iPhone Security Flaws Exposed

Posted by Matthew Harwood, Web Editor

A team of computer security consultants, according to The New York Times, has found a significant security flaw in one of the hottest items this summer: Apple's iPhone.

According to consultants working for Baltimore-based Independent Security Evaluators, a computer security firm, the iPhone was susceptible to being hacked when the phone's user connected to the Internet over a WiFi connection or surfing onto a bogus site where malicious code was installed. Once inside the phone, the invader has access to whatever personal information is stored in the phone.

A demonstration showed what a hacker can do when he commandeers an iPhone:

The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages - including one that had been sent to the reporter’s cellphone moments before - as well as telephone contacts and e-mail addresses.

"We can get any file we want," [Charles Miller, chief security analyst for ISE] said. Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.

For the Website and related technical paper explaining the iPhone's vulnerabilities more fully, click here and here.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.