iPhone

iPhone security vulnerabilities found


iPhone security vulnerabilities have been found, with a YouTube video demonstrating the consequences: Your phone is pwned and the cracker may send any data anywhere or send your iPhone on an expensive overseas dialing spree. Reward to the researchers? A free, albeit insecure iPhone.

“You’d have to pry it out of my cold, dead hands to get it away from me,” said the Johns Hopkins researcher who founded the organization that found the flaw and created www.exploitingiphone.com. He also told the New York Times reporter who broke the news, “I will think twice before getting on a random public Wi-Fi network now.”

But, a man-in-the-middle attack using public Wi-Fi isn't the only way to crack the iPhone. If an iPhone user clicks on a link in a spoofed e-mail to an attacker's Web site or finds an attacker's Web site in any other way (i.e., Web search, a link on a BBS, or from a newsgroup), code injection from a malign Web page allows the iPhone takeover.

An Apple rep confirmed receiving news of the exploit, but no reports of this attack in the wild have yet been found.

Will you advise your users not to use public Wi-Fi and not to go to untrusted Web sites when not on public Wi-Fi?

3 comments
BALTHOR
BALTHOR

Nothing will ever work right until you get rid of virus.He puts virus in every memory chip.

K7AAY
K7AAY

The security team which found the flaw recommended specific restrictions on iPhone use to avoid the vulnerability. Will you tell users you support, and tell your friends, they should adopt those limits?

Larry the Security Guy
Larry the Security Guy

My company doesn't use AT&T and so won't be issuing iPhones for company use. We don't have WiFi in house, and policy defines approved WiFi for remotes and travelers. None of my friends have an iPhone. I don't expect any of them to buy one in the near future.