device

jducoeur

Justin du Coeur

Previous Entry Share Next Entry
So how secure *is* the iPad OS, anyway?
device
jducoeur
April 5th, 2010
For a long time, it's been a commonplace that the most dangerous operating system to run was Windows: more often, and more nastily, hacked than any other personal-computing platform. That was for several good reasons, one of them that most versions of Windows have been crap. But another major reason was the hothouse effect. Since there were more Windows machines out there than anything else, simple network effects insisted that it would give you the greatest bang for your hacking buck: more machines that are more alike produces the best opportunities to go create viruses, zombiebots, and other self-reproducing fun.

So as the iPad becomes The Greatest Thing Since Sliced Bread, I find myself wondering, sincerely, about how bulletproof its security is -- because *boy* has it painted a gigantic target on itself. It's the hot new thing, that *everyone* is piling into. It's a very nicely unified platform: the upside of Apple's little walled garden is that an iPad is an iPad is an iPad -- the devices are very consistent compared to grungy desktop computers. Heck, the really cool ones even have always-on connectivity thanks to that 3G capability. If I was a hacker looking to create trouble today, I'd be the first person in line at the Apple store, disassembling the heck out of the thing and looking for ways in.

It'll be interesting to see what happens. It's possible that Apple really does have its security act together well enough that nobody manages to perpetrate a truly bad hack. But all it would take is one hole in the wrong place, and this has all the makings of the fastest-moving computer plague since the Morris Worm.

(Yes, yes -- there's a measure of sour grapes here. I have little desire to give Apple more money right now, and I am twiddling my thumbs waiting for an Android-based competitor worth my half-grand. But still, Apple is more and more looking like the old Microsoft, and that has implications...)
Tags:
21 comments :
( 21 comments Leave a comment )
  • 1
cvirtue
2010-04-05 06:35 pm (UTC)
Thanks for the post.

I was briefly infected with the interest in an iPad, as I might get something on that order, but probably a laptop is more my style. Not the least of which is that I type very fast, and I doubt the virtual glass keyboard would work for me for reams of allegedly creative typing.

But Metageek had a good time looking at iPads online on my behalf, as well as laptops. In the end, I probably won't be buying before Late Fall anyway, which is time to see how it all shakes out.

How do you feel about Google's empire building and Android's part in that?
(Reply) (Thread)
jducoeur
2010-04-05 08:51 pm (UTC)
In a word, nervous. Google is doing a *magnificent* job on the platform network effects: the more you buy into the Google data cloud, the more powerful it is. That has me getting increasingly bound to Google.

The only reason I'm not *massively* worried is the fact that so far, they seem to actually still mean the "Don't be Evil" thing -- they're one of the few vendors I've ever seen that is taking seriously the question of how users can leave their platform, and making that plausible. That buys both sympathy and credibility from me.

But still: it doesn't take long for a company to turn bad, so I do keep an eye on them. (And really ought to back up my critical data in the Google cloud a little more often...)
(Reply) (Parent) (Thread)
jducoeur
2010-04-05 08:53 pm (UTC)
Yeah, saw that. I'm unclear on whether it's practical to do maliciously, or whether it requires too much user cooperation to be practical for virus use. But it does illustrate that the machine is far from completely locked-down -- at least, not nearly as much as Apple would like...
(Reply) (Parent) (Thread)
serakit
2010-04-05 11:21 pm (UTC)
Slightly OT, but... why is everyone so bouncing-off-the-walls about the iPad? I was told it's an iPod Touch only with a bigger screen, and in that case wouldn't it make more sense to simply get a tablet?
(Reply) (Thread)
laurion
2010-04-06 12:16 am (UTC)
Summed up, it -is- a tablet. But with a constrained interface more designed for that purpose than most tablet computers, which just run a flavor of Windows. Windows is very much still designed for the mouse and keyboard world. Add into it the Apple Store application ecosystem (thousands of apps, easily found, at low prices), the low weight (1.5 lbs) compared to most tablets, and the partnerships with various media outlets (online/print, netflix, etc.) and the 10 hour batter life, and it turns out to be a tablet with an edge over other tablets.
(Reply) (Parent) (Thread)
crschmidt
2010-04-06 01:16 pm (UTC)
Er, what's your definition of cheap software? It looks to me like that particular article is talking about 3 computer games -- I tend to pay $20-$40 for video games on a desktop machine, more on a console device. There's also Pages in there -- MS Word 2007 has a retail price of $220.

iPad apps aren't *free*. Compared to software on a Windows desktop, they are comparatively cheap.
(Reply) (Parent) (Thread)
metageek
2010-04-06 01:19 pm (UTC)
True. I suppose there are two things here: (a) it's more than people got used to on the iPod, and (b) I'm not used to paying for software any more; almost everything I use runs Linux. (The exception is my Symbian phone.)
(Reply) (Parent) (Thread)
crschmidt
2010-04-06 01:34 pm (UTC)
Sure. I'm personally not paying for any of the software on my iPod -- I'm too strong of a member of the cult of free for me to feel like it's worth it. I'm also not the kind of person who would buy an iPad :)

Overall, the whole App Store culture is still a very strong motivator for the iPhone/iPod Touch/iPad.
(Reply) (Parent) (Thread)
jducoeur
2010-04-06 04:08 pm (UTC)
True, but it sounds like they're crossing a significant mental line. iPhone and Android apps are mostly cheap enough to be no-brainers: it is scarcely worth my time to even *worry* about whether a $1-2 app is worth the money, so long as I don't think it's actively malicious.

