Blog Archives

Hacking Alive and Well When It Comes To iOS


The dark art of iOS app hacking presented at Black Hat.


Español: Este es un logo para IOS (Apple). Más...

(Photo credit: Wikipedia)


There are three ways to hack an iOS app. One involves a zero-day exploit, a previously-unknown security hole. These are rare but not unheard of for iOS apps. The other two involve getting physical access to the phone, Zdziarski said.

“You can infect the phone without a passphrase. The virus or bit of code sits on the phone, waiting for the user to unlock it.” Or, he explained, “Give me two minutes with somebody’s phone and I can dump the entire file system from it.” From there, he said he could look at apps for an exploit to take advantage of remotely.

He argued that this could become a serious problem as iPhones and iPads continue to increase in popularity. Enterprise use of iOS is growing, he said, as is government use.


All due to a double-edged sword.


The problem, Zdziarski explained, comes from the double-edged sword that is the iOS monoculture. It has benefits, he said, including a reduced attack surface, rapid prototyping, and fewer holes to blame on the developer. But, he added, its homogeneous attack surface means that if you can hack one iOS device, you can hack nearly all. (While it’s true that there are different versions of iOS in use, there are significantly fewer than the different flavors of Android.)

Zdziarski noted that security has become an afterthought for iOS app developers, since they’re trusting Apple’s iOS Keychain and runtime to be secure. Keychain is the iOS feature that stores passwords, certificates, and other security-related items under encryption. “Anybody with freely available open source tools can get around that encryption now,” said Zdziarski, who said the encryption has been busted for two years. Zdziarski also showed how he didn’t even have to have the passcode to an iPhone to break its encryption. With a phone in his possession, he was able to drop a small piece of code from his computer onto the otherwise-locked phone. The code sits on the iPhone idle until the owner enters in the passcode, decrypting the file system and giving the malicious code access to the entire file system. “Developers are not turning on the encryption for most of their apps, and most users defer to a four-digit PIN, or a simple keyboard friendly passphrase.” So, although the phone’s operating system may be protected, the level of data security on the phone presumes that iOS won’t be hacked.

Source: iOS app hacking alive and well | The Download Blog – CNET


A great illustration of how developers need to understand the need for security trumps all.





Tablets to Surpass Notebook Growth in 2016

Image representing iPad as depicted in CrunchBase

Image via CrunchBase

Interesting, but not surprising.

The demand for tablet computers such as the iPad is growing so quickly that shipments of them are projected to surpass notebook shipments by 2016.According to market research firm NPD DisplaySearch, the mobile PC category is poised to soar from 347 million units in 2012 to more than 809 million by 2017. Tablets will be leading the way for that massive growth in the next few years.Tablet shipments are expected to grow from 121 million units to 416 million units by 2017, compared to 208 million shipments in 2012 to 393 million shipments in five years. Tablets will likely surpass notebook shipments in 2016.

Source: Tablets to Surpass Notebook Growth in 2016.

Social Networking the most important technology of 2011

That would be social networking in general, not one aspect that is the most important technology of the past year.

From the “Arab Spring” to BYOD, social networking was clearly the most important “technology” of 2011. I’m not talking specifically about any one platform. Sure, Twitter is important if you want to keep tabs on the latest movements of people important in your life. Facebook is perfect for lurking around and leering at people’s (more or less) personal lives. LinkedIn has become the de facto standard for business-based networking. We’ve all heard the stories about Wikileaks, Anonymous, and how technology seems to play a role in building up and breaking down political figures of the day.

I’m talking about all of the related technologies that make social networking possible. Social networking as we currently know it wouldn’t exist without virtualization, HTML5, and all of those  “as a service” offerings such as Amazon’s EC2. And don’t forget all of those mobile devices, including the shiny, new and ever-so compelling Android or iPad you just got for Christmas. All of these cloud-based technologies are behind social networking.

So, while I could have just written about one technology or device is the technology of 2011, that wouldn’t reflect the current zeitgeist. Right now, social networking is the technology of the year. It’s not any one implementation of virtualization (sorry VMWare). It’s not any one SaaS or PaaS implementation.

So how does that affect one’s career path in IT?  As with any aspect you should have focus.

For your career, focus on the individual pieces that make social networking possible. Are you interested in becoming a virtualization guru? Then learn about how virtualization makes social networking possible. Interested in what Cisco is developing to make voice, video and data more efficient? Then focus on how these things are implemented in the cloud and in regards to social networking.

Enhanced by Zemanta

Enterprise: Securing iPads

iPad is a Wi-Fi 64 GB version (another one beh...
Image via Wikipedia

IT organizations have come to a stunning realization: There is no stopping the great iPad enterprise invasion. Risks abound as companies must deal with securing iPad apps without much help from Apple, says Julie Palen, senior VP of mobile device management at Tangoe, a telecom expense management software and services provider.

Palen’s group develops software that helps companies such as Wells Fargo and Coca-Cola manage BlackBerrys, iPhones, Android devices, and iPads — any devices connecting to a company’s back-end computing environment via Active Sync, BES, and Good Mobile Messaging.

The iPad, in particular, has had a rapid rise in enterprise adoption. More than 65 percent of Fortune 500 companies are deploying or piloting the iPad, Apple said during its most recent earnings call. Around 60 percent of Tangoe’s new business deals in the last quarter involve companies that have already deployed iPads or are planning to do so.

But the iPad isn’t really enterprise ready, in terms of manageability and security, says Palen, a 10-year veteran of mobile device management. She says IT organizations are buckling under pressure to support the iPad, even though the iPad wouldn’t have passed last year’s enterprise security requirements. (Source: InfoWorld)

Be sure to read the entire interview.  Very interesting that the biggest obstacle to “security” in the enterprise with iPad’s is Apple itself.

Powered by ScribeFire.

Enhanced by Zemanta


It’s Mobile Fest week …

over at HootSuite.

It’s a big week here at HootSuite with a gaggle of new mobiles releases coming down that will have Hoot fans rather giddy. You already heard that all HootSuite mobile apps are free and now the nest is filling up with a bevy of FIVE flavors of mobile apps. Some are completely new to the group, while others are familiar favorites with an update for your social media enjoyment. We think you’ll find each a welcome addition to the family.

With all these new owls hatching, it just *feels* like a festival – so get out your party hats to celebrate new mobile apps. We’ve also added a contest to help you get your fingers on new owls stickers featuring these new flying feathered friends.

For mobile fest, we’ll launch a new mobile platform flying out each day this week – is a fest after all! Get a sneak peek at what’s coming and visit daily for the owl du jour.

New owl tools for the Ipad, Blackberry and Android just to name a few.

From an Android perspective hopefully the new owl will be better than Hootsuite Lite.

Powered by ScribeFire.

Enhanced by Zemanta


%d bloggers like this: