When Apple introduced the
latest version of its Safari browser two weeks ago, it took the hacking community just hours to start reporting bugs in the beta code. Now that it’s shipping,
the iPhone is likely to get even closer scrutiny from many of the same security researchers. Here’s a list of the top items on the typical iPhone hacker’s to-do list.
Fuzz the Web browser
Apple has made it clear that if you’re an independent software developer that wants to write programs for the iPhone, you’re going to have to
write Web applications rather than software that runs on the iPhone itself. And as the introduction of the Safari 3.0 beta showed, Web browser flaws are easy to find.
Security researcher Tom Ferris says he paid someone to stand in line for him in order to get an early crack at the iPhone. He believes that the iPhone’s Safari browser will be similar to the 3.0 beta. And thanks to the iPhone’s
Wi-Fi support, he expects to be able to run “fuzzing” software that can bombard the iPhone with data over his local network, looking for errors that will cause it to crash.
Ferris says that Safari’s support of the Scalable Vector Graphics (SVG) language and the Portable Document Format may provide other avenues for Web attacks. “I’m ready to go,” Ferris said. “I’ve already found some SVG bugs in OS X.”
Hackers like Ferris said they discovered nearly 20 bugs in Safari, just hours after the 3.0 release. How many of those will cause the iPhone browser to crash is unclear, but the bigger question is whether or not they will lead to malicious code that the bad guys can actually run on the iPhone.
Find a way to debug
Because it wants non-Apple applications to run through the browser, rather than on the iPhone itself, Apple isn’t releasing software development tools for its new phone. From a security perspective, this may actually be good news for iPhone users because without any debugging software to tell them what’s really going on inside the computer’s memory, it will be hard for hackers to develop malicious exploit code to run on the platform. So most iPhone bugs won’t do much more than crash the browser.
Though sophisticated hackers could conceivably develop debugging tools for the iPhone it will take more time for real threats to emerge, said Marc Maiffret, chief technology officer with eEye Digital Security. “What you end up having to do is hardware-based debugging which requires physically taking apart the iPhone and using specialized… equipment,” he said. “This raises the bar on being able to successfully execute code and hack an iPhone.”
Take a close look at iPhone’s networking technologies
David Maynor, the chief technology officer of Errata Security made headlines (and enemies in the Mac community) last year by claiming to have discovered wireless bugs that affected the Macintosh. He says that the iPhone’s wireless stack is one of the first things that he will be looking at. “I have yet to meet a driver that hasn’t had bugs,” he said.
But Maynor is also interested in taking a look at how the iPhone uses Bluetooth, which has been a common source of security problems in other devices.
Because Apple hasn’t previously developed its own mobile phone, there is bound to be lots of new and possibly buggy networking code in the device. “One of the things we’ll look at as well is the new code that will have to be developed for a phone platform,” said Neel Mehta, a researcher with IBM ’s Internet Security Systems division. “With any piece of new code there’s always a risk that there could be vulnerabilities in it.”