or Connect
AppleInsider › Forums › Mobile › iPhone › Apple looks to hire new iPhone OS security manager
New Posts  All Forums:Forum Nav:

Apple looks to hire new iPhone OS security manager

post #1 of 30
Thread Starter 
As hackers continue to exploit the iPhone platform to run unauthorized code, Apple is in the process of hiring a new security manager to help lock down its mobile operating system.

A job listing on Apple's Web site seeks someone for the title of "iPhone OS Platform Security Manager," a position that would be based in the company's corporate headquarters of Cupertino, Calif. The company is looking for someone to oversee its team which ensures secure booting and installation of the iPhone OS and protecting and hardening it against outside threats.

As noted by Network World, it's not clear whether the position is new, or if Apple is looking to replace someone on an existing team. The Santa Clara Valley job was posted on Oct. 16, 2009.

"This position requires a very technical and hands-on leader, someone with a passion for understanding security exploits and coming up with innovative methods to create secure platforms," the company's description reads. "You must be a highly self-motivated individual who seeks to create a dynamic and creative team environment in which old problems are solved in new and innovative ways."

The position will require the manager to set the roadmap for the iPhone OS platform security, "with an emphasis on hardware support and trusted computing methods." Potential candidates must have three years of experience managing a software development team, direct experience with cryptographic or security related technologies, an expertise in system design with regard to hardware and software security exploits.

The focus of the iPhone OS security team is likely to prevent the practice known as "jailbreaking," via which users can run software not authorized by Apple for use on the iPhone.

Jailbreaking an iPhone allows users to run software not approved by Apple. Some of the capabilities allowed are harmless, like the ability to install custom wallpapers and themes. Some enter a grey area, such as enabling tethering on the AT&T network without the carrier's authorization. And jailbreaking can also allow users to engage in outright illegal activities, like pirate App Store software, if they so choose.

This week, teenage hacker George Hotz released a new jailbreak and carrier unlock combo that is the first successful hack for iPhone OS 3.1.2 and baseband 05.11.07. Hotz first made headlines two years ago when he was the first to successfully unlock Apple's original iPhone. This past summer, he also released the first jailbreaking tool for the new iPhone 3GS.

It has been a long back-and-forth battle between Apple and hackers since the iPhone debuted in 2007. While those working to crack the phone have, until now, been able to maintain their ability to run unauthorized code, Apple, at the moment, appears to have the upper hand. The most recently updated iPhone 3GS, released mid-cycle in October, requires what is known as a "tethered jailbreak," meaning that the iPhone must be attached to a computer via USB and have a hack applied each time it is restarted.
post #2 of 30
They will never beat the hackers, just give them minor roadblocks.
post #3 of 30
For some reason I thought they'd get the hint and go the other way with things
post #4 of 30
If you want the iPhone security to improve, you must hire extremely paranoid people from military intelligence and give them the authority to chop off the hands of programmers if they fail.

Ok, perhaps not the last thing, but security is a simple matter. What can be done will be done.

So use compartmentalized security. One photo pass and a password doesn't get you into every door in the Pentagon.

The military changes it's passwords often, sometimes everyday, sometimes every hour, you don't know and your not supposed too.

Apple might have to enable different OS, DRM chip and security for each and every iPhone.



And we all know this job posting is in response to the gray market jail broken iPhones in China killing the sales of the government mandated wifi less iPhones.

So how much of this is politics? Does Apple really want to be able to lock the iPhone down permanently or not?

Wait till the Chinese government realizes that this grey market iPhone business (and the high priced legal ones) is just a evil plot by western powers to undermine it's power by corrupting the population. Then all hell should break loose.


May I suggest Apple take a 20 or 30 thousand of those XServers and program them to find the flaws in their software and hardware instead of letting the public beta test everything and fix the holes afterward.

Computers have beaten humans at playing chess for quite some time now. Creativity is no match to brute force.

