Security experts from Lieberman Software, STEALTHbits Technologies and Tripwire commenting on reports of a massive new iPhone user data breach.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erin, Director of IT Security and Risk Strategy at Tripwire :
“Users may be acutely aware of the limitations that are imposed on the iPhone by Apple, but they might not think through the protections that the Apple eco-system puts in place to prevent this kind of attack. Jailbreaking your iPhone delivers increased flexibility, but it comes at a cost. The world outside of Apple’s universe isn’t always so safe.
“There’s little doubt that this malware will pay dividends for whoever wielded it. Its success is likely to spawn more of these types of malware.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Lane Thames, Security Research and Software Development Engineer at Tripwire :
“Often times, mobile users get frustrated with various limitations that vendors place on their smart devices. Indeed, there are cases where we can all agree that limitations might have gone too far, especially if the “limitation” is actually done for the vendor’s benefit. However, limitations placed on mobile devices are often done for the benefit of the end user or for the greater good of the overall mobile ecosystem. This is definitely true in the case of mobile application management. Particularly, mobile application stores such as Apple’s iPhone App store and Google Play, which do a very good job of whitelisting mobile applications and preventing the spread of mobile malware. Users who jailbreak their devices in order to install those very few applications that are not available via an official app store are significantly more prone to being infected by malware such as KeyRaider. The costs of jailbreaking your smartphone is much, much higher than any potential rewards. At the end of the day, it’s just not smart to jailbreak your smartphone.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Tyler Reguly, Manager of Tripwire’s Vulnerability and Exposure Research Team (VERT) :
“The average iPhone user is not affected by this. It demonstrates the continued use of sensationalism that exists in tech reporting today.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Jonathan Sander, VP of Product Strategy, Lieberman Software :
“Once again we see that jailbreaking just means your iPhone is broken when it comes to security. Sophisticated users may chafe at Apple’s closed system surrounding the iPhone and App Store, but it’s hard to argue with the security outcomes. Jailbroken iPhones have proven to be good targets again and again. This also shows that privilege is still how the bad guys get their best work done. Jailbreaking essentially puts the higher level rights reserved for Apple on the iPhone in the hands of the user and quickly into the hands of the bad guys. When the bad guys can act like Apple on your iPhone, then they can do anything they want to you.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Kevin Foisy, Chief Software Architect and Co-Founder, STEALTHbits Technologies :
“Hackers often play on the human element and this breach speaks volumes to public awareness and apathy towards information security. Every IT security person knows that cracking an iPhone exposes users to unnecessary personal risk but the bigger picture unfolds when that iPhone connects to a resource inside the place of work. Despite security measures, the user just beamed the hacker inside the secure walls of their workplace.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Alex Berger, Senior Product Marketing Manager, STEALTHbits Technologies :
“It’s important to note that the iPhones that were compromised during this breach were only phones that have been jailbroken. Users who decide to jailbreak their phones are essentially undermining their phone’s OS security by giving themselves root access to the file system so that they can install any applications they’d like on the device. Jailbreaking is analogous to destroying the locks on all the doors in the office because you’re tired of not having access to the back door (‘but it’s closer to my car!’) whenever you want. Locks exist for a number of reasons, and generally the biggest one is security. In this case, sacrificing security for convenience was exploited by people with malicious intentions and iPhone users made it infinitely easier by crippling the locks.
It’s also worth noting that this lesson has already been learned in the corporate world, where organizations are investing millions of dollars to prevent privilege escalation across their enterprises. Granting everyone access to everything is seldom a good idea. It’s only a matter of time before consumers start to catch on as well.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.