a really fun piece of hardware in a cabinet by my desk: A PS/2 to USB adaptor for a keyboard. Plug a PS/2 mouse into it, then plug it into a Mac, and it will hard freeze instantly. I've tested it on a good range of machines from Apple's first with USB ports up to Intel iMacs and things. My Linux machine didn't do anything at all (the thing didn't show up on lsusb,) and my Windows machine actually let me use the mouse.
Also that 'errata' source is most likely just because the number of mailing lists and forums involved is too great to enumerate.
@Whomever said that OS X is the buggiest whichever in the where:
It clearly isn't. It is just the most irritating. My list of reasons for wishing that one day my department will replace all the Macs that I support with PCs is immense. And it is far shorter than the one filled with reasons that I'd really rather not use one personally.
@Appropriate Person:
Windows Mobile is crap, and everyone knows it. The reason that your stab at an insult is worthless is that we never claimed that it was reliable or secure. Hell Microsoft probably hasn't even made bold claims to that effect, since people tend to watch their marketing and get them in trouble for the really blatant lies.
@Linux fans
We all know that running Linux on a device that isn't designed to do so is a pain, and it never ends up working. People have been working (not sure how dilligently) for years to get Linux running on devices that previously used PalmOS. Even on the devices that are 'well supported' not much but the essential hardware will work at all. You think that a bluetooth driver for whatever hardware lives in the iPhone will be easy to come by in Linux? Maybe, if you're really really lucky. But then wifi? From what I've been hearing, it sounds as if the phone functions of the device are controlled by the OS - try redoing that in Linux. Installing Linux on it would likely just cripple the device, though it would have at least a slight 'neat factor.' A device that was built to run Linux, however, would be pretty sweet... Especially if it allowed you to run whichever WM you chose.
Of course this thing is a fad/trend/lemming attractor. If I was going to sell something, I would rather that it be immensly popular with the underintelligent and overwallet crowd, rather than rational thinking people with good taste - there are just a lot more morons out there. Apple has hit the sheep market dead on, and thats great for them. The only thing that pisses me off about it is that the fanboys think that they're special, and they really like to try to convince me of the truth of that. Not much I like less than to be talked at by a righteous idiot.
The iPhone lovers or the iPhone haters.
What I don't understand is why people who don't like the product would waste their time posting about it. I understand being passionat about something, and I understand not caring about something. But I've never understood being passionate about NOT caring about something.
"they claim to despise yet can't stop discussing." - Holden in Jay and Silent Bob Strike Back
Nexox Enigma says ---- "I would rather that it be immensly popular with the underintelligent and overwallet crowd, rather than rational thinking people with good taste - there are just a lot more morons out there. Apple has hit the sheep market dead on, and thats great for them. The only thing that pisses me off about it is that the fanboys think that they're special, and they really like to try to convince me of the truth of that. Not much I like less than to be talked at by a righteous idiot."
Sounds like the intelligent one is not handling this rollout very well.
"underintelligent" ... "morons" ... "sheep" ... "pisses me off" ... "try to convince me of the truth" ... "righteous idiot"
I wouldn't let a new phone, with a GUI that people prefer, bother me that much.
By the way Nexox, what did you think of ...
On second thought, I don't think I want to know.
I want to see the first guy who brings an unlocked iPhone into T-Mobile (only other major direct seller of GSM in the US) and says, hey I want to run my iPhone on your network. Better pray for the fly by night third party resellers to do it for you.
I also want to see how frequently iTunes updates the software on the iPhone, given that Cingular/AT&Ts testing and approval process takes forever. I'd recon one, maybe two updates a year if you're lucky.
*blatant swipe at Linux crowd* Why do you insist on putting Linux on devices that really don't need to run it just to say you did? Do you end up getting that six figure salary just because you made Linux run on a Tamagotchi? Why not port Linux to run on a Turing machine too? Seriously, if the amount of effort used to port Linux to TI-85s went into dumbing down Linux interfaces and admin tools for the masses, maybe it would have a larger market share and you could stop bitching about how much better it is. Having to explain to my mother what a "root" is and what the /etc/init.d folder is for is about as much fun as having to explain a BSOD to her.
And not to leave anyone out, Windows Mobile is totally CRAPTASTIC.
Sorry [no I'm not] to pour cold water on this particular party but ......... its only a Smartphone.
If you really don't like Apple product then deal with it and don't buy any. But for the sake of any sanity left in this world, don't get all zealous over it. We don't need anti-Apple Jihadists running all over the forums. What next? A Fatwah on Steve Jobs' head for some kind of technological sacrilige?
For my money - the Apple iPhone is an innovative device that will no doubt shape the way we do MMI for the future. Much in the same way that Apple did for the WIMP environment that we all take for granted these days. I think that when it hits these shores I will most likely get one just for the small number of things that I will be able to put it to good use for.