I still say Apple should move their manufacturing base to the US now in advance.
The danger is that we sleepwalk into a world where cabals of corporations control not only the mainstream devices and the software on them, but also the entire ecosystem of online services around...
Reply
The danger is that we sleepwalk into a world where cabals of corporations control not only the mainstream devices and the software on them, but also the entire ecosystem of online services around...
Reply
post #5 of 30
Jeez louise ...
They where ashamed of being outperformed by a 17 y/o ^^
But I love my jailbraked iPhone
15.4" Unibody MacBook Pro, 2.53GHz, 4GB RAM, 320 GB @ 7200 RPM HD;
iPhone 3G, 16 GB;
80 GB iPod (5.5 Gen).
Reply
15.4" Unibody MacBook Pro, 2.53GHz, 4GB RAM, 320 GB @ 7200 RPM HD;
iPhone 3G, 16 GB;
80 GB iPod (5.5 Gen).
Reply
post #6 of 30
Quote:
Originally Posted by quikbmwkid View Post

For some reason I thought they'd get the hint and go the other way with things

yeah that would be clever.
post #7 of 30
They should give up and give it to Charlie Miller.
post #8 of 30
Quote:
Originally Posted by elmancho View Post

Jeez louise ...
They where ashamed of being outperformed by a 17 y/o ^^
But I love my jailbraked iPhone

Makes you wonder how the current iPhone team in Cupertino feels about being bested by a 17 year old, and whether or not Steve has walked in and wanted them to tell him personally if they value their positions at Apple and precisely what corrective measures will be put in place to ensure that it doesn't happen again?

This new position will have to be filled with someone that can handle being screamed at when they fail to a 17 year old. This position will have to be filled with someone that can lock down the iPhone to the point where they won't have to worry about Steve strangling them in the hallway for all to see.

Some people like to jailbreak their iPhones. Some people want them secure enough that they can be trusted in elevated security environments. Having the iPhone OS broken by a 17 year old doesn't exactly sit well with IT departments when you're trying to get them to allow their use.

Just curious, why don't they encrypt the whole thing? My iPhone 3Gs has more power than my second computer did. There has to be a way to do it and not kill battery life.

I wish whomever fills this position all the best. I'd certainly hate to have to stand there in front of Steve and report that I'd personally failed him if the OS is broken again.
Fortes Fortuna Adiuvat
Reply
Fortes Fortuna Adiuvat
Reply
post #9 of 30
Dear Apple,

Many smart and experience people have claimed that it is impossible for you to prevent jailbreaking.

They are wrong. Here are the technical steps required to prevent all future jailbreaking:

Step 1: Open up the iPhone so there's no need to jailbreak.
Step 2: There is no step 2.

Until then, we'll all continue to jailbreak. At first I could understand the reasons for not opening up the iPhone, but the reality is, that unless there's theft of service, you aren't helping anyone.

As a UNIX based OS, the iPhone could easily come with a user account with the current limited permissions and within iTunes a user could enable root or admin levels.

Do this and we won't jailbreak.
post #10 of 30
Quote:
Originally Posted by ghostface147 View Post

They will never beat the hackers, just give them minor roadblocks.

They will if they hire George Hotz.
post #11 of 30
Quote:
Originally Posted by macslut View Post

... I could understand the reasons for not opening up the iPhone, but the reality is, that unless there's theft of service, you aren't helping anyone. ...

This sentence makes no sense.

In any case, the reality is actually the reverse of what your (trying) to say here. At first there were ample reasons to jailbreak your iPhone, now, years later, the main reason is just because you are ideologically challenged or just want to rip off software.

If you check out your history (I know that's a dirty word nowadays), you'll find that all hacking endeavours go like this. The early hackers are idealists and tinkerers doing what they do in the cause of freedom. They are then generally replaced by a lot of criminals and kids with less than noble motives who surround themselves in the mantle of the "white hat" hacker when in fact they are nothing of the sort.
post #12 of 30
Quote:
Originally Posted by macslut View Post

Dear Apple,

Many smart and experience people have claimed that it is impossible for you to prevent jailbreaking.

They are wrong. Here are the technical steps required to prevent all future jailbreaking:

Step 1: Open up the iPhone so there's no need to jailbreak.
Step 2: There is no step 2.

Until then, we'll all continue to jailbreak. At first I could understand the reasons for not opening up the iPhone, but the reality is, that unless there's theft of service, you aren't helping anyone.

As a UNIX based OS, the iPhone could easily come with a user account with the current limited permissions and within iTunes a user could enable root or admin levels.

Do this and we won't jailbreak.

FTW!!!

