Security Firm Reveals iPhone Vulnerability

Discussion in ' News Discussion' started by j/k/Andy, Jul 22, 2007.

  1. j/k/Andy macrumors regular

    Jun 5, 2007

    Sun Jul 22 2007 16:03:45 ET

    A team of computer security consultants say they have found a flaw in APPLE's popular new iPhone that allows them to take control of the device!

    The researchers, working for Independent Security Evaluators, will report on Monday how they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code.


  2. chrisdazzo macrumors 6502


    Apr 11, 2006
    that was the most excited post of the day. CAPS CAPS CAPS!

    good thing i don't have an iphone, though, if this IS true.
  3. bigmac4ever macrumors newbie

    Jul 22, 2007
    Ouch...Im so very glad I didnt give up my Treo 700 wx for the apple joke of the year.I did come close though.
  4. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    Is this the same as or different from the SPI-announced web dialing issue?

    It would be overly generous to call the Drudge report article uninformative, and the referenced company's website is shockingly even less informative... nor does this seem to have been carried by anyone other than the Drudge Report as of yet, which seems a bit odd to me....
  5. bxlewi1 macrumors newbie

    Oct 30, 2006
    Well, it being a Sunday and all - it's not terribly surprising it's nowhere but Drudge (the man never sleeps.)
  6. Dermot81 macrumors member

    Jun 10, 2007
    From the few links up at Drudge on the iphone, most have been negative. Pretty biased reporting.
  7. j/k/Andy thread starter macrumors regular

    Jun 5, 2007
    it is a classic Drudge flash, short and sweet, but more often then not he gets it nearly right, sorry for the all caps (copy and paste error)
  8. DMK macrumors newbie

    Jun 12, 2007
    Los Angeles
    The Drudge Report is biased ?! what a shocker. :rolleyes:
  9. kkachurak macrumors regular

    Jun 26, 2007
    Orlando, FL
    IMO, the Drudge Report has the same journalistic integrity as a tabloid.
  10. Littlebit macrumors member

    Jul 10, 2007
  11. MacRumors macrumors bot


    Apr 12, 2001
    Security Firm Reveals iPhone Vulnerability


    The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:
    The company has setup a website which provides a video demo of the exploit as well as answers to questions, but does not provide would-be hackers any detailed instructions. Apple has reportedly been notified of findings. A full disclosure of the hack will be released at the Black Hat conference on August 2nd.

    According to the site, in their proof of concept, the exploit can read the log of SMS messages, address book, call history, voicemail data and transmit it to the malicious site.

    The principal security analyst admits "It's not the end of the world; it's not the end of the iPhone" and it appears it hasn't changed their enjoyment of the iPhone itself. Even the security firm's founder states that while he may more cautious about using a random public WiFi network, "you'd have to pry it out of my cold, dead hands to get [the iPhone] away from me."

    Article Link
  12. dfnj123 macrumors 6502a

    Jun 29, 2007
    looks like apple better come out with a firmware update fast
  13. jjarmoc macrumors newbie

    Apr 12, 2005
    Well, this should be fun. I'll be out at blackhat watching this one anxiously, with an iphone in my pocket the whole time.. heh

    I'll hold off on judging this until we see some details of what exactly they've found.
  14. twoodcc macrumors P6


    Feb 3, 2005
    Right side of wrong
    yeah they need to. and i'm sure that they will
  15. coumerelli macrumors 6502

    Apr 7, 2003
    state of confusion.
    Here's the deal - don't go to random websites that present themselves to you. Simple. I also don't go to dark myself....with my iPhone. I just don't. Now, I'm not saying this isn't important, but my parents didn't raise no dummy. It's called caution. :eek:
  16. JPyre macrumors 6502

    Mar 28, 2005
    Thank god... this should speed up a much needed update. I want to listen to my music while browsing the web like it's been advertised.
  17. retroneo macrumors 6502a

    Apr 22, 2005
    This is great, you can check to see if your girlfriend is cheating on you without even asking! Just SMS her the link to your specially modified site, and then you can see her call history and messages!


    This is bad, now my girlfriend can check to see if I am cheating on her without even asking! She just SMSes me the link the her specially modified site, and she can see my call history and messages!
  18. nimbuscloud macrumors regular

    Jul 9, 2007
    Actually, you can. I'm listening to Depeche Mode while replying to your comment...all from my iPhone.

  19. jjarmoc macrumors newbie

    Apr 12, 2005
    Uhhh.. that feature's always worked fine for me.
  20. Analog Kid macrumors 601

    Analog Kid

    Mar 4, 2003
    One of the risks of building this on a full OS X platform. Good news is that any fixes made to the desktop or iPhone should benefit the other...
  21. anaknipedro macrumors newbie

    Mar 20, 2006

    I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD.
  22. badtzmaru macrumors 6502

    Jul 1, 2007
    at least we know an iphone update is coming before, or around, august 2!!
  23. ErikGrim macrumors 68040


    Jun 20, 2003
    Brisbane, Australia
    Why would this be FUD? Unlike the other recent claims of OS X worms and not to mention the whole Month of OS X bugs debacle, these are "ethical" hackers, disclosing the information to Apple FIRST so that they can issue a fix before releasing the information to the general public.

    These kind of independent security analyses actually benefit the end user rather than harm them. There's no FUD here at all. Read their FAQ.
  24. Lancetx macrumors 68000


    Aug 11, 2003
    I'll bet Apple gets a fix out there before this August 2nd conference occurs. I'm not alarmed, as this will get fixed soon enough. In the meantime though, I'll just make sure not to connect to any unknown wi-fi networks.
  25. badtzmaru macrumors 6502

    Jul 1, 2007
    before anyone says "this is impossible" visit the firm's website and read their preliminary paper (ignore the part about the iphone being released on june 28 ;)

Share This Page