Are you an expert on this field? Do you have detailed insight to their methods and results? No? Then how can you make a claim like that?
I don't know about Rob, but
I am an expert in the field of information security. This company's claims are extremely suspect. Let's take a look at exactly what they claim and what they show, shall we?
First, they claim arbitrary code execution. They then break this down into two sub-exploits. The first is an information disclosure flaw. "The compromised iPhone then sent personal data including SMS text messages, contact information, call history, and voice mail information over this connection." Doesn't sound like code execution to me, but whatever.
The second sub-exploit they list involves "[performing] physical actions on the phone". They specifically state they were able to "make a system sound and vibrate the phone for a second".
Second, they claim these exploits can be delivered via the phone automatically connecting to WiFi access points.
Now, what they actually show.
They show a video of someone retrieving data off of the iPhone. That much is clear. What isn't clear is whether they used the information disclosure technique that hit Full Disclosure (a security mailing list) a week ago. It looks very much like they do. If so, this isn't a "remote code execution" flaw, but instead a simple information disclosure flaw, albeit a rather serious one. Even so, the people on Full Disclosure largely dismissed it, since other phones have similar functionality.
They don't actually show the phone performing any "physical actions", but their described accomplishment and the theoretical scenarios that follow sound an awful lot like the things that Apple's web API was described as allowing. You know, having a web-based contact list and dialing the phone app directly from it. Things like that. Yes, they are literally crediting themselves with discovering Apple's public API for the phone. "Alternatively, by using other API functions
we discovered, the exploit could have dialed phone numbers, sent text messages, or recorded audio ..." (emphasis mine).
Now, for perhaps the most irritating part of their claims. They act like the iPhone is somehow magically vulnerable to attacks involving associating to malicious APs. Look up AirPwn some time. That tool does exactly what they describe. It inserts malicious code into every page. This isn't an iPhone flaw. If anything, it's a flaw in the 802.11* suite of protocols.
So in short, based on the evidence they have given us so far, there is no remote code execution exploit. At the very least, all of their exploits require user interaction and are therefore local. Even using the contorted version of "remote" used to classify OpenBSD's second hole (a flaw that could only be exploited from the same network segment), these still are in no way remote. Calling them that is disingenuous at best, and in this case, more like an outright lie. They should know better.
