Monday, July 23,2007 @ 1:00pm
iPhone security flaw offers complete control
A new security flaw in Apple's iPhone could allow attackers to access personal information such as SMS text messages and voice mails stored on the device, and could even provide malicious users with a means of recording the iPhone owner or taking photos with the handset's built-in digital camera. The exploit, which was discovered by a group of security researchers who plan to detail the hole at the BlackHat conference in Las Vegas on August 2nd, offers complete unfettered access to the phone with administrator privileges. The experts who discovered the flaw at Independent Security Evaluators are refusing to provide extensive details on the security flaw but said iPhone users need only access a maliciously crafted website or forum post to hand over complete control of their phone to that site's owner.
Attackers gain access to the iPhone in one of three ways: any iPhone that automatically connects to an attacker-controlled wireless access point with the same name and encryption type as a trusted network would be compromised; an improperly configured forum on any website could allow insertion of the exploit; and iPhone users opening a link delivered via email or an SMS message could unknowingly open a hostile website.
ISE researchers have already alerted Apple to the presence of the security flaw, and have offered a patch to the Cupertino-based company to repair the issue. A video is available showing the compromise of an iPhone's security.