Security Firm Reveals iPhone Vulnerability

Discussion in 'MacRumors.com News Discussion' started by j/k/Andy, Jul 22, 2007.

  1. macrumors regular

    Joined:
    Jun 5, 2007
    #1
    link

    FLAW LETS HACKERS EXPLOIT IPHONE, FIRM SAYS
    Sun Jul 22 2007 16:03:45 ET

    A team of computer security consultants say they have found a flaw in APPLE's popular new iPhone that allows them to take control of the device!

    The researchers, working for Independent Security Evaluators, will report on Monday how they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code.

    Developing...

    or http://www.drudgereport.com/
     
  2. macrumors 6502

    chrisdazzo

    Joined:
    Apr 11, 2006
    Location:
    Colorado
    #2
    that was the most excited post of the day. CAPS CAPS CAPS!

    good thing i don't have an iphone, though, if this IS true.
     
  3. macrumors newbie

    Joined:
    Jul 22, 2007
    #3
    Ouch...Im so very glad I didnt give up my Treo 700 wx for the apple joke of the year.I did come close though.
     
  4. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #4
    Is this the same as or different from the SPI-announced web dialing issue?

    It would be overly generous to call the Drudge report article uninformative, and the referenced company's website is shockingly even less informative... nor does this seem to have been carried by anyone other than the Drudge Report as of yet, which seems a bit odd to me....
     
  5. macrumors newbie

    Joined:
    Oct 30, 2006
    #5
    Well, it being a Sunday and all - it's not terribly surprising it's nowhere but Drudge (the man never sleeps.)
     
  6. macrumors member

    Joined:
    Jun 10, 2007
    #6
    From the few links up at Drudge on the iphone, most have been negative. Pretty biased reporting.
     
  7. thread starter macrumors regular

    Joined:
    Jun 5, 2007
    #7
    it is a classic Drudge flash, short and sweet, but more often then not he gets it nearly right, sorry for the all caps (copy and paste error)
     
  8. DMK
    macrumors newbie

    Joined:
    Jun 12, 2007
    Location:
    Los Angeles
    #8
    The Drudge Report is biased ?! what a shocker. :rolleyes:
     
  9. macrumors regular

    Joined:
    Jun 26, 2007
    Location:
    Orlando, FL
    #9
    IMO, the Drudge Report has the same journalistic integrity as a tabloid.
     
  10. macrumors member

    Joined:
    Jul 10, 2007
    #10
  11. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #11
    Security Firm Reveals iPhone Vulnerability

    [​IMG]

    The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:
    The company has setup a website which provides a video demo of the exploit as well as answers to questions, but does not provide would-be hackers any detailed instructions. Apple has reportedly been notified of findings. A full disclosure of the hack will be released at the Black Hat conference on August 2nd.

    According to the site, in their proof of concept, the exploit can read the log of SMS messages, address book, call history, voicemail data and transmit it to the malicious site.

    The principal security analyst admits "It's not the end of the world; it's not the end of the iPhone" and it appears it hasn't changed their enjoyment of the iPhone itself. Even the security firm's founder states that while he may more cautious about using a random public WiFi network, "you'd have to pry it out of my cold, dead hands to get [the iPhone] away from me."




    Article Link
     
  12. macrumors 6502

    Joined:
    Jun 29, 2007
    #12
    looks like apple better come out with a firmware update fast
     
  13. macrumors newbie

    Joined:
    Apr 12, 2005
    #13
    Well, this should be fun. I'll be out at blackhat watching this one anxiously, with an iphone in my pocket the whole time.. heh

    I'll hold off on judging this until we see some details of what exactly they've found.
     
  14. macrumors P6

    twoodcc

    Joined:
    Feb 3, 2005
    Location:
    Right side of wrong
    #14
    yeah they need to. and i'm sure that they will
     
  15. macrumors 6502

    Joined:
    Apr 7, 2003
    Location:
    state of confusion.
    #15
    Here's the deal - don't go to random websites that present themselves to you. Simple. I also don't go to dark alleys...at night...by myself....with my iPhone. I just don't. Now, I'm not saying this isn't important, but my parents didn't raise no dummy. It's called caution. :eek:
     
  16. macrumors 6502

    Joined:
    Mar 28, 2005
    Location:
    Pistolvania
    #16
    Thank god... this should speed up a much needed update. I want to listen to my music while browsing the web like it's been advertised.
     
  17. macrumors 6502a

    Joined:
    Apr 22, 2005
    #17
    This is great, you can check to see if your girlfriend is cheating on you without even asking! Just SMS her the link to your specially modified site, and then you can see her call history and messages!

    or

    This is bad, now my girlfriend can check to see if I am cheating on her without even asking! She just SMSes me the link the her specially modified site, and she can see my call history and messages!
     
  18. macrumors regular

    Joined:
    Jul 9, 2007
    #18
    Actually, you can. I'm listening to Depeche Mode while replying to your comment...all from my iPhone.

    :apple:
     
  19. macrumors newbie

    Joined:
    Apr 12, 2005
    #19
    Uhhh.. that feature's always worked fine for me.
     
  20. macrumors 68030

    Analog Kid

    Joined:
    Mar 4, 2003
    #20
    One of the risks of building this on a full OS X platform. Good news is that any fixes made to the desktop or iPhone should benefit the other...
     
  21. macrumors newbie

    Joined:
    Mar 20, 2006
    #21
    Not

    I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD.
     
  22. macrumors 6502

    Joined:
    Jul 1, 2007
    #22
    at least we know an iphone update is coming before, or around, august 2!!
     
  23. macrumors 68000

    ErikGrim

    Joined:
    Jun 20, 2003
    Location:
    Brisbane, Australia
    #23
    Why would this be FUD? Unlike the other recent claims of OS X worms and not to mention the whole Month of OS X bugs debacle, these are "ethical" hackers, disclosing the information to Apple FIRST so that they can issue a fix before releasing the information to the general public.

    These kind of independent security analyses actually benefit the end user rather than harm them. There's no FUD here at all. Read their FAQ.
     
  24. macrumors 68000

    Lancetx

    Joined:
    Aug 11, 2003
    Location:
    Texas
    #24
    I'll bet Apple gets a fix out there before this August 2nd conference occurs. I'm not alarmed, as this will get fixed soon enough. In the meantime though, I'll just make sure not to connect to any unknown wi-fi networks.
     
  25. macrumors 6502

    Joined:
    Jul 1, 2007
    #25
    before anyone says "this is impossible" visit the firm's website and read their preliminary paper (ignore the part about the iphone being released on june 28 ;)

    http://www.securityevaluators.com/
     

Share This Page