If I wasn't missing features and the ability to do some basic things (like 'themes' and MMS on the Iphone) I wouldn't have bothered jailbreaking. Since Apple didn't meet those demands I got curious and jailbroke my device. Save for MMS on the 2G Apple has now met most of the 'perks' I found to jailbreaking but without 'themes' there is still an incentive for me.

Bottom line...don't give people a reason to jailbreak and they won't. This includes dropping the exclusive AT&T deal and bringing the phone to other networks.
post #13 of 30
Quote:
Originally Posted by Brian Green View Post

Makes you wonder how the current iPhone team in Cupertino feels about being bested by a 17 year old

HAHA I hadnt looked at that way.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #14 of 30
Apple Can secure iphone as much as they wish because I am going to buy android or windows mobile. I am just waiting for a good handset to be made. I had enough of this jailbreak, why should i change to O2 because of iphone. I know they will soon be on Vodafone and orange but it still is no good although I am on Vodafone. because I go back home overseas often and i use a sim card over there and I need it to be unlocked. Apple made me sick with iphone. cannot download cannot do multitask,cannot change battery and a lot more. I must also admit it is good gadget and I am going to miss it but hell it, it is like everything else. I love the touch sensitivity i hope windows and android are going to improve on that.
post #15 of 30
Quote:
Originally Posted by S8ER01Z View Post

FTW!!!

If I wasn't missing features and the ability to do some basic things (like 'themes' and MMS on the Iphone) I wouldn't have bothered jailbreaking. Since Apple didn't meet those demands I got curious and jailbroke my device. Save for MMS on the 2G Apple has now met most of the 'perks' I found to jailbreaking but without 'themes' there is still an incentive for me.

Bottom line...don't give people a reason to jailbreak and they won't. This includes dropping the exclusive AT&T deal and bringing the phone to other networks.

They should just hire him. Apparently he knows something Apple doesn't. On another note, I JB'ed my phone last week and my battery drains in like 6 hours. I've installed a firewall and removed all themes. OpenSSH is not installed on my computer. any ideas?
post #16 of 30
Quote:
Originally Posted by Gazoobee View Post

This sentence makes no sense.

In any case, the reality is actually the reverse of what your (trying) to say here. At first there were ample reasons to jailbreak your iPhone, now, years later, the main reason is just because you are ideologically challenged or just want to rip off software.

If you check out your history (I know that's a dirty word nowadays), you'll find that all hacking endeavours go like this. The early hackers are idealists and tinkerers doing what they do in the cause of freedom. They are then generally replaced by a lot of criminals and kids with less than noble motives who surround themselves in the mantle of the "white hat" hacker when in fact they are nothing of the sort.

Tethering.......................
Can't do it without jailbreaking the phone.......

Tallest Skil:


"Eventually Google will have their Afghanistan with Oracle and collapse"

"The future is Apple, Google, and a third company that hasn't yet been created."


 


 

Reply

Tallest Skil:


"Eventually Google will have their Afghanistan with Oracle and collapse"

"The future is Apple, Google, and a third company that hasn't yet been created."


 


 

Reply
post #17 of 30
Quote:
Originally Posted by geekdad View Post

Tethering.......................
Can't do it without jailbreaking the phone.......

Up to v3.0.1 you could. All you had to do was install the AT&T profile for tethering from mobileSafari at help.benm.at. Since v3.1 they are signed, but the Blackra1n jailbreak followed by the Blacksn0w unlock re-allows that tethering profile to function again.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #18 of 30
i guess Apple is tired of being embarrassed by a youngster (maybe they should hire him).

Everyone loves to claim that everyone is stealing apps when they jailbreak but lets be for real for a minute. Not everyone is a pirate, i personally know a few who use stolen apps but most dont. I know quite a few people who's phones are jailbroken because AT&T sucks, plain and simple, and seeing as how you have to be jailbroken to unlock the phone it is what it is.

Jailbreaking started because Apple decided that MMS/C&P/Tethering/Multi-tasking arent features needed for a smart phone. Luckily they wised up about 3 of those, but lack of multi-tasking is a killer to me (and as a Bold user, i wouldnt even touch an iphone without backgrounder on it, i dont care if its a 3GS or not).

