You're viewing an article in iPO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site: Researchers Control iPhone Through Security Flaw

News

Researchers Control iPhone Through Security Flaw

Monday, July 23rd, 2007 at 8:10 AM - by

A group of security consultants working for Independent Security Evaluators claim they have found a flaw in Apple's iPhone that allows them to control the device and copy data from it. The researchers claim they can gain iPhone access through a Wi-Fi connection, or by tricking a user into visiting a Web site that contains malicious code, according to the New York Times.

Dr. Charles A. Miller, principal security analyst at ISE, noted that Apple has done a considerable amount of work to keep the iPhone secure, but added "Once you did manage to find a hole, you were in complete control."

The firm has already alerted Apple to its findings. Apple spokesperson Lynne Fox commented "We're looking into the report submitted by ISE and always welcome feedback on how to improve our security."

So far, there are no known reports of the exploit being used in the real world, but people interested in learning more about the hack will have a new resource available to them sometime on Monday. The researchers are launching a Web site that explains the vulnerability, but will not offer information on how to take advantage of it. They do, however, plan to reveal details during a presentation at the BlackHat conference on August 2 in Las Vegas.

This isn't the first report of potential security issues with the Apple's combination iPod and smart phone. Researchers from SPI Labs recently uncovered a flaw that could potentially allow an attacker to trick a user into dialing a different phone number than the one they intended. They, too, are working with Apple to resolve the issue.

5 comments from the community.

You can post your own below.

+ show options

Your current settings, click to change: Sort Oldest First, Show Guest Posts, Hide Community Stats

A guest said: (hide)

Mon Jul 23, 2007 9:01 am

The photo that accompanies the article appears to be Photoshopped. My iPhone does not display photo images all the way to the corners of the glass. I'm pretty much surprised that the NYTimes would all such a manipulation of "photos" to appear in their paper. (Didn't some NYTimes photographers get fired for messing with news photos?)

So I'm taking this "news article" with a grain of salt. There could be truth here. Or it could be another publicity stunt.

Quote this post ↓

ctopher said:

member since 25 Aug 2006 with 134 posts, unranked, send him a message or view his profile

Mon Jul 23, 2007 9:13 am

Look closely at the photo in the NYT article. The face is clearly reflected in the glass of an iPhone that's turned off. It's a cool photo, but I doubt the face has been pasted in.

I can see the ad campaigns now, "Yes, they offer the internet, the real internet. The internet where your identity can be ripped from you with one click!"

I believe this, it's Safari, it's not perfect. Are there known exploits for those other smart phone browsers? I wouldn't be surprised.

Quote this post ↓

A guest said: (hide)

Mon Jul 23, 2007 2:34 pm

the photo has nothing to do with the security flaw. The flaw is real and the exploit will be released next week if you don't believe it. Most people wereexpecting security flaws to surface but with Apple doing so many things in the name of security you would expect it to take longer than this. Putting in "full" browser but not allowing developers to make apps isn't exactly the smart way to ensure security for the user.

Quote this post ↓

Intruder said:

member since 07 Jul 2004 with 3149 posts, TMO Mac Specialist, send him a message or view his profile

Mon Jul 23, 2007 5:47 pm

Gee, ya think, JimB12?

Quote this post ↓

A guest said: (hide)

Tue Jul 31, 2007 11:34 am

Any news on whether or not Apple will be providing a patch for the flaw prior to the release of the exploit this week? The researchers gave them all the information that could be asked, even providing a suggestion of how to fix it. I surely hope that Apple can respond to this problem.

Quote this post ↓

Post Your Comments

  Remember Me

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.


Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.