Cupertino, We Have a Problem

Google's (Nasdaq: GOOG  ) argument for Android just got stronger. On Monday, blog ReadWriteWeb reported a potentially serious iPhone security flaw.

According to researcher Bernd Marienfeldt's tests, password-protected iPhones could be fully compromised if powered off, connected to a PC running Ubuntu Linux 10.04, and then powered back on. Additional tests performed by others revealed similar vulnerabilities when connecting password-protected yet powered-off iPhones to Mac OS X and Windows machines.

Cupertino, we have a problem.

Or maybe this is more than a problem. Maybe it's a disaster in the making. Among techies, few are as paranoid as corporate Chief Information Officers charged with safeguarding company data. That's as it should be. Breaches can lead to very expensive lawsuits and other headaches. So long as employee iPhones represent a lawsuit waiting to happen, CIOs will bar them from use while favoring staid yet more established mobile OSes, such as Research In Motion's (Nasdaq: RIMM  ) BlackBerry and Nokia's (NYSE: NOK  ) Symbian. They might even try Android.

Apple  (Nasdaq: AAPL  ) had yet to respond to Marienfeld's findings as of this writing. Even so, it's likely the forthcoming 4.0 version of the iPhone OS will fix known flaws and force hackers to find other ways into the iPhone. Given the ease with which 3Gs code was cracked, I expect they will.

And that's troubling to me as an investor. The iPhone and iPad share much at the operating system layer, and these are Apple's two greatest potential earnings drivers; devices that Dell  (Nasdaq: DELL  ) and Hewlett-Packard  (NYSE: HPQ  ) are emulating in their own designs. As iToys-cum-tools, they are as likely to be bought by companies as they are consumers. 

But only if all the security holes are filled. Hurry up, Apple.

Have security issues with the iPhone kept you from buying one? Are you planning on buying a new one when iPhone 4 is released next week? Tell us what you think in the comments box below.

Apple is a Motley Fool Stock Advisor selection. Nokia is a Motley Fool Inside Value pick. Google is a Motley Fool Rule Breakers  recommendation. Try any of our Foolish newsletter services free for 30 days.

Fool contributor Tim Beyers is a member of the Rule Breakersstock-picking team. He had stock and options positions in Apple and a stock position in Google at the time of publication. Check out Tim's portfolio holdings and Foolish writings, or connect with him on Twitter as @milehighfool. The Motley Fool is also on Twitter as @TheMotleyFool. The Fool's disclosure policy always gets its man.


Read/Post Comments (11) | Recommend This Article (2)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On June 03, 2010, at 4:30 PM, theHedgehog wrote:

    Marienfeldt's article makes it clear that Apple left a hole in their security model by making the device mountable under certain conditions. But, one thing that should be on everyone's mind about this story is that it's a security maxim that if you lose control of your hardware then you lose control of your security. There is no such thing as a perfect device that will only respond to you and only you. Given the disk and enough time, a talented person can break any encryption protection you choose to put on it. The real question is generally whether or not it's worth it. If your iphone/ipad/whatever falls into a competitor's hands, then it might be worth his time to get it hacked. If you lose it to a common street criminal, chances are he'll just get it reloaded from scratch so he can use it himself or sell it on ebay.

  • Report this Comment On June 03, 2010, at 4:35 PM, kramsigenak wrote:

    I'm sorry, this is so dumb.

    I left my car in a parking lot. Unfortunately the the car company (jeep) decided the car should have a windshield so I can see out. Wouldn't you know it, the thieves broke right in and stole my golf clubs. I'll never buy a car or golf clubs again.

    Thanks for the amusingly misguided article, I needed that chuckle.

  • Report this Comment On June 03, 2010, at 4:50 PM, l3iodeez wrote:

    @kramsigenak

    iFan much? Don't be thick, this is a serious concern.

    @InfoThatHelp

    True, but this kind of tweaking is exactly what people pay a premium to Apple to avoid. This is just proof that security issues are complicated and require agency on the part of the user. No vendor can provide a perfect solution, and Apple is no exception.

  • Report this Comment On June 03, 2010, at 4:58 PM, kramsigenak wrote:

    @l3iodeez

    This is not a serious concern. Whatever property you own (or think you own) has vulnerabilities. It's up to you as a consumer to know the threats and prepare accordingly. You own a home? a car? a bank account? Do you shop online? Do you shred your paper statements? etc etc. As the first poster implied, the number one responsibility is to keep a handle on your physical belongings. As for digital thieves, you also need to put up barriers there as well. There's no such thing as 100% security so find a way to deal with it.

  • Report this Comment On June 03, 2010, at 5:15 PM, TMFMileHigh wrote:

    @kramsigenak

    Thanks for writing, but you're way off point here. You're blaming the user when Apple's own presumed security protocols -- ones users are supposed to be able to trust -- failed.

    Here's a rewrite of your first analogy to more accurately reflect the problem:

    I left my car in a parking lot. Fortunately, the car company (jeep) decided the car should have locks on the doors. Wouldn't you know it, the thieves pulled on the handle hard enough and the door opened anyway. That's when they stole my golf clubs. When will jeep fix my door locks?

    Foolish best,

    Tim (TMFMileHigh and @milehighfool on Twitter)

  • Report this Comment On June 03, 2010, at 5:19 PM, l3iodeez wrote:

    @kramsigenak

    Of course the onus is on the user to maintain security. However the appearance of a glaring security hole in a system is relevant to the sales of that system. Just because any given system is guaranteed to have security problems, that does not mean that particular vulnerabilities don't matter. To take your vehicle example, If my business requires me to store sensitive materials in my car, and my car company is found to be installing alarm systems that are less effective than the competition, I'm likely to buy a different car. Comparing this security hole to a windshield is silly, a windshield is a standard feature not a previously unknown vulnerability. Anyway, if the windshield gets smashed, the alarm goes off. If the alarm fails, and I lose my sensitive golf clubs as a result, Im not buying another Jeep.

  • Report this Comment On June 03, 2010, at 5:20 PM, l3iodeez wrote:

    @kramsigenak

    Tim wrote a much more concise response than I. See his comment.

  • Report this Comment On June 03, 2010, at 6:05 PM, kramsigenak wrote:

    Tim and iodeez. Those are thoughtful responses. Let's use a litmus test to decide who is right. My contention is that this is next to nothing:

    Future iPhone sales and Apple share price will tell the tale.

  • Report this Comment On June 03, 2010, at 6:40 PM, TMFMileHigh wrote:

    @kramsigenak

    >>Future iPhone sales and Apple share price will tell the tale.

    Almost. We need to be more specific and say enterprise iPhone sales, the sort that I refer to in the article above. Consumers aren't nearly as paranoid as most CIOs.

    And by the way ... this is the sort of issue where I'd love to be wrong. I own shares of Apple.

    Foolish best,

    Tim (TMFMileHigh and @milehighfool on Twitter)

  • Report this Comment On June 03, 2010, at 8:31 PM, klattster wrote:

    Tim,

    You are not wrong, but spot on. The iphone doesn't support full disk encryption (FDE) which is the critical flaw. This keeps most CIO's of large companies from accepting this device into their corporate network.

  • Report this Comment On June 05, 2010, at 11:46 AM, tcpudp wrote:

    It is so funny to see how die hard Mac fans defend their Apple and at the same time bashing Microsoft's security flaw.

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 1199633, ~/Articles/ArticleHandler.aspx, 10/31/2014 2:38:52 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement