That's right. iPhone and iPad wireless carrier profiles come with special carrier root CAs. You can't delete them, and by using them, your carrier can easily MITM your IMAP password, Google cookie, online banking credentials, or anything else you do over SSL. Your carrier's unfettered access is in addition to the Department of Defence Root CA, the China Internet Network Information Center Root CA, and the others who enjoy the same privilege already. Apple just made it easier to hide by making it impossible for you to actually see the chain of trust in Mobile Safari.
Interestingly, this is why corporations and governments managing secret information continue to rely on Blackberry, where each device gets a locked certificate on activation. That provides the only serious protection from man-in-the-middle attacks in the wireless industry today. Remember the public pressure on RIM to support wiretapping in India? They were the only company not making it easy.
Interestingly, this is why corporations and governments managing secret information continue to rely on Blackberry, where each device gets a locked certificate on activation. That provides the only serious protection from man-in-the-middle attacks in the wireless industry today. Remember the public pressure on RIM to support wiretapping in India? They were the only company not making it easy.