Another reason to jailbreak is because you can actually customize the phone...idk about you but icons on a black wallpaper dont exactly get me off. Nearly every phone has custom themes except the iPhone, and seeing as how apple is all about making the phone about YOU (ya know, those "theres an app for that") its interesting they cant make an app where i can make my phone different without them crying its illegal.

Irony is Apple has made a great phone, and its Apple that keeps it from being the BEST phone.
post #19 of 30
Quote:
Originally Posted by Gazoobee View Post

This sentence makes no sense.

In any case, the reality is actually the reverse of what your (trying) to say here. At first there were ample reasons to jailbreak your iPhone, now, years later, the main reason is just because you are ideologically challenged or just want to rip off software.

If you check out your history (I know that's a dirty word nowadays), you'll find that all hacking endeavours go like this. The early hackers are idealists and tinkerers doing what they do in the cause of freedom. They are then generally replaced by a lot of criminals and kids with less than noble motives who surround themselves in the mantle of the "white hat" hacker when in fact they are nothing of the sort.

To put it the nice way, you're years ahead of your time; it hasn't reached that point yet. File system access, SSH, an easy/fast way to turn off the cell radio but not wi-fi or turn your backlight up or down, even basic visual customization, user-controllable multitasking (if the user so chooses, and with their battery life in their own hands), notifications of email/SMS/news/weather/etc. on the lock screen, and the ability to work with files between multiple applications, among plenty of other things, have yet to be seen on non-jailbroken iPhones and iPod touches. I jailbreak because I want a useful mobile device that doesn't run a trash OS; if that makes me "ideologically challenged", then I, uh...don't know what to say. Also, how widely does your assertion about hacking endeavours apply? Surely, the Linux community must include two or three people that aren't malicious hackers.
post #20 of 30
Quote:
Originally Posted by ifail View Post


Irony is Apple has made a great phone, and its Apple that keeps it from being the BEST phone.

It already is.
post #21 of 30
Quote:
Originally Posted by Quadra 610 View Post

It already is.

When i can multi-task (gtfo with it can, i want every app to multitask not select few) customize my phone as i see fit, offer a qwerty keyboard model better than my Bold (Can be done, there are millions who will not switch because of this lack of true keyboard), have notifications like my BB, push email that doesnt blow, not have to be forced to use iTunes (sucks, sorry theres no way to spin this you either like it or you dont and i sure as hell dont), OTA upgrades, improve the pathetic speaker phone so i can hear it without being hunkered over the phone, improve the battery so it can actually go a day without dying (this coming from a Bold user...) hot swappable memory, Flash for camera...flash for Safari (seriously? Its being designed from the ground up for mobile platforms, why so mad Apple?)

I could keep going, but those are MY issues, like i said its a great phone if none of the above doesnt bother you, but its not the BEST phone.
post #22 of 30
Quote:
Originally Posted by macslut View Post

Dear Apple,

Many smart and experience people have claimed that it is impossible for you to prevent jailbreaking.

They are wrong. Here are the technical steps required to prevent all future jailbreaking:

Step 1: Open up the iPhone so there's no need to jailbreak.
Step 2: There is no step 2.....


Yea, but you missed something, the carriers.

They have a lot of say what phones can be on their networks.

So right now they are busy thinking how to integrate the SIM and other methods so a jailbroke (or not) phone won't work at all on anyone's network but theirs and in the way they want it too.

Enjoy your phone while it lasts, Apple only allowed it to be hacked as to gain market share. Eventually the carriers will hold that market share as hostage to get them to lock it down even tighter.

Carriers will have dozens of iPhone knockoffs to choose from. Unless of course Apple comes up with something even greatly better that keeps them ahead of the pack. But eventually the road ends, just like the iPod. Can't really advance the iPod much further.
The danger is that we sleepwalk into a world where cabals of corporations control not only the mainstream devices and the software on them, but also the entire ecosystem of online services around...
Reply
The danger is that we sleepwalk into a world where cabals of corporations control not only the mainstream devices and the software on them, but also the entire ecosystem of online services around...
Reply
post #23 of 30
If they are going to integrate RFID, they'd better work out the security issues. Could you imagine the chaos once we start storing CC #'s and our ID's on our phones and jail-breaking is still a common practice? How the hell do other manufacturers do it? No one cares about other manufacturers? I suspect this is bigger than just jail-breaking.
turtles all the way up and turtles all the way down... infinite context means infinite possibility
Reply
turtles all the way up and turtles all the way down... infinite context means infinite possibility
Reply
post #24 of 30
I thought the BlackBerry was praised for being a very secure smartphone, so I don't see why the iPhone shouldn't be able to be just as secure if not more secure. Why would people want smartphones that were easy to steal information from. Somebody already said it only took a short while to steal data from an iPhone with some simple bypass. I would really think businesses such as the defense industry would want a super-secure device. So why is there such a furor about Apple trying to make the iPhone as secure as possible?
post #25 of 30
Quote:
Originally Posted by Constable Odo View Post

