Apple seeks iPhone reverse engineering expert

Classic fallacy

Same problem with a penetration test: you will only prove that one specific person with a specific skillset and specific tools could or could not break the phone at that specific moment he/she/it tried.

Whoever gets that job should (a) ensure legal protection, AFAIK it's illegal to do this - there are no exceptions in the law that make doing this legal, even if you have permission and (b) realise that it's a time bomb: it's you against a gazillion others, and you will get the blame if they find a way in.

Doesn't surprise me the job's still open..

Hmmm

If a person gets this job and holds it for any length of time, I'd be willing to bet that they get approached by the Mafia or other organised crime syndicates to hack IPhones in exchange for a large salary or the privilege of not getting killed.

Truly an offer you couldn't refuse.

Seriously...

Reverse engineering anything is not itself illegal, it depends how you go about doing it, many companies build interoperability into their software or systems using reverse engineering because the documentation is not out there to support legitimate development. Reverse engineering, esp. in the states has long been seen as a driver for competition, with it being supported in a number of cases by the Supreme Court, however may, if done incorrectly stray into patent infringement. It is obvious to anyone with access to Google that simply reverse engineering, and/or hacking into a system is far from illegal, it depends who owns that system (for example hacking into your own computer is fine, hacking into the governments is clearly a big no). Also why would anyone want to pay someone who is working on the iPhone to open it up specifically to them? Seriously, where is organised crime's benefit in this, none, nothing

Ultimately most major IT firms hire people capable of breaking into their system, why? Because if they are breaking into their own systems they can fix them before these securities holes are widely found and exploited, if someone else is breaking into them no one knows what they're going to do. There are plenty of examples of people being very successful at hacking systems, even if their goals were far from the companies own goals, if I remember correctly the individual behind the most popular Dreamcast boot loader was offered a job at Sega.

It is quite disturbing that some people assume that people who do this are highly corrupt, there are plenty of people out there who want to understand who item x or y works without any further desire to do anything, I expect the sole reason this job is still open is that no one with the relevant skills has presented themselves in the correct light for Apple to hire them, have you not considered that a lot of people currently digging through the iPhone in their spare time don't already have better jobs? Simply don't want to work for Apple? Or don't live in the US? I think it's unlikely that any sort of fear of walking into the interview and immediately getting bundled to the ground by the police and dragged off to jail is preventing the qualified candidates who can apply, applying.

@ BWS

I hate it when Open source fanatics don't even aknowledge the advantages of a closed system.

By Keeping the iPhone closed, Apple can act as a Quality check on all software, this means there wont be software that hogs so much of the phones resources that it cant actually act as a phone, or worse, how about an iTrojan?

On a device like a phone, which we need to just plain work, without any risk of malware, a closed system can prevent such problems.

Apple needs to take iPhone security more seriously

The iPhone's security may one day become more important the that of MacOS for the Macintosh. It's scary to think that THE iPhone may become the new preferred vector of choice for virus writers. The iPhone has a large enough user base to attract unwanted attention and we know that the iPhones are syncing to Macs and quite a few PCs as well. If the syncing procedure gets compromised, a virus infected iPhone could detect the OS and inject the appropriate payload--thus killing 2 birds with one stone. And before any Apple-flavored-Koolaid-guzling fanboys say it could never happen "becuase we all know that all Apple software is ultra secure", realize that the software unlocking methods use security flaws in the phones software to inject and run arbitrary code.

Bet it stays open

Yeah, I bet the job stays open too. Anyone interested in cracking phones, I think would not be interested in working to *strengthen* the phone security -- it's purely a mindset kind of thing. Also, I think anyone that would be into security research enough to develop a jailbreak, realizes the fallacy of trying to lock down a computer the person owns -- working for Apple on it would be a waste of time, anything they do would be cracked within days. It's the fallacy of DRM* writ large.

*Fallacy of DRM -- the owner has the algorithm, the encrypted file, AND the decryption key. So, if they're at all motivated they can do whatever they want with the supposedly restricted file. Similar with IPhone, the owner *owns* the phone, you can't lock them out of it. Incidentally, the above reasons for IPhone are I think why most DRM schemes are so laughable -- i.e., not well designed, weak crypto, etc... anyone into crypto knows "unbreakable" DRM is impossible anyway, so the DRM designers get whoever is left to come up with a "good" crypto methods, and they in fact come up with very poor ones.

@ Chad H

[quote]

On a device like a phone, which we need to just plain work, without any risk of malware, a closed system can prevent such problems.[/quote]

Funnily, this is the same stance Microshaft takes. On a PC , an OS just needs to run. Shame Windows doesnt.

Took a "hacker" by the name of Linus to help deliver a stable operating system to the desktop. Thanks to him, and his mates who do not belong to a closed shop environment, I now have a desktop PC that works.

Ony One?

There are always going to be more people hacking than people employeed to stop the hacking of the iPhone so who's gonna win in the end? The position is pointless but I guess it would be fun for a while.

@david

except it isn't.. western governments are trying to "sanitise" the net and bring about their own government sanctioned net utilising their own "great firewalls"... just check out all of the legislation they are trying to put out and the commercial endevours that will employ DPI backed up with threat of disconnection and/or prosecution.

When they came for those who read "information likely of use to terrorists" we shrugged "why would you need to learn about how a bomb works and can be put together" we uttered.

When they came for the paedos many were whipped into a frenzy and said "too right we should find them and persecute them".

When they came for the freetards we all exclaimed "if we just take everything for free, no-one will make any more".

When they come for us for having an opinion and a thought that wasn't sactioned a governmental body, everyone will cheer because they have been told it's their duty to.

Yes, it's an extreme vision.. but it's one that is all too easy to bring into our reality.

Time for wireless mesh networks operated in private.

"Jobseekers should have a degree in computer studies,"

Now that really bugs me. Why would you need such a qualification? Some of the best hackers around exist because they have curiosity, a holistic approach to problems and a talent/passion for using logic and reason to solve them.

I've met plenty of computer science graduates without those skills and whilst I'm sure they could polymorphificate their way out of an object oriented paper bag a position such as this requires the fresh perspective these non computer studies graduates offer.

You can bet the existing broken security was designed by a "Jobseeker who had a degree in computer studies!"