Log in

No account? Create an account
Previous Entry Share Next Entry
So how secure *is* the iPad OS, anyway?
For a long time, it's been a commonplace that the most dangerous operating system to run was Windows: more often, and more nastily, hacked than any other personal-computing platform. That was for several good reasons, one of them that most versions of Windows have been crap. But another major reason was the hothouse effect. Since there were more Windows machines out there than anything else, simple network effects insisted that it would give you the greatest bang for your hacking buck: more machines that are more alike produces the best opportunities to go create viruses, zombiebots, and other self-reproducing fun.

So as the iPad becomes The Greatest Thing Since Sliced Bread, I find myself wondering, sincerely, about how bulletproof its security is -- because *boy* has it painted a gigantic target on itself. It's the hot new thing, that *everyone* is piling into. It's a very nicely unified platform: the upside of Apple's little walled garden is that an iPad is an iPad is an iPad -- the devices are very consistent compared to grungy desktop computers. Heck, the really cool ones even have always-on connectivity thanks to that 3G capability. If I was a hacker looking to create trouble today, I'd be the first person in line at the Apple store, disassembling the heck out of the thing and looking for ways in.

It'll be interesting to see what happens. It's possible that Apple really does have its security act together well enough that nobody manages to perpetrate a truly bad hack. But all it would take is one hole in the wrong place, and this has all the makings of the fastest-moving computer plague since the Morris Worm.

(Yes, yes -- there's a measure of sour grapes here. I have little desire to give Apple more money right now, and I am twiddling my thumbs waiting for an Android-based competitor worth my half-grand. But still, Apple is more and more looking like the old Microsoft, and that has implications...)

  • 1
Thanks for the post.

I was briefly infected with the interest in an iPad, as I might get something on that order, but probably a laptop is more my style. Not the least of which is that I type very fast, and I doubt the virtual glass keyboard would work for me for reams of allegedly creative typing.

But Metageek had a good time looking at iPads online on my behalf, as well as laptops. In the end, I probably won't be buying before Late Fall anyway, which is time to see how it all shakes out.

How do you feel about Google's empire building and Android's part in that?

In a word, nervous. Google is doing a *magnificent* job on the platform network effects: the more you buy into the Google data cloud, the more powerful it is. That has me getting increasingly bound to Google.

The only reason I'm not *massively* worried is the fact that so far, they seem to actually still mean the "Don't be Evil" thing -- they're one of the few vendors I've ever seen that is taking seriously the question of how users can leave their platform, and making that plausible. That buys both sympathy and credibility from me.

But still: it doesn't take long for a company to turn bad, so I do keep an eye on them. (And really ought to back up my critical data in the Google cloud a little more often...)

Yeah, saw that. I'm unclear on whether it's practical to do maliciously, or whether it requires too much user cooperation to be practical for virus use. But it does illustrate that the machine is far from completely locked-down -- at least, not nearly as much as Apple would like...

Slightly OT, but... why is everyone so bouncing-off-the-walls about the iPad? I was told it's an iPod Touch only with a bigger screen, and in that case wouldn't it make more sense to simply get a tablet?

Summed up, it -is- a tablet. But with a constrained interface more designed for that purpose than most tablet computers, which just run a flavor of Windows. Windows is very much still designed for the mouse and keyboard world. Add into it the Apple Store application ecosystem (thousands of apps, easily found, at low prices), the low weight (1.5 lbs) compared to most tablets, and the partnerships with various media outlets (online/print, netflix, etc.) and the 10 hour batter life, and it turns out to be a tablet with an edge over other tablets.

Er, what's your definition of cheap software? It looks to me like that particular article is talking about 3 computer games -- I tend to pay $20-$40 for video games on a desktop machine, more on a console device. There's also Pages in there -- MS Word 2007 has a retail price of $220.

iPad apps aren't *free*. Compared to software on a Windows desktop, they are comparatively cheap.

