|
|
|
First iPhone Flaw Found |
|
|
|
Written by Adam Gosling
|
|
Tuesday, 24 July 2007 |
Security consultants from Baltimore claim to be the first to discover a security flaw in the Apple iPhone that would allow an attacker to gain total control over the hugely popular device - obtaining information, making calls or listening in.
According to a report in the New York Times
a team the computer security consultants say the flaw in the Apple
iPhone allows them to take control of the device. The researchers
demonstrated the exploit implementing it when an attack
code was automatically injected into the device when it visited a
specially prepared Website, but the report suggests that the
same flaw would allow an attacker to take control of the iPhone via the
device's Wi-Fi connection.
The researchers, Independent Security Evaluators (or I.S.E.), claim the
vulnerability is a buffer
overflow flaw in
the device's Web browser. The iPhone browser is based on Apple's PC
browser Safari which the researchers say has the same flaw. The
researcher had planned to expose that Buffer Overrun flaw next month at
a Black Hat conference.
Once cracked, the phone could be made to follow instructions
in the attack code such as transmitting files such as contacts and
e-mail addresses. Dr.
Charles A. Miller, the principal security analyst for the firm Told the
NYT: "Once you did manage to find a hole, you were in complete
control." The attack could be used to program the phone to make calls,
running up large bills or even turning it into a portable bugging
device, said the report.
Apple said they are looking into the claims made by the security
firm, but did not confirm whether it would implement the software patch
it proposed as a solution to the problem.
While there are no known attackers exploiting the flaw this could
change as the researchers plan to detail the vulnerability on a Website
called www.exploitingiphone.com.
Related news items Newer news items
Older news items |
|
|
