Slideshow


Parental Controls, 2.0, 3.0

It wasn’t until the second iteration of iOS that Apple got serious about what happens when children get their hands on their parents’ phones. With 2.0, parents were given the ability to block certain functions on their child’s handset including Safari, YouTube and whether or not anything could be downloaded from the App Store. The Parental Controls feature evolved to Restrictions in 3.0, giving parents the ability to tweak settings that could bar children from listening to music branded as ‘explicit’ and watching R and NC-17 movies.

Data Encryption, 3.1/3GS

Apple’s decision to add data encryption with the iPhone 3GS was a nod to enterprise customers who wanted to offer iPhones to their employees, but were wary of the lack of security features compared with competing platforms like RIM’s Blackberry. Still, when they finally got around to it – with the release of the 3GS in 2009 – the company quickly found itself in hot water. Apple’s implementation of encryption, though perhaps successful in assuaging the concerns of corporate CIOs, was roundly panned by security experts.

Device Encryption for Exchange, 3.1

The iPhone 3GS was the first update to the device with features that were squarely targeted on the enterprise marketplace. However, after the 3GS was released in the last quarter of 2009, users of older iPhone models who upgraded to the accompanying 3.1 update to iOS suddenly found that they couldn’t synch their phone to their Exchange e-mail account.


Sandbox

Early versions of the iPhone software in the pre-iOS era did not include any kind of application sandbox. This gave apps more power on the device than they should have and meant that exploits against the phone often gave attackers root access to the iPhone software. Apple addressed this with the addition of the Apple Sandbox for iOS, which is a fine-grained set of restrictions on what apps can do and what actions they can take on the user’s behalf.

While the iPhone was developed, primarily, as a consumer device, it quickly became apparent to Apple that its appeal wasn’t limited to personal use. Workers everywhere were bringing their shiny new iPhones to work and using them to connect to corporate wifi networks and check their work e-mail.

Passcode

As simple as the concept is, the passcode required to access an iPhone was an important security advance when it was introduced with the first version of the device in 2007. Because the iPhone is essentially a handheld PC and can store so much sensitive personal information, Apple shipped the device with a passcode feature. The default passcode was immediately posted all over the Internet, but it’s easy to change. Users also have the ability now to turn off the simple four-digit passcode and turn on a longer alphanumeric passcode instead, which adds more security to the system.

Getting Dirty

Other firms sponsor contests at DEFCON as well. Dirtbags is one. The organization hosts CTF style contests around the country that are modeled on the DEFCON CTF.

Contests abound at DEFCON. In addition to the open and closed capture the flag tourneys, there’s a lock picking contest, shown here. The contestant (in green shorts) must free himself from a pair of handcuffs, then make his way across stage, picking locks as he goes.

The names that teams choose to represent themselves in the various tournaments at DEFCON say a lot. Here’s a shot of the score board for the Open CTF tournament. My favorite: ADRIAN LMAO, a jab at the now-(in)famous hacker who is responsible for turning Bradley Manning in to the federal authorities.

Competition in the CTF contests is intense, with teams of hackers “wired in” (as they might say in The Social Network) and crowded around tables filled with laptops, cabling, soda, booze and junk food. Age is no obstacle, either, with some of the most skilled and technical hackers unable to legally buy a beer. This is a shot of one fresh-faced team at the official CTF tournament.