[shifuimam]

Slashdot | IPhones Flooding Wireless LAN At Duke

That's great news. Not. What would be the logic behind periodically scanning an entire network for MAC addresses? Does it have to do with Bonjour, or what?

I was going to put this in the lounge, but since it's directly about the iPhone...

[Simon]

Here's the original source.

We had similar problems at work with Cisco routers and Sun workstations a while ago.

IMHO Cisco has a serious problem if their routers can be bogged down by 18000 ARP requests per sec. If they don't catch such an event and block it, they're basically supporting a DOS on themselves.

I also read that possibly this isn't due to the iPhone in general, but because certain iPhones are misbehaving (malware?).

[scaught]

Originally Posted by Simon 

Here's the original source.

We had similar problems at work with Cisco routers and Sun workstations a while ago.

IMHO Cisco has a serious problem if their routers can be bogged down by 18000 ARP requests per sec. If they don't catch such an event and block it, they're basically supporting a DOS on themselves.

I also read that possibly this isn't due to the iPhone in general, but because certain iPhones are misbehaving (malware?).

iphone virii? OMG!

(you heard it here, first)

[icruise]

How could there possibly be malware (or any other kind of "ware") on an iPhone?

[vmarks]

It isn't the iPhone. Figure: the Apple campus has a number of WAPs. The Apple campus also has a sufficiently large number of iPhones. You'd think if there were a problem, they would have noticed and resolved it by now.

[Simon]

Here's an interesting comment i found below the original article.

This sounds like someone found a vulnerability in Safari 3.0 and has propagated an exploit for the iPhone.

The data reported indicate that:

1) Two iPhones (out of 150 registered on the WLAN) are the culprits for all the outages.

2) The outages are due to ARP request flooding access points

3) The requesting device (iPhone) is using a bogus IP (router?) address that is not on Duke's network.

This would seem to indicate a malicious application, not a bug per se, as the specificity of requesting devices is so narrow. Combined with the excessive (1800 a sec) nature of the ARP requests and the bogus IP info and you have the spoor of a malicious app.

Probably the owners of the errant iPhones clicked on a phish link in email and downloaded a malicious script from a blackhat website. This is plausible in light of the fact that the browser on the iPhone is a full-fledged browser not a proprietary telecom applet.

[Cold Warrior]

But where's the proof of a malicious script for the iPhone? Surely it would've made the news by now if there were an exploit in the wild, not confining itself to a couple Duke students.

[amazing]

In the latest stories, Duke IT is saying they perhaps spoke too soon.

Macworld: News: iPhone may not be cause of Duke wireless woes

[Cold Warrior]

Also speaking too soon were the l33t haXors talking about scripts and exploits for the iPhone.

[::maroma::]

Wow, what a bunch of professionals working over there at Duke.

Maybe now they'll learn to actually look into a problem thoroughly before blaming it on something just because its new.

[amazing]

Well, the suggestion was made that they should've blamed it on some Duke sports team or other, instead...

[amazing]

Cisco confirms Duke’s iPhone problem was caused by its network

UPDATE: Cisco confirms its network caused Duke’s iPhone flooding - Network World

[cmoney]

Actually it was the Cisco iPhone that caused all the problems!

[amazing]

Originally Posted by cmoney 

Actually it was the Cisco iPhone that caused all the problems!

now it all makes sense!

[Eriamjh]

I like this quote from this page:

Duke University has now shifted the blame from the iPhone to Cisco, for causing the reported wireless outage. Duke 's chief information officer, Tracey Futhey, detailed; "Cisco worked closely with Duke and Apple to identify the source of this problem, which was caused by a Cisco-based network issue."

Though the specifics of the trouble were not given, it seems to be resolved. Futhey added; "Cisco has provided a fix that has been applied to Duke's network and there have been no recurrences of the problem since."

As we well know, Apple hasn't always seen eye to eye with Cisco, given their 'we'll use the iPhone badge anyway' attitude. This revelation gives the boys in Cupertino something to snigger about - damn they're smug. Oh and Mark adds, "Duke sucks."

Why not change the title of this thread?

[icruise]

Originally Posted by Eriamjh 

Why not change the title of this thread?

Done!

[ghporter]

I find it depressing that whenever anything odd happens, people tend to blame a) new technology being out of control, b) new technology being hijacked by clever hackers to do their bidding, c) a combination of the two, or d) a malicious user who intentionally perpetrated the event.

Considering that nobody has managed to make a really effective virus for OS X, how could someone come up with an effective virus for the iPhone in the two weeks between its release and the incident? Isn't the iPhone's OS similar to OS X?

Weird activity is almost always due to something being badly configured, or a user being overconfident of his knowledge of what he's doing (i.e. being very stupid and expecting the hardware to "know what he means.").

I'm glad that this has shed some light on Cisco-negative light at that. Being the supposed "gold standard" of commercial networking can make a company a bit cocky. They could use some humility-and better product testing in the real world.

[shifuimam]

Originally Posted by ghporter 

Considering that nobody has managed to make a really effective virus for OS X, how could someone come up with an effective virus for the iPhone in the two weeks between its release and the incident? Isn't the iPhone's OS similar to OS X?

