Friday, February 11, 2011

iPhone Password Hack Shows Flawed Security Model

ars writes iPhone password hack shows flawed security model. "The real problem, according to Zdziarski, is that Apple hasn't yet fully implemented a truly secure environment for iOS. 'Apple has—since introducing encryption—been relying on their DRM know-how, and just erasing the label that says 'DRM' and calling it 'security,'' he explained. 'The problem with this is that DRM only makes things a little more difficult for hackers.' 'Real security relies on the strength of the key, and the secrecy of the key,' Zdziarski continued. 'And as long as the keys are all stored on the iPhone and don't rely on a user password, they can easily be compromised.'"

Lame.

No comments: