Newsletter:

Skip Navigation LinksHome > News > Security > Remote control flaw found in iPhone

Site Map |

Remote control flaw found in iPhone

By Iain Thomson
24 July 2007 06:48AM
Tags: remote | control | flaw | iphone

A team of security researchers in the United States claims to have found a flaw in Apple's popular iPhone that would allow a hacker to take complete control of the device via Wi-Fi.

Independent Security Evaluators, headed by a former professor at Johns Hopkins University, found the hole last week, developed a patch and alerted Apple about the problem.

"There are serious problems with the design and implementation of security on the iPhone," said the company in a paper on the hack.

"The most glaring is that all processes of interest run with administrative privileges. This implies that a compromise of any application gives an attacker full access to the device."

The exploit uses a web page with malware built in that can access the phone via the Safari browser. This can either be used to force the phone to send out personal information stored in its files or to take control of the device and make it place outgoing calls to other numbers.

"Unfortunately, once an iPhone application is breached by an attacker, very little prevents an attacker from obtaining complete control of the system," the team report.

"Additionally, no address randomization was used in by the operating system. This means that each time a process runs, the stack, heap, and executable code is located at precisely the same spot in memory. This helps attackers write reliable exploit code."

Experts have already warned that the phone may be as insurance as a PC because of its powerful operating system and problems have already been reported with the dialler software.

Matt Bancroft, VP of mobile device management company mformation said, “All mobile phones are becoming more powerful - the iPhone is really a sophisticated mini computer.

"As we get more powerful mobile devices, it is inevitable that we will get more security issues and threats to mobile devices. The key is to manage the device once it is in the hands of the user. Being able to update or patch the security and applications over the air in an ever changing environment is the way forward."

Copyright © 2008 vnunet.com

   


Ads by Google


Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 


 
Tripwire - Click here to win an iTouch

Tags

access apple application blackberry control critical flaw hackers hits iphone microsoft mobile optus remote sales security smartphone telstra vodafone windows


Product Reviews

Lieberman Software Enterprise Random PM
Star Rating
The Lieberman Software Enterprise Random Pass­word Manager is a full-on password manager and randomiser for...
Proginet Corporation SecurForce
Star Rating
Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.
Siber Systems RoboForm Enterprise
Star Rating
On the surface, RoboForm Enterprise starts out looking like a single sign-on product, but that is just on the...
Symark International PowerBroker
Star Rating
The Symark PowerBroker is a policy-driven, privileged access control application.
Symark International PowerKeeper
Star Rating
The Symark PowerKeeper is a hardened appliance. It comes with a sealed operating system that provides a...
iTnews 2009 Job Survey

TopTopics
(28010) -  top
(3792) -  microsoft
(3265) -  acma
(2664) -  company
(2520) -  telstra
(2469) -  terria
(2182) -  broadband
(2114) -  content
(2079) -  data
(1922) -  isp
(1647) -  nbn
(1641) -  internode
(1545) -  filtering
(1504) -  voip
(1370) -  centre