Author Archives: Les Jones

Gawker – Apple’s Worst Security Breach: 114,000 iPad Owners Exposed:

Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.

Slashdot – iPad Left Vulnerable After Record iPhone Patch Job:

With Monday’s iOS 4 upgrade, Apple patched a record 65 vulnerabilities in the iPhone, more than half of them critical. However, the first-generation iPhone and iPod Touch, as well as the much newer iPad, may have been left vulnerable to some or all of the 65 bugs. iOS 4 cannot be installed on 2007′s iPhone and iPod Touch, and the upgrade is not slated to reach iPad owners until this fall. The bug count is a record for the iPhone, surpassing the previous high mark of 46 vulnerabilities patched last summer with iPhone OS 3.0. Formerly known as iPhone OS 4, iOS 4 included 35 bugs, or 54% of the total, that were tagged with the phrase ‘arbitrary code execution.’ It’s unclear how many, if any, of the vulnerabilities affect Apple’s iPad. The media tablet runs an interim version of the operating system, dubbed iPhone 3.2, that followed the February iPhone 3.1.3 security update. It’s possible that some of the bugs patched Monday were fixed by Apple before it launched the iPad in early April. But according to the Common Vulnerabilities & Exposures database, it’s likely that many of the flaws fixed on Monday still exist in 3.2.

SecuriTeam – a new strong passcode feature in Apple IOS 4 for iPhone:

Stong passcodes means that you can finally do away with the standard 4 digit PIN to lock your iPhone and you can now set up complex passwords instead. To enable this, go into Settings->General->Passcode Lock and then turn off Simple Passcode. For more information on how to enable this feature, please see the Apple article HT4175.

SecuriTeam again – the potential for iPhones to be used in data exploits:

After Jailbreaking my phone, the first things that I installed were nmap, metasploit, tcpdump and an application to enable my phone as a USB drive. This allowed me to gain access to a corporate network via wireless on my phone, and exploit a windows host in about 10 minutes, all from sitting in the lobby. Also with a bit of scripting/or paid for applications, I was able to plug my iPhone into a PC and copy everything that was stored in the My Documents folder for that user. Some of this was company confidential data, some of it was personal photos and banking details. Don’t get me wrong, I love my iPhone, but I believe that corporations should really take smart phones as a serious security risk, and not just write them off as phones.

And it isn’t just Apple phones having problems: Report: A fifth of Android apps expose private data

PREVIOUSLY … More Questions About Apple iPad’s Security