B2B Articles - Jul 28, 2012 7:17:56 PM - By Randall
Security on the iPhone continues to improve which is important for owners of Apple mobile products. Ironically it's good for hackers too.
Apple's presence in the enterprise community continues to grow. iPhones and iPads are commonplace in Fortune 500 companies and government agencies, including the White House and the U.S. military. In order to do so, however, Apple had to update its iOS mobile operating system with some of the industry's most robust security features.
Now many mobile app developers no longer put their own safeguards in place, and instead rely almost exclusively on the core security features of the iOS for security. Now one vulnerability can easily effect thousands of apps.. "Security is now an afterthought for many app developers," said Jonathan Zdziarski, senior forensic scientist at viaForensics, in a presentation at the Black Hat cybersecurity conference in Las Vegas on Thursday. "That means if you hack one, you can hack them all."
At Black Hat this year Zdziarski delivered his workshop on "The Dark Art of iOS Application Hacking." The scenarios Zdziarski outlined are scary, but they're also far-fetched. To hack all the apps on your phone, a hacker would need to:
"This isn't Chicken Little and the sky is falling," Zdziarski said "But the message is if you don't add your own security to your app, you're highly susceptible." Zdziarski live-demonstrated some of the vulnerabilities of a few popular iOS apps.
For instance, a bug in PayPal's app allows a hacker to place malicious code in a stolen iPhone and get all the log-in information that a user enters. It's unlikely. The hacker would need about 20 minutes with the iPhone to do it..
"The security of our users is a top priority for PayPal," the company said in a statement. "One of the benefits of using PayPal on a mobile device is that a user's financial information is stored in the cloud and not on his or her device. Therefore, even if a device is compromised a user's financial information is inaccessible."
One vulnerable spot is Apple's lack of password confirmations any time a user returns to an app they've previously logged into. In one demo, Zdziarski tweaked an app's code and entered, "userIsLogged: 1." That "1" means "true" in this case, and the app was tricked into thinking the user had been properly identified. Zdziarski's goal wasn't to call out any company in particular, he said. Rather, it was to warn developers when dealing with security in their iPhone apps. "Apple has good security," Zdziarski said. "Just don't rely entirely upon it."
Tel 212-993-7809
Ironpaper ®
10 East 33rd Street
6th Floor
New York, NY 10016
Map
New York Agency
B2B marketing
B2B Content
Demand generation agency
Digital Marketing
Account-Based Marketing
ABM for SaaS
ABM for energy
Demand generation campaigns
Industry marketing
Privacy Policy
First-party data marketing
SaaS marketing
SEO for B2B
IoT Marketing
B2B Marketing for IoT Companies
HubSpot Agency
B2B Product Marketing
B2B Software Marketing
IoT go-to-market strategy
IT Marketing
HubSpot for ABM
ABM for AI companies
Technology Marketing
Marketing for IT Companies
ABM Campaigns
B2B lead generation
B2B Marketing and Growth Agency.
Grow your B2B business boldly. Ironpaper is a B2B marketing agency. We build growth engines for marketing and sales success. We drive demand generation campaigns, ABM programs, B2B content, sales enablement, qualified leads, and B2B marketing efforts.