Skip to Content
4-03-2009 @ 11:07AM
My fear is this.How long until someone writes another iPhone app that does something useful with WoW, but behind the scenes picks up your authenticator serial number (it's got to be stored on your iPhone). Now all they have to do is find your account info, and they can replicate your serial number into their phone (since it's not hard coded or based on your phones serial number or anything like that, rather it's stored as data). It's only a matter of time.This thing isn't very secure in my opinion.
4-03-2009 @ 5:50PM
Then here's an idea: Don't jailbreak your phone. Apple tests all the software that goes into their App Store, and if it doesn't meet their quality requirements (including their sections on gathering data), not only will it be rejected but most of the time will be advertised as such.
4-03-2009 @ 5:03PM
Other iphone apps can't read the authenticator's data; all apps are "sandboxed", ie they only get to play within their private walled-in space of memory and the file system.Besides, even if the sandbox could be breached somehow that wouldn't matter. How would the app possibly get hold of your account information? You never need to enter THAT into the iphone, so no chance of stealing it! It's not a matter of "only" getting hold of the account info... If I find your keyring lying in the street would I automatically know where your house is so that I can unlock your door and steal your stuff? No, of course not. Merely having the authenticator's encryption key is absolutely USELESS on its own.This system is QUITE secure. Not absolutely, totally infallible, but then again - what system is? No system is ever going to be 100% perfect as long as it is designed by human beings, or have to interact with them (since we are, as a general rule, rather imperfect.)
4-03-2009 @ 6:57PM
I haven't jailbroken my iPhone. I have the blizzard authenticator KeyFob and have no intentions of switching from it. I am just questioning the amount of thought put into this. Okay, so everyone has made it clear that the apps are SandBoxed and tested to make sure their not "malicious" before ever going to the App store. Fine, great. Now what about my other idea I thought about. Everytime I plug my iPhone in, iTunes fires up and backs up my phone. I have read several others say that you can indeed restore from backup and the app will work again. This means that the data is stored on your computer. So again, given enough desire, a malicious app (keylogger) could mine this backup data and pull out your serial number and duplicate it onto another copy of the application. I know this is out there, but again, I'm simply saying, where there is a will (and there's going to continue to be a BIG will as long as people continue to buy gold) there is going to be a way.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.