iPhone Security Flaw Lets Hackers Access All of Your Personal Data on iPhone
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

An independent security research outfit has found a gaping security hole in the iPhone. They have found that someone needs only embed the correct malicious code on a web page, and when an iPhone visits the web page, it will essentially cooperate with any instruction given to it through the code.

The researchers at Independent Security Evaluators (ISE) were easily able to get the iPhones to give up “the log of SMS messages, the address book, the call history, and the voicemail data,” which the iPhones readily transmitted to them.


According to ISE, “this code could be replaced with code that does anything that the iPhone can do. It could send the user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.”

ISE’s report goes on to explain that “The exploit is delivered via a malicious web page opened in the Safari browser on the iPhone. There are several delivery vectors that an attacker might utilize to get a victim to open such a web page. For example:

* An attacker controlled wireless access point: Because the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user by replacing the requested page with a page containing the exploit.
* A misconfigured forum website: If a web forum’s software is not configured to prevent users from including potentially dangerous data in their posts, an attacker could cause the exploit to run in any iPhone browser that viewed the thread. (This would require some slight changes in our proof of concept exploit, however.)
* A link delivered via e-mail or SMS: If an attacker can trick a user into opening a website that the attacker controls, the attacker can easily embed the exploit into the main page of the website.”

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

You can read the entire report here: Security Evaluator’s report of iPhone security flaw

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.