Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Firm Reveals iPhone Vulnerability

J

j/k/Andy

macrumors regular
Original poster
Jun 5, 2007
197
0
link

FLAW LETS HACKERS EXPLOIT IPHONE, FIRM SAYS
Sun Jul 22 2007 16:03:45 ET

A team of computer security consultants say they have found a flaw in APPLE's popular new iPhone that allows them to take control of the device!

The researchers, working for Independent Security Evaluators, will report on Monday how they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code.

Developing...

or http://www.drudgereport.com/
 
Article Link
https://www.macrumors.com/2007/07/22/security-firm-reveals-iphone-vulnerability/
that was the most excited post of the day. CAPS CAPS CAPS!

good thing i don't have an iphone, though, if this IS true.
 
Ouch...Im so very glad I didnt give up my Treo 700 wx for the apple joke of the year.I did come close though.
 
Is this the same as or different from the SPI-announced web dialing issue?

It would be overly generous to call the Drudge report article uninformative, and the referenced company's website is shockingly even less informative... nor does this seem to have been carried by anyone other than the Drudge Report as of yet, which seems a bit odd to me....
 
mkrishnan said:
Is this the same as or different from the SPI-announced web dialing issue?

It would be overly generous to call the Drudge report article uninformative, and the referenced company's website is shockingly even less informative... nor does this seem to have been carried by anyone other than the Drudge Report as of yet, which seems a bit odd to me....
Click to expand...

Well, it being a Sunday and all - it's not terribly surprising it's nowhere but Drudge (the man never sleeps.)
 
From the few links up at Drudge on the iphone, most have been negative. Pretty biased reporting.
 
it is a classic Drudge flash, short and sweet, but more often then not he gets it nearly right, sorry for the all caps (copy and paste error)
 
Security Firm Reveals iPhone Vulnerability



The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:
The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.
Click to expand...

The company has setup a website which provides a video demo of the exploit as well as answers to questions, but does not provide would-be hackers any detailed instructions. Apple has reportedly been notified of findings. A full disclosure of the hack will be released at the Black Hat conference on August 2nd.

According to the site, in their proof of concept, the exploit can read the log of SMS messages, address book, call history, voicemail data and transmit it to the malicious site.

The principal security analyst admits "It's not the end of the world; it's not the end of the iPhone" and it appears it hasn't changed their enjoyment of the iPhone itself. Even the security firm's founder states that while he may more cautious about using a random public WiFi network, "you'd have to pry it out of my cold, dead hands to get [the iPhone] away from me."




Article Link
 
Well, this should be fun. I'll be out at blackhat watching this one anxiously, with an iphone in my pocket the whole time.. heh

I'll hold off on judging this until we see some details of what exactly they've found.
 
Here's the deal - don't go to random websites that present themselves to you. Simple. I also don't go to dark alleys...at night...by myself....with my iPhone. I just don't. Now, I'm not saying this isn't important, but my parents didn't raise no dummy. It's called caution. :eek:
 
Thank god... this should speed up a much needed update. I want to listen to my music while browsing the web like it's been advertised.
 
This is great, you can check to see if your girlfriend is cheating on you without even asking! Just SMS her the link to your specially modified site, and then you can see her call history and messages!

or

This is bad, now my girlfriend can check to see if I am cheating on her without even asking! She just SMSes me the link the her specially modified site, and she can see my call history and messages!
 
JPyre said:
Thank god... this should speed up a much needed update. I want to listen to my music while browsing the web like it's been advertised.
Click to expand...

Actually, you can. I'm listening to Depeche Mode while replying to your comment...all from my iPhone.

:apple:
 
One of the risks of building this on a full OS X platform. Good news is that any fixes made to the desktop or iPhone should benefit the other...
 
Not

I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD.
 
anaknipedro said:
I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD.
Click to expand...
Why would this be FUD? Unlike the other recent claims of OS X worms and not to mention the whole Month of OS X bugs debacle, these are "ethical" hackers, disclosing the information to Apple FIRST so that they can issue a fix before releasing the information to the general public.

These kind of independent security analyses actually benefit the end user rather than harm them. There's no FUD here at all. Read their FAQ.
 
I'll bet Apple gets a fix out there before this August 2nd conference occurs. I'm not alarmed, as this will get fixed soon enough. In the meantime though, I'll just make sure not to connect to any unknown wi-fi networks.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back