{"id":206,"date":"2008-03-16T13:45:25","date_gmt":"2008-03-16T21:45:25","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/03\/16\/security-review-iphone\/"},"modified":"2008-03-16T13:45:55","modified_gmt":"2008-03-16T21:45:55","slug":"security-review-iphone","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/03\/16\/security-review-iphone\/","title":{"rendered":"Security Review: iPhone"},"content":{"rendered":"<p>   iPhone offers lots of convenient functionality, such as phone, internet, music play and etc., making it a communication power house.  However, it also opens up lots of new security risks.  Since there is already an security review on iPhone 3rd party apps, I will focus on iPhone it self.<!--more--><\/p>\n<p>Assets:<\/p>\n<ul>\n<li>Personal information<\/li>\n<li>Contact lists of friends, family or customer<\/li>\n<li>Financial information<\/li>\n<li>Credibility of the user<\/li>\n<li>Credibility of Apple<\/li>\n<\/ul>\n<p>Adversary:<\/p>\n<ul>\n<li>Competitor\/Enemy of apple<\/li>\n<li>Apple itself?<\/li>\n<li>Ex-employees from Apple<\/li>\n<li>Identity theft<\/li>\n<li>Anyone with bad intention<\/li>\n<\/ul>\n<p>Potential Weakness:<\/p>\n<ul>\n<li>Connection could be sniffed, especially if connect through unsecure wireless network<\/li>\n<li>iPhone could be lost\/stolen physically.  Phones are easier to loose then computer<\/li>\n<li>User activities are collected by Apple.(says in the contract that Apple will collect user data to &#8220;better&#8221; server them)  So lots of personal information will be leaked, if adversary get access to Apple&#8217;s database.<\/li>\n<\/ul>\n<p>Potential Defense:<\/p>\n<ul>\n<li>Make sure only connect to reliable connection<\/li>\n<li>Prevent accessing any private\/important information from iPhone<\/li>\n<li>Make back up of all information from iPhone<\/li>\n<li>Don&#8217;t use iPhone?<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>iPhone offers lots of convenient functionality, such as phone, internet, music play and etc., making it a communication power house. However, it also opens up lots of new security risks. Since there is already an security review on iPhone 3rd &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/03\/16\/security-review-iphone\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":49,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-206","post","type-post","status-publish","format-standard","hentry","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=206"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/206\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}