I thought the BlackBerry was praised for being a very secure smartphone, so I don't see why the iPhone shouldn't be able to be just as secure if not more secure. Why would people want smartphones that were easy to steal information from. Somebody already said it only took a short while to steal data from an iPhone with some simple bypass. I would really think businesses such as the defense industry would want a super-secure device. So why is there such a furor about Apple trying to make the iPhone as secure as possible?

I agree. I think this thing needs to be locked down tight. If the Apple security team is getting their @$$e$ handed to them by a 17 year old, how can they expect to handle securing our sensitive data from a serious threat? I think it's time they step up their game or be thrown out the door in disgrace. There has to be a way to lock it down and make it secure. The four digit screen lock is a joke too. I guess Steve is getting soft in his old age. A younger Steve would have eaten the security team alive for this long line of failures.
Fortes Fortuna Adiuvat
Reply
Fortes Fortuna Adiuvat
Reply
post #26 of 30
Oh man... Apple is not "bested" by a 17 years old. The only thing he achieved was finding an exploit. He didn't write the baseband or the bootloader. What makes you think if he was presented with a task like that he would succeed and create something unbreakable? Or that he is a good creative team leader? In other words, two very different things.
Second, it's silly to assume that hackers will hack everything, that they're some sort of magicians. Look at PS3 for example. It's been a long time but there's no success.
post #27 of 30
It's about time Apple secured the iPhone. It's embarrasing.

Otherwise, the iPhone is near-perfect as far as current tech design goes.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #28 of 30
There's two issues here:
1) Jailbreaking to unlock features and capabilities that Apple has not made available via their SDK.
2) Ensuring the integrity/privacy of the data on the phone.

Number 2 is of primary concern to corporations and governments/military. They want to make sure that if a device is lost/stolen the next user can't slurp the data out. Also of concern is sandboxing applications so one app can't read data from other apps - unless specifically allowed to.

Joe Sixpack probably doesn't care much if someone steals his phone and can listen to all his music, see all the pictures from his kids' birthday parties, and gets the phone numbers of his relatives. Corporations & governments are VERY paranoid that an employee losing a device won't leak information.

If Apple wants to be a serious player in the corporate & government space, the device needs to be encrypted very deeply.

I wouldn't be surprised if they fork the platform into "business" and "home" versions. "Business" with very draconian security policies that also make the device a bit more cumbersome. "Home" which leaves it open to more data stealing but is easier to use.

- Jasen.
post #29 of 30
FUD on apple's part .I 'm on 3gs jailbroken , shutdown every night, boot up
every morning untethered.

If no jailbreak then
buy other brand
fi
post #30 of 30
Sorry, you are wrong, I use it quite often:-

"No access fee to use as a modem (tethering)*"

"* iPhone as modem (tethering). iPhone 3G Operating System 3.0 introduces the capability to use your iPhone 3G as a modem and connect your personal computer to the internet as long as you are located within the Vodafone 3G network coverage area."

Source:-

http://www.vodafone.com.au:80/personal/iphone/index.htm

Oh, did you mean with YOUR network?


Quote:
Originally Posted by geekdad View Post

Tethering.......................
Can't do it without jailbreaking the phone.......


How about I email this 10MB PDF I have on my iPhone which explains it all to your BB Bold...

...oh sorry I forgot about the limitations of your handset, scratch that idea.

Quote:
Originally Posted by ifail View Post

...offer a qwerty keyboard model better than my Bold (Can be done, there are millions who will not switch because of this lack of true keyboard), have notifications like my BB, push email that doesnt blow,
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple looks to hire new iPhone OS security manager