j/k/Andy

macrumors regular
Original poster
Jun 5, 2007
197
0
link

FLAW LETS HACKERS EXPLOIT IPHONE, FIRM SAYS
Sun Jul 22 2007 16:03:45 ET

A team of computer security consultants say they have found a flaw in APPLE's popular new iPhone that allows them to take control of the device!

The researchers, working for Independent Security Evaluators, will report on Monday how they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code.

Developing...

or http://www.drudgereport.com/
 

chrisdazzo

macrumors 6502a
Apr 11, 2006
827
662
Colorado
that was the most excited post of the day. CAPS CAPS CAPS!

good thing i don't have an iphone, though, if this IS true.
 
Comment

bigmac4ever

macrumors newbie
Jul 22, 2007
17
0
Ouch...Im so very glad I didnt give up my Treo 700 wx for the apple joke of the year.I did come close though.
 
Comment

mkrishnan

Moderator emeritus
Jan 9, 2004
29,776
12
Grand Rapids, MI, USA
Is this the same as or different from the SPI-announced web dialing issue?

It would be overly generous to call the Drudge report article uninformative, and the referenced company's website is shockingly even less informative... nor does this seem to have been carried by anyone other than the Drudge Report as of yet, which seems a bit odd to me....
 
Comment

bxlewi1

macrumors newbie
Oct 30, 2006
12
0
Is this the same as or different from the SPI-announced web dialing issue?

It would be overly generous to call the Drudge report article uninformative, and the referenced company's website is shockingly even less informative... nor does this seem to have been carried by anyone other than the Drudge Report as of yet, which seems a bit odd to me....

Well, it being a Sunday and all - it's not terribly surprising it's nowhere but Drudge (the man never sleeps.)
 
Comment

Dermot81

macrumors member
Jun 10, 2007
96
0
From the few links up at Drudge on the iphone, most have been negative. Pretty biased reporting.
 
Comment

j/k/Andy

macrumors regular
Original poster
Jun 5, 2007
197
0
it is a classic Drudge flash, short and sweet, but more often then not he gets it nearly right, sorry for the all caps (copy and paste error)
 
Comment

MacRumors

macrumors bot
Apr 12, 2001
54,121
15,923
Security Firm Reveals iPhone Vulnerability

https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:
The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

The company has setup a website which provides a video demo of the exploit as well as answers to questions, but does not provide would-be hackers any detailed instructions. Apple has reportedly been notified of findings. A full disclosure of the hack will be released at the Black Hat conference on August 2nd.

According to the site, in their proof of concept, the exploit can read the log of SMS messages, address book, call history, voicemail data and transmit it to the malicious site.

The principal security analyst admits "It's not the end of the world; it's not the end of the iPhone" and it appears it hasn't changed their enjoyment of the iPhone itself. Even the security firm's founder states that while he may more cautious about using a random public WiFi network, "you'd have to pry it out of my cold, dead hands to get [the iPhone] away from me."




Article Link
 
Comment

jjarmoc

macrumors newbie
Apr 12, 2005
5
0
Well, this should be fun. I'll be out at blackhat watching this one anxiously, with an iphone in my pocket the whole time.. heh

I'll hold off on judging this until we see some details of what exactly they've found.
 
Comment

coumerelli

macrumors 6502
Apr 7, 2003
309
123
state of confusion.
Here's the deal - don't go to random websites that present themselves to you. Simple. I also don't go to dark alleys...at night...by myself....with my iPhone. I just don't. Now, I'm not saying this isn't important, but my parents didn't raise no dummy. It's called caution. :eek:
 
Comment

JPyre

macrumors 6502
Mar 28, 2005
365
12
Pistolvania
Thank god... this should speed up a much needed update. I want to listen to my music while browsing the web like it's been advertised.
 
Comment

retroneo

macrumors 6502a
Apr 22, 2005
723
94
This is great, you can check to see if your girlfriend is cheating on you without even asking! Just SMS her the link to your specially modified site, and then you can see her call history and messages!

or

This is bad, now my girlfriend can check to see if I am cheating on her without even asking! She just SMSes me the link the her specially modified site, and she can see my call history and messages!
 
Comment

nimbuscloud

macrumors regular
Jul 9, 2007
158
0
Thank god... this should speed up a much needed update. I want to listen to my music while browsing the web like it's been advertised.

Actually, you can. I'm listening to Depeche Mode while replying to your comment...all from my iPhone.

:apple:
 
Comment

Analog Kid

macrumors 603
Mar 4, 2003
6,029
5,283
One of the risks of building this on a full OS X platform. Good news is that any fixes made to the desktop or iPhone should benefit the other...
 
Comment

anaknipedro

macrumors newbie
Mar 20, 2006
4
0
Not

I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD.
 
Comment

ErikGrim

macrumors 603
Jun 20, 2003
5,783
4,446
Brisbane, Australia
I don't believe this. A website crafted to force the iPhone to make unsolicited calls? These guys can't be for real. This is FUD FUD FUD.
Why would this be FUD? Unlike the other recent claims of OS X worms and not to mention the whole Month of OS X bugs debacle, these are "ethical" hackers, disclosing the information to Apple FIRST so that they can issue a fix before releasing the information to the general public.

These kind of independent security analyses actually benefit the end user rather than harm them. There's no FUD here at all. Read their FAQ.
 
Comment

Lancetx

macrumors 68000
Aug 11, 2003
1,991
619
I'll bet Apple gets a fix out there before this August 2nd conference occurs. I'm not alarmed, as this will get fixed soon enough. In the meantime though, I'll just make sure not to connect to any unknown wi-fi networks.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.