For those that truly hate all things Apple there is plenty of other product out there for them to wallow in their delight!
if the amount of effort that went into porting Linux to TI-85s were spent dumbing down Linux interfaces and Admin tools for the masses, we'd have Windows. Dumbing down anything is not a good thing. Look at MS OSs. Just a relatively short time ago (in the grand scheme of things) we had DOS, and if people wanted to use computers (especially if they wanted to do more than the absolute basic functions) they had to actually be bothered to get off their a$$es and LEARN something. They had to *gasp* spend a little time and effort learning to use the device. Then they dumbed it down with Windows, and people didn't have to learn as much so guess what? They didn't bother to learn as much anymore. Then they dumbed it down further with Windows 95, and 98, and ME. The more they dumb it down, the less people have to learn, and therefore the less they bother to learn. It will continue to go on this way.
Dumbing things down accomplishes only 1 thing - IT ENCOURAGES LESS LEARNING, AND MORE STUPIDITY.
It may not be fun to explain something technically complex to someone who doesn't know much, but that's when you have to push them to learn. The alternative is an increasing level of stupidity that will eventually come down to the level of people needing computers to think for them. Not my idea of a great thing.
"Jeremy - I'm a little confused - Intel's fault ?
I thought the CPU was a Samsung ARM11 ?
Maybe the production line uses Windows PCs so it could be Microsoft's fault just like the iPod windows virus?"
The crackers were not even interested until the switch to intel. They are like children wanting attention.
We could do this the hard way, or the easy way.
And when people were using DOS to do their CAD, and I was using a GUI, I was blowing their socks off. I was far more efficient. Could do things they could only dream of. I would often hear how Autocad guys couldn't do this or that. I went right up to an Autocad rep. at an AEC convention in Anaheim many years ago, and asked the rep. how they extrude down a spline running in 3D space. He had no idea. I went to the local Autocad dealer and asked and got no answer.
Simply put, some of us don't want to fight the interface. We don't want to have to become a programmer to do architecture. We want the computer to do what it does, so we can spend the most time doing what we do best.
If I had five lifetimes, I could become a concert pianist, a physicist, a world class athlete, historian, lawyer, accountant, car mechanic, doctor, blah, blah, blah. But many have to figure how best to spend their time. Juggling family and work.
It is one thing to not dumb down. It is another to know how to expediently spend one's time. How to get the most bang for the buck so to speak.
Just imagine what a totally boring world it would be if all were programmers.
And think how absurd the statement that anyone not taking the time to learn about the inner workings of a computer is making himself dumb.
You may know computers, and that is a big maybe, but I wonder how much common sense you have.
"When the IPhone launches in Europe will it fall fowl of handset portability and competition rules by being locked in to just one network. Afterall you're supposed to be able to change network if you want, keep your own number and bring the handset (which you paid for) with you."
Virtually all the phone networks in the UK (bar O2 - I think..) lock their contract phones to the network you bought it from.
Not much to add but couldn't resist this one.
Nexox Enigma said
"@Whomever said that OS X is the buggiest whichever in the where:
It clearly isn't. It is just the most irritating. My list of reasons for wishing that one day my department will replace all the Macs that I support with PCs is immense. And it is far shorter than the one filled with reasons that I'd really rather not use one personally."
Ironically, the only thing stopping me from doing the exact opposite is the damned 3-year rule - gotta get value for money. The small capital differential (and it really is small these days) far outweighs the difference in support costs for our setup. Irritating? The only use I have for a PC at home is EAC (unfortunately no OS X equivalent is possible).
@nexox
"Plus, OS X has odd ways of handling things that it does not expect. I keep a really fun piece of hardware in a cabinet by my desk: A PS/2 to USB adaptor for a keyboard. Plug a PS/2 mouse into it, then plug it into a Mac, and it will hard freeze instantly. "
Why on earth would anyone want to do that? I mean, are you really that short of mice that you need to do things like that? I have an adaptor that allows me to plug and American 110AC plug in to the UK 220AC socket, duh, why would I want to do that either? Just because I can?
@Jags
"in addition to the bugs mentioned in the article there are other shortcomings in i(nferior)phone:
1, NO 3G/High Speed Internet(YES, its available from the same at&t in major cities & i'm using since Nov-06, works fine between 700 to 1400 Kbps)
2, NO GPS.... " etc blah blah bleat...
If a device doesn't offer you what you want find something that will! Hello! It's called 'consumer choice', look it up.
For me personally (and a lot of friends) I'd like a phone that just made phone calls properly and, more importantly, a service that works no matter if I stand by the window or the middle of the room...
Relax everyone, it's just another consumer device! Always good to see Apple rattling the stick along the bars...