While it's less likely that such a virus could have been developed so quickly, don't easily discount someone finding an exploit in the iPhone and abusing it.

Think of it this way: a substantial number of iPod owners don't own Apple computers. If the iPhone makes it big, you're going to have quite a few people purchasing the iPhone who still use Windows or even Linux. But a worm on an iPhone, that can spread to other iPhones on Cingular's network, or spread through WiFi or Bluetooth, could do some serious damage. And if the iPhone gets the same kind of market share that the iPod has, you can be almost certain that enterprising hackers are going to viciously go after the iPhone until they find a usable exploit.

I know that I can get flamed for saying this, but consider the possibility that OS X has seen no real virus threats thus far because it's got such a small market share. Why write something to screw over 5% of computer users when you can write something that will screw over 95% of computer users?

The iPod is not really a networked or connected device. It plugs into computers, but its functionality is extremely limited. The iPhone, however, is a different story. Only time will tell us what will really happen with it, as far as security vulnerabilities are concerned.

[icruise]

Originally Posted by ghporter 

Isn't the iPhone's OS similar to OS X?

If by "similar" you mean "exactly the same as" then yes. Maybe you meant Mac OS X which isn't the same thing.

Originally Posted by shifuimam 

I know that I can get flamed for saying this, but consider the possibility that OS X has seen no real virus threats thus far because it's got such a small market share. Why write something to screw over 5% of computer users when you can write something that will screw over 95% of computer users?

Maybe, maybe not.

http://daringfireball.net/2004/06/broken_windows

[shifuimam]

Originally Posted by icruise 

Maybe, maybe not.

Daring Fireball: Broken Windows

Ooh, that guy kind of grates on me. And by "kind of", I mean "really, really, really".

While any zealous Mac user will be able to provide all kinds of angles for why OS X is so much more "secure" than Windows, the fact is, if OS X had the 95% market share, and Windows had the 5% market share, only an idiot would say that Windows would still be as exploited and abused as it is today.

The people who write the worms and trojans and viruses for computers are not out to target a specific group of users. They want to cause as much destruction as possible in as little time as possible. This means that the first two things they're going to target are IE and Windows. You can be sure that as Firefox gains momentum in the internet browser wars, more exploits are going to pop up for it, and people are going to have to be just as careful with Firefox as they are with IE.

He brings up the point of "zero tolerance in the Mac community for crapware". This is true. Why? Because the relatively small group of people who do use Macs are very, very passionate about them. But again, if OS X were to gain momentum in the OS wars, more and more people would use OS X who aren't quite so obsessive about their computers. You would get more of the stupid users who would authorize any application to make any change to a system directory. And while our friend at DaringFireball says that it's difficult for malware to hide in a Mac, there are plenty of hidden directories (like the entire FreeBSD framework) where, if an unknowing user were to authorize a change to one of those folders, malware could very easily hide.

I can just about guarantee you that one of the main reasons why Apple refuses to allow users to install OS X on non-Apple hardware is so that they can very closely control their operating system. Not just so that they can mark up their computers more than other brands, but so that they can keep the safe market share that prevents hackers from really going after OS X. If OS X were (finally) opened up to third-party computers, many people would buy it, and it's pretty likely that you would see exploits start popping up for OS X.

I'm just saying that you shouldn't be too naively confident in your OS of choice. Every OS has weaknesses - none are perfect. And while it might take more time for a less-used OS to be exploited, it can happen, and it likely will happen if Apple products get too popular with the general computer user community (read: not the Mac zealot community). You have to be a responsible computer user no matter what OS or brand of computer you use.

[analogika]

Originally Posted by shifuimam 

And while our friend at DaringFireball says that it's difficult for malware to hide in a Mac, there are plenty of hidden directories (like the entire FreeBSD framework) where, if an unknowing user were to authorize a change to one of those folders, malware could very easily hide.

That sentence is such a complete contradiction in itself that it blows your whole argument apart in a very fundamental way.

Almost every virus/spyware/trojan that afflicts Windows would *require* that a user explicitly authorize its installation, were a comparable crack to surface for Macs.

Yes, there are many stupid people using Macs as well, but the fact that malware will require a level of social engineering to convince people to explicitly allow its installation (and to click away Safari's "downloading an application" and the system's "the Application XXXX is opening for the first time. Do you wish to let it continue?" dialog boxes) makes its *widespread* distribution a near impossibility.

Originally Posted by shifuimam 

I can just about guarantee you that one of the main reasons why Apple refuses to allow users to install OS X on non-Apple hardware is so that they can very closely control their operating system. Not just so that they can mark up their computers more than other brands, but so that they can keep the safe market share that prevents hackers from really going after OS X. If OS X were (finally) opened up to third-party computers, many people would buy it, and it's pretty likely that you would see exploits start popping up for OS X.

Nonsense.

The entire OS X network stack is BSD, and that has been running on non-Mac hardware for 25 years.

Everything except for the GUI is completely freely available as Darwin for any PC, and has been for years.