By contrast, it sounds like a fair fraction of iPad apps (and we'll see how many) are getting just pricey enough to actually count as purchases, rather than pocket change. It'll be interesting to see how that affects sales...
(Reply) (Parent) (Thread)
crschmidt
2010-04-06 04:47 pm (UTC)
Perhaps your pockets are better at holding change than mine, because to me, the line between 'free' and '$1' is wider than the line between "$1" and "$10" :) I don't disagree about the distinction, but I stand by the statement that even on the iPad, the key thing which makes it even moderately useful is the App Store and related experience.
(Reply) (Parent) (Thread)
metahacker
2010-04-06 04:34 pm (UTC)
Dunno, why do people get that way about iPhones? They're just smart phones with some apps installed. Or a Mac? It's just a computer, and overpriced at that. Or the iPod? The Archon had larger sizes and a better set of buttons, way before the iPod...why didn't it catch fire and become a household word?

It seems reasonable to expect that the iPad is 'just' a tablet in the same way. By streamlining and polishing the specific features that people really want and use, and by relentlessly polishing (and hyping) the pre-sales and gut-reaction experiences, Apple produces devices which are way more attractive than a breakdown of features might indicate.
(Reply) (Parent) (Thread)

So how secure *is* the iPad OS, anyway?

hudebnik
2010-04-06 01:10 pm (UTC)
I've been assuming that the iPad OS is pretty similar to the iPhone OS. The DevTeam people have a constant background task of finding holes in the latter so they can jailbreak each successive OS version, and presumably Apple has a background task of filling those holes. After the latest OS release, the DevTeam folx said "this release buys you no new functionality, and we don't want to waste a hole on it; just don't download it."
(Reply) (Thread)

Re: So how secure *is* the iPad OS, anyway?

crschmidt
2010-04-06 01:38 pm (UTC)
Breaking into a device with full access to it is one thing, but 'hacking' it remotely/without the knowledge of the user is another thing entirely. I think that Jailbreaking is interesting (and great for users of the devices who care about such things), but I don't think that really speaks much to the 'hackability' of the device from a malicious outsider.
(Reply) (Parent) (Thread)

Re: So how secure *is* the iPad OS, anyway?

hudebnik
2010-04-06 03:04 pm (UTC)
I'm not sure there's that clear a dividing line. If you can persuade someone to download your software and install it on their computer, you have "full access" to it, even though you may be doing things the user doesn't know you're doing.

And from Apple's point of view, jailbreaking IS "a malicious outsider".
(Reply) (Parent) (Thread)

Re: So how secure *is* the iPad OS, anyway?

crschmidt
2010-04-06 03:24 pm (UTC)
Without jailbreaking an iPhone, you can't install any software that hasn't been approved by Apple -- the way they protect the operating system is to make all downloads go through the App Store, which they control. If they control all the sources of software, then they should be able to prevent hacks.

I can't claim that their approval process actually *does* this, and I doubt it does, but I think that that's the answer Apple would give: If you don't use unapproved software on your computer to talk to the iPhone/iPod/iPad, and you only download App Store apps, you will be safe and protected because Apple Loves You. If you do those other things, you're on your own.

The number of people who do jailbreak phones, allowing them to install unapproved software, is a very small target compared to the platform as a whole. Assuming the approval process weeds out bad eggs, it could potentially be safer than a more 'open' platform like Windows. I won't claim that it does/is that, but I think that's the idea behind the way Apple ensures the platform is as 'secure' as possible.
(Reply) (Parent) (Thread)

Re: So how secure *is* the iPad OS, anyway?

jducoeur
2010-04-06 04:12 pm (UTC)
Yes, I believe this is exactly correct. But that comes back to my original question: how secure is this sandbox, actually? I don't actually know how far it's been pushed yet, but I assume that the hacking community is getting very interested in it...
(Reply) (Parent) (Thread)

Re: So how secure *is* the iPad OS, anyway?

metageek
2010-04-07 12:20 am (UTC)
If you can persuade someone to download your software and install it on their computer, you have "full access" to it

I'm not sure that's true. Third-party apps have some constraints; most famously, they can't fork(). They also can't access other apps' files; I suppose they get run in a chroot jail. So just because a hole in Mobile Safari lets someone gain root doesn't mean that it'd be possible for a third-party app to have the same hole.

(Reply) (Parent) (Thread)
corwyn_ap
2010-04-07 08:24 pm (UTC)
I am sure Apple will be pleased that you think the iPad will have sales numbers to approach existing windows machines. Especially this soon after release.

Personally, I don't see them approaching existing _Mac_ numbers for a long time.
(Reply) (Thread)
( 21 comments Leave a comment )
  • 1
Archive

Apr2017

S
M
T
W
T
F
S
      1
2345678
9101112131415
16171819202122
23242526272829
30      
Links
The Art of Conversation
Facebook
Google+
Tags
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Powered by LiveJournal.com
?

Log in

No account? Create an account