iPhone security vulnerabilities have been found, with a YouTube video demonstrating the consequences: Your phone is pwned and the cracker may send any data anywhere or send your iPhone on an expensive overseas dialing spree. Reward to the researchers? A free, albeit insecure iPhone.
“You’d have to pry it out of my cold, dead hands to get it away from me,” said the Johns Hopkins researcher who founded the organization that found the flaw and created www.exploitingiphone.com. He also told the New York Times reporter who broke the news, “I will think twice before getting on a random public Wi-Fi network now.”
But, a man-in-the-middle attack using public Wi-Fi isn’t the only way to crack the iPhone. If an iPhone user clicks on a link in a spoofed e-mail to an attacker’s Web site or finds an attacker’s Web site in any other way (i.e., Web search, a link on a BBS, or from a newsgroup), code injection from a malign Web page allows the iPhone takeover.
An Apple rep confirmed receiving news of the exploit, but no reports of this attack in the wild have yet been found.