Monday, July 23, 2007

Security Firm Reveals iPhone Vulnerability

The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:

The company has setup a website which provides a video demo of the exploit as well as answers to questions, but does not provide would-be hackers any detailed instructions. Apple has reportedly been notified of findings. A full disclosure of the hack will be released at the Black Hat conference on August 2nd, while a preliminary report (PDF) is currently available.

According to the site, in their proof of concept, the exploit can read the log of SMS messages, address book, call history, voicemail data and transmit it to the malicious site.

The principal security analyst admits "It's not the end of the world; it's not the end of the iPhone" and it appears it hasn't changed their enjoyment of the iPhone itself. Even the security firm's founder states that while he may more cautious about using a random public WiFi network, "you'd have to pry it out of my cold, dead hands to get [the iPhone] away from me."

Read More

No comments:


THANK YOU FOR VISITING.