IPhone Flaw Lets Hackers Take Over, Security Firm Says

["Richard M. Smith" <rms () computerbytesman com>]

No big surprise here.....
 
Richard
 
http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=2
<http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=2&oref=slogin
&ref=business&pagewanted=print&oref=slogin>
&oref=slogin&ref=business&pagewanted=print&oref=slogin
 
July 23, 2007

IPhone Flaw Lets Hackers Take Over, Security Firm Says 

By
<http://topics.nytimes.com/top/reference/timestopics/people/s/john_schwartz/
index.html?inline=nyt-per> JOHN SCHWARTZ

A team of computer security consultants say they have found a flaw in
<http://topics.nytimes.com/top/news/business/companies/apple_computer_inc/in
dex.html?inline=nyt-org> Apple's wildly popular
<http://topics.nytimes.com/top/reference/timestopics/subjects/i/iphone/index
.html?inline=nyt-classifier> iPhone that allows them to take control of the
device. 

The researchers, working for Independent Security Evaluators, a company that
tests its clients' computer security by hacking it, said that they could
take control of iPhones through a WiFi connection or by tricking users into
going to a Web site that contains malicious code. The hack, the first
reported, allowed them to tap the wealth of personal information the phones
contain. 

Although Apple built considerable security measures into its device, said
Charles A. Miller, the principal security analyst for the firm, "Once you
did manage to find a hole, you were in complete control." The firm, based in
Baltimore, alerted Apple about the vulnerability this week and recommended a
software patch that could solve the problem. 

A spokeswoman for Apple, Lynn Fox, said, "Apple takes security very
seriously and has a great track record of addressing potential
vulnerabilities before they can affect users." 

"We're looking into the report submitted by I.S.E. and always welcome
feedback on how to improve our security," she said.

There is no evidence that this flaw had been exploited or that users had
been affected.

Dr. Miller, a former employee of the
<http://topics.nytimes.com/top/reference/timestopics/organizations/n/nationa
l_security_agency/index.html?inline=nyt-org> National Security Agency who
has a doctorate in computer science, demonstrated the hack to a reporter by
using his iPhone's Web browser to visit a Web site of his own design. 

Once he was there, the site injected a bit of code into the iPhone that then
took over the phone. The phone promptly followed instructions to transmit a
set of files to the attacking computer that included recent text messages -
including one that had been sent to the reporter's cellphone moments before
- as well as telephone contacts and e-mail addresses.

...

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.