Originally Posted by shifuimam 

I'm just saying that you shouldn't be too naively confident in your OS of choice. Every OS has weaknesses - none are perfect. And while it might take more time for a less-used OS to be exploited, it can happen, and it likely will happen if Apple products get too popular with the general computer user community (read: not the Mac zealot community). You have to be a responsible computer user no matter what OS or brand of computer you use.

THIS is true.

[shifuimam]

Originally Posted by analogika 

That sentence is such a complete contradiction in itself that it blows your whole argument apart in a very fundamental way.

Almost every virus/spyware/trojan that afflicts Windows would *require* that a user explicitly authorize its installation, were a comparable crack to surface for Macs.

Right. But I know plenty of users with computers that came with ZoneAlarm or Ad-Watch or similar software installed, and they always click "allow" or "yes" or put in a password whenever it prompts them. Users are stupid and will generally ignore the warnings their computer is giving them. It's great that OS X forces authorization to make system changes. It's not great that users will mostly ignore the messages and just type in their password to make the box go away.

Yes, there are many stupid people using Macs as well, but the fact that malware will require a level of social engineering to convince people to explicitly allow its installation (and to click away Safari's "downloading an application" and the system's "the Application XXXX is opening for the first time. Do you wish to let it continue?" dialog boxes) makes its *widespread* distribution a near impossibility.

And if someone finds an exploit for this idea of requiring the user to authorize changes, you're screwed. It might not happen for awhile. Maybe the chances of such an exploit surfacing are slim to none. But don't discredit the possibility entirely. Worms can propogate through other things besides the user interface. If a backdoor is found into some part of OS X, your machine could pretty much commit suicide without you ever knowing.

Nonsense.

The entire OS X network stack is BSD, and that has been running on non-Mac hardware for 25 years.

Everything except for the GUI is completely freely available as Darwin for any PC, and has been for years.

Mac OS X is a closed system. It's not open-source. It's based on an open-source kernel, but I find it hard to believe that "everything but the UI is freely available". If that were the case, someone would have figured out how to extract the UI components from a copy of OS X and run them on Darwin. There's enough about OS X that isn't open-source or freely available that I feel comfortable standing by what I said. If OS X were opened up to non-Apple hardware, I can just about guarantee you that something bad would happen with the OS.

THIS is true.

Especially when an exploit for the iPhone has been discovered already. Thankfully, these guys are trying to help the community and have already notified Apple and proposed a patch to fix the vulnerability.

[analogika]

Originally Posted by shifuimam 

Right. But I know plenty of users with computers that came with ZoneAlarm or Ad-Watch or similar software installed, and they always click "allow" or "yes" or put in a password whenever it prompts them. Users are stupid and will generally ignore the warnings their computer is giving them. It's great that OS X forces authorization to make system changes. It's not great that users will mostly ignore the messages and just type in their password to make the box go away.

You don't actually use a Mac, do you?

On Windows, you're CONSTANTLY clicking away dialog boxes. All the ****ing time. The Mac doesn't bother you unless it actually needs to know something, or thinks that YOU need to know something.

And there is a substantial difference between having somebody click "OK" and actually entering a password.

And like I said, there are tons of stupid users on the Mac as well, so this isn't proof, BUT it's an additional three hurdles at least that MUST be engineered past before anything can spread in a big way.

A different matter is exploiting actual security holes, but due to the open-source nature of the OS, anything at system level is patched pretty quickly.

Originally Posted by shifuimam 

And if someone finds an exploit for this idea of requiring the user to authorize changes, you're screwed. It might not happen for awhile.

I have no idea what this means.

Originally Posted by shifuimam 

Worms can propogate through other things besides the user interface. If a backdoor is found into some part of OS X, your machine could pretty much commit suicide without you ever knowing.

Of course security holes happen.

An awful lot of security holes are found in various network services, NONE of which are actually turned on in OS X in a standard installation (in contrast to a Windows installation).

Just about all the "automatic" worms work through such security holes or through user-level-executed stuff, which I've covered above.

There is a small proportion of exploits that work, for example, through loopholes in Safari or the graphics engine, but these absolutely REQUIRE that the browser be directed to a malicious site before ANYTHING can happen, or that on somehow receives or views a malformed graphic.

The odds of that happening preclude any widespread epidemic, REGARDLESS of market share.

Originally Posted by shifuimam 

Mac OS X is a closed system. It's not open-source. It's based on an open-source kernel, but I find it hard to believe that "everything but the UI is freely available". If that were the case, someone would have figured out how to extract the UI components from a copy of OS X and run them on Darwin. There's enough about OS X that isn't open-source or freely available that I feel comfortable standing by what I said. If OS X were opened up to non-Apple hardware, I can just about guarantee you that something bad would happen with the OS.

It's already running on non-Apple hardware.

And you're right: it's the UI AND the bundled applications that aren't open-source.

Originally Posted by shifuimam 

Especially when an exploit for the iPhone has been discovered already. Thankfully, these guys are trying to help the community and have already notified Apple and proposed a patch to fix the vulnerability.

Yep, that's an exploit in Safari that requires the user to actually visit a malicious website.