iPhone hack claimed by security researchers
The iPhone, Apple’s first attempt at manufacturing a mobile phone,was launched to much hype in the US at the end of June.
This is the first serious attempt to hack the device, although hackers started work on the device within days of its launch.
Security researchers from Maryland-based penetration testing firm Independent Security Evaluators (ISE)say they have written two exploits that take advantage of “serious problems with the design and implementation of security on the iPhone”. They claimthat one of the exploits, for the Safari web browser on the iPhone,could be used for stealing data.
The researchers used an unmodified iPhone to surf to a malicious HTML document they had created. When this page was viewed, the payload forced the iPhone to make an outbound connection to a serverthat the researchers controlled. The compromised iPhone then sent personal data including SMS text messages, contact information, call history and voicemail information over the connection.
Thesecond exploit created by the researchers enabled them to perform so-called “physical actions” on the iPhone. Using their iPhone to visit a second malicious web page, they forced the device to “vibrate for a second”.
They alsoraised the spectre of premium-rate rogue-dialler fraud, and the use of the iPhone as a bugging device. By using other API functions, the researchers claimed the exploit could have “dialled phone numbers, sent text messages or recorded audio as a bugging device, and transmitted it over the network for later collection by a malicious party”.