TTBOMK it's only pay-as-you-go phones that are locked to a particular operator, not phones on a contract (after all, you still have to pay line rental whether or not you actually make any calls, download any data or send any texts; with a pay-as-you-go phone, there is *no* line rental so the telco could lose out if it was easy for you to walk away). My old Nokia 3210 (now there was a classic handset!) on Vodafone Contract would take any old SIM you cared to stick in it; other people's pay-as-you-go phones, even on Vodafone, consistently refused to accept my contract SIM. When its battery no longer held enough charge to carry on a proper conversation, I upgraded to a second-hand Sony Ericsson w810i which the previous owner assured me had originally been bought SIM-free. I've also seen plenty of Vodafone-labelled phones on Orange and O2.
At any rate, the lockdown is hardly very tight: unlocking software seems to be widely available for most phones. Shops which sell bare SIMs will even unlock competitors' handsets to work on their networks.
European law generally favours a consumer's right to do as they choose with products they have bought and paid for, and takes a dim view of manufacturers seeking to impose artificial restrictions on other people's property.
WRT Andy Blackman's earlier tilt at someone blaming Intel:
1. The platform's not really the issue here, anyway - most of the problems seem to be in application-layer security from what I've read.
2. The 'Samsung ARM11' processor is so called because, although manufactured by Samsung, it uses an ARM CPU core licensed from Intel (or possibly Marvell, if it's XScale - see http://en.wikipedia.org/wiki/ARM_architecture)
" would be careful about saying Apple products are 'more' buggy - expose an alternate modern smartphone to the same levels of hacking and you're sure to come up with comparable results."
Not the case - the speed at which issues are coming to light on iPhone is unprecedented and hilarious - a real venomous charge - partly backlash to the iPhone spin but mostly I think to Apple's attitude (dumb insolence) to security researchers over the various OSX cockups of recent months - several years if you look at samba.
Checkout the iPhone thread on
http://www.hackint0sh.org
I'll not argue about not fighting the interface, that's a dumb thing to do. However, when it comes right down to it, Windows has gone over that line and WELL BEYOND dumbing things down. Great, fine, make an interface that allows for efficiency and advanced functionality, I'm all for it, and always have been. But don't dumb it down so bloody much that people don't have any reason, any incentive, to learn at least a little about the equipment they're trying to operate. Can you show me an interface that does this? Because I'll most certainly tell you Windows ain't it. Nor is the interface on most Cellular phones, or most other consumer electronics devices these days. They've almost all been dumbed down to the point people don't need to - and therefore don't bother to - use the brains they were born with.
Yes, I know computers, at least in as much as supporting them and fixing them on a daily basis as my job. I also have plenty of common sense. No, I don't believe in doing everything the hardest way it can be done, and I'm by no means a programmer (I detest coding with a passion), but I've seen the effects of dumbing down interfaces. 15 years ago, people using computers had at least enough knowledge about them to be able to (and know they should, and actually do it) run basic maintenance tasks once in awhile. They knew to write down error messages and give them when they called for help. They knew if they submitted a request for help to their IT dept for instance, to include what they were trying to do, and what happened, whether there were error messages, and if so, what they were. They knew approximately what files were OS related, or at least what areas they were stored in, and to NOT BLOODY GO MESS WITH CRAP THEY KNEW NOTHING ABOUT AND COULD COMPLETELY STUFF THEIR BOX.
Now, this has all gone out the window. As Windows has gone more and more dumbed down, people have gotten more and more lazy and stupid.
People generally don't bother to run any preventative maintenance on their computers. They don't bother to remember or write down error messages, they just click to get them off the screen as quick as they can. The common helpdesk request now reads something like "my computer doesn't work" or "This thing is broken, please fix it now". When you ask them what is wrong, the typical response is "I don't know, it just isn't working" then they lead you on a game of 20 questions where you have to specifically ask for every piece of information - what exactly were you trying to do, what program were you using, what did you type or click on, what happened when you did that, did it give an error, what was the error - oh you didn't bother to read it how lovely of you. People now commonly go screwing around with files and or parts of their computers they have utterly no business doing so, and then get mad when they break it, and by god it's not their fault, it's the computers fault, or it's ITs fault.
Who the bloody hell is the one with no common sense? Not me, it's the users these days, and it's because of dumbed down interfaces.
Go make an interface that allows advanced functionality and efficiency but doesn't dumb everything down and allow people to be morons, and you'll probably get richer than Microsoft, just from all the IT departments in the world who would probably do everything they could do get your interface used in their organization to save them a little sanity.
Most of the hackers out there are not even rich enough to purchas internet, a lot of them I find stealing a hot spot form some poor unexpecting indivual that had no idea that any one could do that, the price of the phone was a simple way to keep most of the trouble out of the phone. I suggest you go and get a Job and make some hard earn money to plop down on a device like this. Most of the comments I have read, looks like from people that are upset that they price them out of there .50 cent budget, I guess they really did not need to put security soft ware in, the abilty to charge more then the average hacker has was good enough.