iPhone Security Flaw Lets Hackers Access All of Your Personal Data on iPhone - 2,489 Views,
|
Previous Article « Website Gives You Cash for Old Cell Phones! The Perfect Answer to “What to Do with an Old Cell Phone?”!
Read Next Article » How to Whitelist in Gmail
An independent security research outfit has found a gaping security hole in the iPhone. They have found that someone needs only embed the correct malicious code on a web page, and when an iPhone visits the web page, it will essentially cooperate with any instruction given to it through the code. The researchers at Independent Security Evaluators (ISE) were easily able to get the iPhones to give up “the log of SMS messages, the address book, the call history, and the voicemail data,” which the iPhones readily transmitted to them. According to ISE, “this code could be replaced with code that does anything that the iPhone can do. It could send the user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.” ISE’s report goes on to explain that “The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone. There are several delivery vectors that an attacker might utilize to get a victim to open such a web page. For example: * An attacker controlled wireless access point: Because the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user by replacing the requested page with a page containing the exploit. You can read the entire report here: Security Evaluator’s report of iPhone security flaw
Follow Anne on Twitter
Friend Anne on Facebook
* A misconfigured forum website: If a web forum’s software is not configured to prevent users from including potentially dangerous data in their posts, an attacker could cause the exploit to run in any iPhone browser that viewed the thread. (This would require some slight changes in our proof of concept exploit, however.)
* A link delivered via e-mail or SMS: If an attacker can trick a user into opening a website that the attacker controls, the attacker can easily embed the exploit into the main page of the website.”
iPhone Security Flaw Lets Hackers Access All of Your Personal Data on iPhone
Twitter Explained in Plain English
Previous Article « Website Gives You Cash for Old Cell Phones! The Perfect Answer to “What to Do with an Old Cell Phone?”!
Read Next Article » How to Whitelist in Gmail
Read more:
» Jailbroken iPhones All at Risk for Same Hack - Fortunately the Fix is Easy
» FlexiSpy Announces Cell Phone Tapping Software for iPhone
» The Hot Question of the Month is “Can I Tether My Laptop with an iPhone?”, and the Answer is…
» iPhone Users Sucking the Very Life Energy Out of AT and T Network
For additional similar stories check out our archives on Apple & Mac, Cell Phones, Security
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
