Updated: Newly Discovered Hacks Allow for Third Party Control of iPhone

Posted by:
Date: Monday, July 23rd, 2007, 14:01
Category: iPhone

iphone.jpg
A group of researchers working for Independent Security Evaluators have stated they’ve discovered a way to take control of Apple’s newly-released iPhone by way of a WiFi connection or tricking users into visiting a web site containing malicious code.
The hack also purportedly allows access to the personal information stored on the handset.
“Once you did manage to find a hole, you were in complete control,” said Charles A. Miller, principal security analyst for the Baltimore-based firm.
According to The New York Times, the company has alerted Apple to the vulnerability.
Miller demonstrated the hack by pointing his iPhone’s web browser to a specific web site. Once the site had loaded, the iPhone followed a set of instructions that transmitted a set of files over the web site. These files included recent text messages as well as contact information stored within the iPhone.
“We can get any file we want,” said Miller.
Miller also commented that this was representative of cell phones, which are now essentially full-grade computers, having computer-level problems. Though not the end of the world, users should be careful about accessing random public WiFi networks and which web sites they visit.
Per CNET’s Crave blog, a second exploit has also been found via this method:
“A second exploit developed by the researchers caused the iPhone to make a system sound and vibrate for a second after visiting a maliciously coded Web site. The same exploit could also dial a phone number, send a text message, or turn on the microphone to eavesdrop remotely on conversations within the room.”
Apple has yet to respond as to when a software patch or upgrade will be released to resolve the issue.


iphone.jpg
A group of researchers working for Independent Security Evaluators have stated they’ve discovered a way to take control of Apple’s newly-released iPhone by way of a WiFi connection or tricking users into visiting a web site containing malicious code.
The hack also purportedly allows access to the personal information stored on the handset.
“Once you did manage to find a hole, you were in complete control,” said Charles A. Miller, principal security analyst for the Baltimore-based firm.
According to The New York Times, the company has alerted Apple to the vulnerability.
Miller demonstrated the hack by pointing his iPhone’s web browser to a specific web site. Once the site had loaded, the iPhone followed a set of instructions that transmitted a set of files over the web site. These files included recent text messages as well as contact information stored within the iPhone.
“We can get any file we want,” said Miller.
Miller also commented that this was representative of cell phones, which are now essentially full-grade computers, having computer-level problems. Though not the end of the world, users should be careful about accessing random public WiFi networks and which web sites they visit.
Per CNET’s Crave blog, a second exploit has also been found via this method:
“A second exploit developed by the researchers caused the iPhone to make a system sound and vibrate for a second after visiting a maliciously coded Web site. The same exploit could also dial a phone number, send a text message, or turn on the microphone to eavesdrop remotely on conversations within the room.”
Apple has yet to respond as to when a software patch or upgrade will be released to resolve the issue.

Recent Posts