Subscribe to this blog's feed

Amazon

Recent Posts

Bio

  • David Rice is an internationally recognized information security professional and an accomplished educator and visionary. For a decade he has advised, counseled, and defended global IT networks for government and private industry.

    David has been awarded by the U.S. Department of Defense for “significant contributions” advancing security of critical national infrastructure and global networks. Additionally, David has authored numerous IT security courses and publications, teaches for the prestigious SANS Institute, and has served as adjunct faculty at James Madison University. He is a frequent speaker at information security conferences and currently Director of The Monterey Group.

Archives

More...

Links

Blog powered by TypePad

The views and opinions expressed are those of the author and do not reflect the official policy, position, or recommendations of the author's affiliations, partners, employers, or clients.

« A Trojan in Space | Main | Sitting Ducks In A Stagnant Quagmire »

August 28, 2008

iPhone: Hacked By A Touch (Two, really)

The Apple's password protection can be circumvented with the touch of a finger:

iPhone Password Flaw Discovered

To quote:

Circumventing the password involves the use of the device's "emergency call" keypad and amounts to only a couple of taps on the iPhone's multitouch screen...

Once the emergency call keypad is accessed through the passcode entry screen, a person only needs to double tap the home button, which takes the user to the iPhone's favorites section. From there, a person gets full access to the device, including applications, contact lists, and e-mail.

The apparent flaw, however, has a simple fix. Through the iPhone's "settings" option, a person only has to disable double tapping on the home button to make the device secure once again, users reported.

Configuration saves the day!! Whew.

Now all we have to do is include this setting as part of our protection frameworks [I'm thinking a CIS iPhone security benchmark at the very least] and comunicate to the 4 million plus iPhone users world-wide how to correct what Apple forgot to. Maybe even a Secure Mobile Device Configuration Act of 2009 (and a similar European law) which makes users liable for insufficiently protecting personal information of friends, family, and business associates by not correctly configuring their iPhones.

It's a simple fix, really.


Posted on August 28, 2008 |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54f9408a3883400e554986ec08834

Listed below are links to weblogs that reference iPhone: Hacked By A Touch (Two, really):

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.