Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"As for the Pre, anything that allows arbitrary devices to pretend to be an iPhone and sync jeopardizes email account information--which can be synced to the iPhone--and is a security flaw"

So any of the billions of iPod users are automatically trusted? I can't imagine the security of email on the iPod depends on trusting all iPhones? Surely they have some other mechanisms in place?



So any of the billions of iPod users are automatically trusted?

Well... yes. Right? I mean, not 100% trusted -- does anyone trust their own software 100%? But as trusted as software written or vetted by Apple can be.

iPods exclusively run software that is under Apple's control. On everything but the iPhone and iPod Touch, 100% of that software is written by Apple itself. And even on the iPhone, Apple has the power to immediately halt distribution of any app that is causing trouble until the app is fixed. (And, as we all know, they do this. For reasons far less important than security holes.)

You can, of course, run non-Apple-reviewed software on your hardware. But Apple will disclaim all responsibility for your fate -- and, as we can see, they will actively try to shake you off.


It would be nice if, when you got an iPod Touch or iPhone, you created a certificate for it that meant that was yours and any copy of iTunes that wasn't also yours wouldn't sync to it. But not letting someone plug a friggin' iPhone into someone else's computer and sucking off their sensitive data is a different question from not letting someone plug in any arbitrary USB device and suck off sensitive data. Social norms keep people from plugging their iPhones into my USB, but they don't keep people from saying, "here, I'll send you some files off my thumb drive" and surreptitously stealing your email password from iTunes because they have a custom firmware that pretends to be an iPhone.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: