Sunday, August 5, 2007

Hacking the iPhone and ease of hacking the Mac

For a long time, Apple and Mac users have disdained the PC and Windows as very bad in security, and instead tom-tommed the relative lower number of hacks on the Mac. Microsoft has always been on the defensive in terms of security, and the large number of cracks and holes available on the OS and apps have always led them to be worried. There have been people who have been saying that Mac has not shown so many cracks just because it has a 5% market share, and people have not found it worth their while to try and break through the Mac OS security:


Though there has yet to be any documented criminal hijacking of the iPhone outside of a lab, Miller says his research shows the relative ease of hacking smart phones, as well as Macs in general. He spoke with Forbes.com about the iPhone's vulnerabilities, Apple's short-lived patch and the company's undeserved reputation for building secure computers.
There are two issues with the iPhone. First, the specific weakness that we found in its Web browser. But there's a more fundamental problem. The iPhone runs everything as "root." In other words, there are no privileges for different users. They should have built layers of security. Instead, if you can find a single crack, any user has the entire phone at their disposal. Last week they basically patched a hole in the wall. But inside, it's still pudding.
Bad guys aren't yet targeting Macs because they want to maximize their time. That means writing viruses that target 95% of computers rather than 5%. Apple currently has around 3.5% of the market, but its market share is growing by around 35% a year. As Mac's numbers creep up to 30% or 40%, cyber-criminals will start asking whether it's better to spend two weeks writing a bug for Windows or just a couple days to write one for Macs.


Almost nothing in this interview is complementary to Mac, but one tends to agree with what he says. Windows is the dominant OS, and most hackers are anyhow biased against Microsoft, in addition people are ready to believe that Windows is inherently insecure, and hence most hackers target Microsoft. Now that the iPhone is a well advertised target, one can expect many more Black Hat hackers to target the iPhone for benefit, and for Apple to be on the backfoot.

No comments: