iPhone Security Flaw Lets Hackers Access All of Your Personal Data on iPhone

   3/28/2023 |  7/23/2007 |  Leave a comment
Categories: Apple and Mac, Mobile Phones and Smartphones, Security
The Internet Patrol default featured image
Share the knowledge

An independent security research outfit has found a gaping security hole in the iPhone. They have found that someone needs only embed the correct malicious code on a web page, and when an iPhone visits the web page, it will essentially cooperate with any instruction given to it through the code.

The researchers at Independent Security Evaluators (ISE) were easily able to get the iPhones to give up “the log of SMS messages, the address book, the call history, and the voicemail data,” which the iPhones readily transmitted to them.

According to ISE, “this code could be replaced with code that does anything that the iPhone can do. It could send the user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.”

ISE’s report goes on to explain that “The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone. There are several delivery vectors that an attacker might utilize to get a victim to open such a web page. For example:

* An attacker controlled wireless access point: Because the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user by replacing the requested page with a page containing the exploit.
* A misconfigured forum website: If a web forum’s software is not configured to prevent users from including potentially dangerous data in their posts, an attacker could cause the exploit to run in any iPhone browser that viewed the thread. (This would require some slight changes in our proof of concept exploit, however.)
* A link delivered via e-mail or SMS: If an attacker can trick a user into opening a website that the attacker controls, the attacker can easily embed the exploit into the main page of the website.”

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

You can read the entire report here: Security Evaluator’s report of iPhone security flaw

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 

More from the Internet Patrol:

How to Disable Command-Q to Stop it from Closing Your Apps on Your Mac
Yes Hackers Really Do Hack Baby Monitors
What You Need to Know about Chip and PIN or Signature Cards
How to Fix the "To use the java command-line tool you need to install a JDK"
Apple Patents iPhone Landing Glass Side Up
How to Customize the Toolbar in a Reply Email in Apple Mac Mail
Paypal to Block Apple Safari Browser, Other Browsers
Yes, You Can Download All of Your iTunes Purchases Again

Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.