Find tech advice for business here
The iPhone's biggest security pitfall: All applications run as root
A few weeks ago, Rixstep posted a piece titled simply "Effective UID: 0," pointing out the fact that (as revealed by iPhone crash reports -- see this article on deciphering) expressing concern the iPhone runs most (all?) of its applications/processes as root (superuser, UID 0). This means that they enjoy full system rights -- a huge concern with regard to security, since any compromised application has the highest possible privilege level.
Today's divulgence of a purportedly successful iPhone exploit appears to be manifestation of these concerns. In its paper on the exploitation, discoverers states:
"[...] there are serious problems with the design and implementation of security on the iPhone. The most glaring is that all processes of interest run with administrative privileges. This implies that a compromise of any application gives an attacker full access to the device."
The level of control over the device if successfully exploited is, hence, supreme. As also described by ISE (the flaw-finding firm):
"by using other API functions we discovered, the exploit could have dialed phone numbers, sent text messages, or recorded audio (as a bugging device) and transmitted it over the network for later collection by a malicious party."
In fact, the research firm explicitly suggests restricting applications by forcing them to run with fewer privileges, recommending that Apple:
"Install applications such that they run as an unprivileged user. This would result in a successful attacker only gaining the rights of this unprivileged user."
As noted in this article on our sister site MacFixIt, "you should avoid being logged in as an administrator whenever possible," in the desktop version of Mac OS X. Unfortunately, the iPhone's version of OS X does not provide any option for doing so -- everything Apple has specified to run as root on the iPhone will do so.
We're not sure exactly why Apple did this; it effectively inhibits one of the primary benefits of running OS X on a phone -- multi-user privilege differentiation and space protection. Perhaps including true multi-user capabilities was deemed too resource intensive for the device.
Feedback? info@iphoneatlas.com.
So ? Repeat after me :
It is only a cell phone.
It is not a computer.
Let's cool down a little bit. This hysteria around iPhone security feels like something managed from Redmond...
Also:
- Windows for the desktop does have admin, non-admin, permissions, etc. options.
- The iPhone is both a computer and a cell phone. It runs a full-blown copy of OS X, minus a lot of the space-consuming graphics specific to the desktop version.
Today, someone demonstrated how he was able to take over an iPhone wirelessly (www.iphoneatlas.com/2007/07/23/purported-iphone-vulnerability-details-video-demonstration/). Though that exploit might not make use of the fact that all iPhone applications run as root (or it might, for all I know), it does demonstrate a serious security vulnerability.