Wednesday, October 07, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Twitter 'Moments'To Highlight Best Tweets
Hololens, New Lumia Smartphones, Band, Surface Pro 4 and Surface Book Shined At Microsoft's Windows 10 Devices Event
Sharp Showcases Ultra HD Blu-ray Recorder, 8K TV at CEATEC 2015
EU Court Says EU-US Data Transfer Pact Is Invalid
New Roku 4 Streaming Player Supports 4K Resolution
Sharp Showcases RoboHon Mobile Robot At Ceatec
Skyworks to Buy PMC-Sierra for $2 Billion in Cash
Sony Semiconductor Solutions Corporation Established
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > Mobiles > iPhone ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, July 23, 2007
iPhone Vulnerable to Hackers

Apple 's iPhone may be vulnerable to hackers due to a flaw that allows them to take control of the device, according a report in the New York Times on Monday.

Three researchers working for Independent Security Evaluators, a company that tests its clients' computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code.

The iPhone runs a stripped down and customized version of Mac OS X on an ARM processor. Much of the device's claimed security is reliant on its restrictions against running third party applications. Only Javascipt code can be executed in the Safari web browser, ensuring that all such code executes in a "sandbox" environment. Many of the features of Safari have also been removed, such as the ability to use plug-ins such as Flash. Likewise, many filetypes cannot be downloaded. These actions serve to reduce the attack surface of the device.

"However, there are serious problems with the design and implementation of security on the iPhone," the researchers wrote in their report. "The most glaring is that all processes of interest run with administrative privileges. This implies that a compromise of any application gives an attacker full access to the device. Like the desktop versions of Mac OS X on which its operating system is based, the iPhone also does not utilize widely accepted practices, such as using address randomization or non-executable heaps, to make exploitation more difficult. These weaknesses allow for the easy development of stable exploit code once a vulnerability is discovered," they added.

To demonstrate these security weaknesses, the researchers created an exploit for the Safari browser on the iPhone. They used an unmodified iPhone to surf to a malicious HTML document that they created. "When this page was viewed, the payload of the exploit forced the iPhone to make an outbound connection to a server we controlled. The compromised iPhone then sent personal data including SMS text messages, contact information, call history, and voice mail information over this connection. All of this data was collected automatically and surreptitiously," the researchers said.

"After examination of the filesystem, it is clear that other personal data such as passwords, emails, and browsing history could be obtained from the device. We only retrieved some of the personal data but could just as easily have retrieved any information off the device," they added.

Additionally, the security consultants wrote a second exploit that performs physical actions on the phone. "When we viewed a second HTML page in our iPhone, it ran the second exploit payload which forced it to make a system sound and vibrate the phone for a second. Alternatively, by using other API functions we discovered, the exploit could have dialed phone numbers, sent text messages, or recorded audio (as a bugging device) and transmitted it over the network for later collection by a malicious party," the report concludes.

Apple was notified of these findings, including detailed technical documentation, on July 17th.

The New York Times said an Apple spokeswoman said the company took security "very seriously" and that it was looking into the report submitted by Independent Security Evaluators.

Nonprofit May Launch $350 Laptop by Christmas        All News        Helios Labs Launches the H2000
Karstadt Stores to Sell iPhone in Germany     Mobiles News      Nokia Starts Global Positioning Service

Get RSS feed Easy Print E-Mail this Message

Related News
New iPhone 6S and 6S Plus Offer Improved Durability for Longer Life
Apple Brings Apple Music, iTunes Movies And iBooks in China
OS X El Capitan Available as a Free Update
Apple's A9 SoC Is TSMC 16nm FinFET and Samsung Fabbed: report
Apple Trumpets Record iPhone Sales
New iPhones Hit Stores
Apple Unveils The Top 25 Apps Hit by Malware
Apple's Project For Own Electric Car Is Still Years Away
Apple Says iOS9 Runs In Half iPhones Already
Hackers Targetted Apple App Store
Apple Suggests Fix For iOS 9 'Slide to Upgrade' Bug
Apple iOS 9 Update Causes Headaches To Users

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .