posted
Feb 6, 2010 by News Gatherer
However, an error in the application of the rule could allow hackers to deliver the configuration file of mobile telephony, which seems to come from a legitimate source, but you can configure your iPhone to access the malicious server. When Apple launched the iPhone OS 3.0, has sought to strengthen security in the air management of the company's iPhone by adding support for Cisco Systems 'Protocol simple certificate enrollment (SCEP).
Ars spoke with a mobile security expert who discovered the problem (who requested anonymity because they were not authorized to speak to the problem). Ars said that the issue was that of confidence: "Who would you trust to change the settings of the iPhone over the air? Your company? Is this your business? The security administrator? " He asked. Apple uses the CAP as a form of iPhone to connect to a server certificate to verify that the file mobileconfig has been signed by a trusted source, but errors in the introduction to the process average for the iPhone doesn 't always work as expected.
The problem stems from Apple 's method for controlling root certificate authorities. However, a mobileconfig file using the old protocol for the verification should be performed by the iPhone launch and this age CEP protocol error occurred in the application. Apple has added CEP wants to be a security protocol to verify the trust relationships for closed systems, the iPhone OS 3.0.
However, Apple should seriously reconsider its implementation of verification and confidence if CEP expects companies feel secure management of the distribution of OTA. Fortunately, the problem only affects OTA mobileconfig files, not downloaded through the USB port using the iPhone Configuration Utility, or those arriving through iTunes. This problem is not 't limited to business users and consumers have less experience can be induced to download a malicious file from Internet easily mobileconfig firms with the average user.
httpv://www.youtube.com/watch?v=l3TgSDcnFjY&feature=youtube_gdata
Related Stories
You must be logged in to post a comment.