Security Firm: iPhone Can Be Hacked

July 23, 2007
Security experts were able to exploit a flaw in Apple’s iPhone in order to remotely control the device and divulge personal information like text messages, contact information, call history and voicemail.

Security experts were able to exploit a flaw in Apple’s iPhone in order to remotely control the device and divulge personal information like text messages, contact information, call history and voicemail. Such a hack could take place via a bad website or by tricking users into connecting to a malicious wireless access point, according to a team of researchers from Baltimore-based Independent Security Evaluators (ISE). For the test, the team—Charlie Miller, Jake Honoroff and Joshua Mason—inserted a bit of code through a vulnerability in iPhone’s Safari web browser to take control of the phone. The team created a malicious HTML document that, when viewed through the phone's Safari browser, forced it to make an outbound connection to one of ISE’s servers. Though the team only retrieved personal data, it said it could “just as easily have retrieved any information off the device,” according to an ISE release. Through a second exploit, researchers said they could program the phone to dial phone numbers, send text message or record audio (as a bugging device) and subsequently transmit it over the network for later collection. A serious problem with iPhone security is that all processes of interest run with administrative privileges, meaning a compromise of any application gives an attacker full access to the device, according to the release. Additionally, the iPhone doesn’t utilize widely-accepted practices like address randomization or non-executable heaps to make exploitation more difficult, the company said. ISE will today post details about the vulnerability (though not a hacker’s guide) on www.exploitingiphone.com. Full technical details will be disclosed on Aug. 2, after Apple has had sufficient time to create software patches.

Sponsored Recommendations

Understanding Thermal Challenges in EV Charging Applications

March 28, 2024
As EVs emerge as the dominant mode of transportation, factors such as battery range and quicker charging rates will play pivotal roles in the global economy.

Board-Mount DC/DC Converters in Medical Applications

March 27, 2024
AC/DC or board-mount DC/DC converters provide power for medical devices. This article explains why isolation might be needed and which safety standards apply.

Use Rugged Multiband Antennas to Solve the Mobile Connectivity Challenge

March 27, 2024
Selecting and using antennas for mobile applications requires attention to electrical, mechanical, and environmental characteristics: TE modules can help.

Out-of-the-box Cellular and Wi-Fi connectivity with AWS IoT ExpressLink

March 27, 2024
This demo shows how to enroll LTE-M and Wi-Fi evaluation boards with AWS IoT Core, set up a Connected Health Solution as well as AWS AT commands and AWS IoT ExpressLink security...

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!