Skip to navigation
   
Asavin Wattanajantra's Blog
RSS

Apple iPhone vulnerability ‘as bad as it gets’

By Asavin Wattanajantra in Editorial

Posted in Charlie Miller, hack, iPhone, Apple on July 3, 2009 at 2:56 pm

Permalink | Author Profile

Charlie Miller, well known in the security world for hacking Apple’s Safari browser in seconds, has found a new vulnerability in the iPhone that security vendor F-Secure has described as “bad as it gets”.

According to the original article,  the vulnerability appears to allow unsigned code to run which circumvents a core part of the iPhone’s security model. Usually it is only able to run signed code, like Apps approved by Apple.

Miller said it doesn’t even need user-interaction, and exploits a weakness in the way the iPhone’s handles SMS text messages. He wouldn’t provide more details of the problem, and it looks like Apple are trying to hurry a patch to secure the exploit.

He also claimed that the malicious code could have been used to monitor the location of the phone using GPS, turn on the phone’s microphone to listen to conversations, or even make it join a botnet or denial of service attack.

It isn’t the first time that Miller has found weaknesses in Apple products. As well as the Safari hack, in April Miller found a different weakness in the previous version iPhone.

However, he says that the iPhone OS is more secure than the full Mac OS X as it removes applications and features like support for Adobe Flash and Java, which PC users have learned is a serious weak point on Windows.

However as the Register also reports,  an SMS attack is very crafty, and something very difficult for iPhone users to protect against.

Charlie Miller will reveal more at the Black Hat conference later this month.

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

university of portsmouth Second Life Olympics multimedia David Blunkett Firefox Twitpocalypse journalism phone poking status government paranoia worm broadband FBI streaming rickrolling IM Black Hat satnav Sega pod casting BERTI social media ASA death update Microsoft research PR hack replies internet BlackBerry Mario ENISA downloading nokia smartphone Apple iPhone sony playstation Nintendo Sega Sinclair Spectrum gaming Mario Sonic hype malware top ten tips RSS staff SQL injection brainwaves NHS opinion pride DNSSEC alibi cyber crime password feed news ducks instant messaging future Digital Britain human clones tool privacy robots teenagers Daily Mail Lewis hamilton Kaminsky surveillance unlimited lapto Flurry cybercrime hackers Wherecloud video games flaw Steve Jobs Google Maps YouTube software eBooks Scrabble Cisco Digg Dark Market Hitwise Friendfeed Mozilla Google Street View Farmville Mafia Wars Klingon spam swear words kill Star Trek Nintendo control Transformers pirate bendy James Bond Bill Gates military traffic remote working World of Warcraft credit card data Pirate Bay Google Reader fire fun IT PRO ID cards data breaches Fraud hacking app Beijing sightings crime Google alcohol Facebook murder RPG virtual worlds uSwitch Sonic music Terminator video crime map Google illegal Amazon phishing tech growth morph offline vote Spotify Christmas Kindle website browser MMORPG hatred DNS flexible working Sophos legal trend micro science medials Clampi old school Twitter funny flashmob mobile Republicans brain filters
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement