To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://hardware.silicon.com/pdas/0,39024643,39255635,00.htm

Google Talk finds a home on iPhone
…but what about security?

By Robert Vamosi

Published: Friday 04 July 2008

Google is making its Google Talk instant-messaging application available for Apple's iPhone and iPod Touch, however these new applications come in light of new security scares.

A Google's software engineers revealed the news about Google Talk in a blog on Wednesday.

Adam Connors, of Google's mobile team said in the blog: "In addition to sending your friends Gmail messages from your iPhone, you can now chat with them while you're on the move."

The application doesn't require any software to be installed or downloaded. Instead it works within the phone's browser, so users can simply go to the site www.google.com/talk, sign in, and start chatting.

Connors pointed out there are a few differences when using Google Talk on the iPhone versus a computer. For one, to receive messages, the application needs to be open on the Safari phone browser. When users navigate away from the Google Talk window in the browser, their status is set to "unavailable".

That said Google has tried to keep the experience close to what users experience on their desktop or laptop computers. They can select contacts from a quicklist, search contacts, and manage conversations.

However, while Apple continues to release new applications for the iPhone, a leading Mac OS X researcher, Charlie Miller, says Apple has not kept the iPhone operating system up to date with patches it has issued for the desktop.

The iPhone runs a stripped-down version of Mac OS 10.5 and automatically checks for security updates. The last update for the phone, 1.1.4, was issued in February.

That means iPhone users may still be vulnerable to flaws discovered later than February.

During the CanSecWest conference, Miller found and used a buffer overflow in Safari in the Apple WebKit to win a $10,000 "Pwn to Own" contest. Apple patched Miller's Safari vulnerability for the desktop in April but so far has not issued a similar patch for the iPhone.

Apple did not respond to requests for comment on its software security policies.