Securing Your iPhone - More Vulnerabilities
(Page 4 of 4 )
Web access password cache: Unconfirmed reports suggest there may be an issue with the way the iPhone's Safari browser handles its password cache. According to our information, the browser retains some user-entered web site passwords even after the cache, history and cookies are explicitly cleared. The issue is said to affect NT access passwords entered into pop-up windows, and manifests itself by Safari declining to ask for authentication details on subsequent visits to the affected sites.
Clearly, if confirmed, this flaw, in combination with the home key vulnerability that allows full Safari access, could turn out to be potentially lethal for anyone who uses their iPhone for banking or other highly sensitive purpose. The best advice, at least until further details of these reports are available, is not to use your iPhone for any such online activity.
No passcode protection on certain security settings: It is axiomatic that a user should have to supply the passcode in order to modify any of a phone's security settings. This is certainly how just about every manufacturer has approached system design. For reasons best known to itself, Apple has elected to exempt the iPhone from this rule, at least as far as some of its security settings are concerned.
Consider the passcode lock setting, for example. This is the setting that determines the length of the period of inactivity that must expire before the iPhone will lock itself. On just about every other phone, changing this setting requires the user to input the passcode, but not on the iPhone. This makes it trivial for an unauthorized user who finds an unlocked phone to extend the period of use to its maximum, thereby significantly increasing the ease of extracting data or doing other damage to the phone.
While not a show-stopping flaw in itself, this is the kind of oversight that makes life easier for thieves and hackers to abuse an iPhone, and Apple should know better than to offer such people any unnecessary assistance.
Conclusion
It's by no means unusual for a number of security issues to emerge in a new - or relatively new - device. The spotlight shines especially strongly on Apple at present due to the unrivaled popularity of the iPhone, along with Apple's widespread reputation for security consciousness. There is a high degree of surprise at the iPhone's perceived vulnerabilities that is perhaps disproportionate to the actual risk they represent.
Nonetheless, these are serious issues, both for Apple itself and for the large numbers of iPhone users whose phones hold data they wish to protect from public access. It is to be hoped that the majority of these issues will be dealt with in future firmware updates. In the meantime, users can protect themselves through a combination of security awareness, pragmatic workarounds, and most of all by keeping a tight hold on their handset at all times.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
