RISK list: iPhone security flaw

RISKS-LIST: Risks-Forum Digest Wednesday 25 July 2007 Volume 24 : Issue 75

Date: Tue, 24 Jul 2007 09:18:43 +0100
From: “Chris Leeson”
Subject: iPhone security flaw

I suppose it was inevitable – someone has found a security vulnerability in the iPhone:

Dan Goodin, “Jesus Phone” needs an exorcist; security flaw means demonic
possession for Apple iPhone, *The Register*, 24 Jul 2007

If a person visits a malicious website, then the phone can be infected with malware. Not a direct attack (in other words, launchable from the person sitting next to you), but I expect that is coming…

I remember the days when the only thing you could do with a mobile phone was ring people…


Date: Fri, 20 Jul 2007 11:16:36 +0100
From: Tim Panton
Subject: Risks of purism

In RISKS-24.74 PGN rightly casts doubt on the validity of ‘proof by simulation’.

I’m a fan of well designed simulations. In a former life I was involved in the testing of a control system for a chemical plant.

We created a faithful simulation of the plant, then arranged for our simulator to output voltages that mimicked the sensors that were in the real plant. We then plugged these outputs into the control system and went through a series of tests.

The results were totally unexpected. It failed, in some cases the simulated plant responded too slowly. We assumed that the problem was the simulation or the interfaces. After much study we concluded it wasn’t. The control system was at fault, and in a subtle way, the control blocks covering the most time critical loops had been spread over multiple processors and the
inter-processor communication was introducing a significant delay. The manufacturer ‘re-optimized’ the loops and the problem was fixed.

Used appropriately simulations (or stimulations ?) can tell you things you couldn’t easily find any other way, so should be in the toolbox of any serious tester.