True. I suppose there are two things here: (a) it's more than people got used to on the iPod, and (b) I'm not used to paying for software any more; almost everything I use runs Linux. (The exception is my Symbian phone.)

Sure. I'm personally not paying for any of the software on my iPod -- I'm too strong of a member of the cult of free for me to feel like it's worth it. I'm also not the kind of person who would buy an iPad :)

Overall, the whole App Store culture is still a very strong motivator for the iPhone/iPod Touch/iPad.

True, but it sounds like they're crossing a significant mental line. iPhone and Android apps are mostly cheap enough to be no-brainers: it is scarcely worth my time to even *worry* about whether a $1-2 app is worth the money, so long as I don't think it's actively malicious.

By contrast, it sounds like a fair fraction of iPad apps (and we'll see how many) are getting just pricey enough to actually count as purchases, rather than pocket change. It'll be interesting to see how that affects sales...

Perhaps your pockets are better at holding change than mine, because to me, the line between 'free' and '$1' is wider than the line between "$1" and "$10" :) I don't disagree about the distinction, but I stand by the statement that even on the iPad, the key thing which makes it even moderately useful is the App Store and related experience.

(Deleted comment)

So how secure *is* the iPad OS, anyway?

I've been assuming that the iPad OS is pretty similar to the iPhone OS. The DevTeam people have a constant background task of finding holes in the latter so they can jailbreak each successive OS version, and presumably Apple has a background task of filling those holes. After the latest OS release, the DevTeam folx said "this release buys you no new functionality, and we don't want to waste a hole on it; just don't download it."

Re: So how secure *is* the iPad OS, anyway?

Breaking into a device with full access to it is one thing, but 'hacking' it remotely/without the knowledge of the user is another thing entirely. I think that Jailbreaking is interesting (and great for users of the devices who care about such things), but I don't think that really speaks much to the 'hackability' of the device from a malicious outsider.

Re: So how secure *is* the iPad OS, anyway?

I'm not sure there's that clear a dividing line. If you can persuade someone to download your software and install it on their computer, you have "full access" to it, even though you may be doing things the user doesn't know you're doing.

And from Apple's point of view, jailbreaking IS "a malicious outsider".

Re: So how secure *is* the iPad OS, anyway?

Without jailbreaking an iPhone, you can't install any software that hasn't been approved by Apple -- the way they protect the operating system is to make all downloads go through the App Store, which they control. If they control all the sources of software, then they should be able to prevent hacks.

I can't claim that their approval process actually *does* this, and I doubt it does, but I think that that's the answer Apple would give: If you don't use unapproved software on your computer to talk to the iPhone/iPod/iPad, and you only download App Store apps, you will be safe and protected because Apple Loves You. If you do those other things, you're on your own.

The number of people who do jailbreak phones, allowing them to install unapproved software, is a very small target compared to the platform as a whole. Assuming the approval process weeds out bad eggs, it could potentially be safer than a more 'open' platform like Windows. I won't claim that it does/is that, but I think that's the idea behind the way Apple ensures the platform is as 'secure' as possible.

Re: So how secure *is* the iPad OS, anyway?

Yes, I believe this is exactly correct. But that comes back to my original question: how secure is this sandbox, actually? I don't actually know how far it's been pushed yet, but I assume that the hacking community is getting very interested in it...

Re: So how secure *is* the iPad OS, anyway?

If you can persuade someone to download your software and install it on their computer, you have "full access" to it

I'm not sure that's true. Third-party apps have some constraints; most famously, they can't fork(). They also can't access other apps' files; I suppose they get run in a chroot jail. So just because a hole in Mobile Safari lets someone gain root doesn't mean that it'd be possible for a third-party app to have the same hole.

I am sure Apple will be pleased that you think the iPad will have sales numbers to approach existing windows machines. Especially this soon after release.

Personally, I don't see them approaching existing _Mac_ numbers for a long time.

  • 1