A big name entering the cell phone market is likely to put mobile device vulnerabilities in the spotlight. Of course I’m referring to Apple’s iPhone. The long awaited and highly anticipated entry into the mobile market for Apple. This isn’t a review about the iPhone though, but a short look at the impact it’s going to have on mobile security.
Just 3 days after the iPhone release date, researchers have already found a few vulnerabilities in the iPhone. One of the vulnerabilities is an overflow issue in Safari, which could lead to a code execution issue. A denial of service vulnerability was also identified in the Bluetooth module. Fuzzing the Bluetooth interface causes the phone to become unresponsive.
There are already many vulnerabilities known in existing phones, including smartphones running Windows mobile. At the current moment they are fortunately not exploited in great numbers. Carriers have also been very slow at updating the phones, to such an extent that it’s estimated that as many as 90% of all smartphones are currently vulnerable to at least one exploitable issue.
Apple has smartly kept the iPhone very close to them. Apple’s update track record is much better than any mobile carriers, and the iPhones are designed to update periodically. Hopefully vulnerabilities identified in the iPhone will wake up the other manufactures and carriers, and get them to updating their phones as well.