4 October 2007 @ 16:13Spy Photos of the iPhone v2

**If you are looking for the actual iPhone v2 (iPhone 3G), check out the WWDC08 coverage.**

I’m making available some Leopard screenshots, spy photos of the second revision of the iPhone, and the proposed pricing schedule for new models.

.

Download here.

.

.

.

.

.

.

.

.

.

.

.

Note: That is how I intended to leave this post and return later with an explanation, but my conscience kept telling me that maybe I shouldn’t deceive my readers (although there is nothing harmful in the disk image, and the files can be inspected in any text editor). My intention here is to prompt a discussion of Mac security and social engineering.

Granted, distributing photos via DMG is suspicious enough, but the same thing could be done with SIT or ZIP files which are even less uncommon. While most people wouldn’t open these files under these circumstances, the problem cannot be ignored. Shell scripts masquerading as jpegs, rtf documents, spreadsheets, or even applications do not have to be distributed at all. These are just as effective sitting on shared volumes on a corporate network. I have witnessed first-hand users opening every file on an open share simply because they are bored (or nosey).

Had these innocent looking jpegs been anything other than innocent, a user could have lost some important data, or even had sensitive data uploaded or emailed to a remote server. Damage would most likely be confined to the user’s home directory (unless a more complex script took advantage of a privilege escalation exploit), but, regardless, it would be extremely traumatic for some users.

What precautions should Apple take, and what precautions should a responsible user take? In this particular instance, should Apple change DiskImageMounter.app so that it scans a disk image as it opens it and either warns the user that the volume contains executables? Or should DiskImageMounter.app determine for itself that based on the extension and icon that the files in question should not be executable or should not open in the application assigned by its creator? Some go as far as to say that Apple’s disk image framework is flawed by design and should be abandoned completely, but that is in reference to other disk image exploits.

The problem is due to users thinking they know what they are opening, based solely on the icon. File extensions are optional, so any security measure cannot rely on that as a test. Should some types of files be required to have an attention-grabbing icon that cannot be removed or changed?

There will always be morsels too tempting for some users to resist — screenshots of the next OS release, photos of the next great gadget, paparazzi photos of some nude celebrity. Where do you draw the line between what is the vendor’s responsibility and the user’s responsibility? Is there more that vendors could do to protect their users? Of course there is. Can the vendor protect its users from every possible exploit? No. Some exploits simply require the user to be a “defensive driver” in order to not get caught up in a nasty accident.

What are your thoughts?

Update: The GM release of Leopard handles these files differently (and appropriately).

Update 2: (Nov 21, 2007) Intego is reporting that QuickLook and Mail.app are not properly identifying files.

If you are looking for the actual iPhone v2 (iPhone 3G), check out the WWDC08 coverage.

Be Sociable, Share!

•