jump to navigation

Your iPhone has a hole July 24, 2007

Posted by reverseengineer in Apple Inc., Hacks, iPhone, Security, Video.

Some nice folk with lots of time on their hands at Independent Security Evaluators thought it might be fun to find a vulnerability in the iPhone, and after a couple of weeks of on-again, off-again work, inevitably found one.

Then they followed the hole to its logical conclusion – a full, workable exploit, which probed with tools made by the other nice folk at #iphone dev still feverish trying to crack the phone after a month, can do stuff like steal your SMS messages, address book, call history and voicemail, among other things. This is done using a malicious website opened on Safari on the iPhone.

More a proof of concept than actual malicious intention, the ISE people have informed the mothership so patches can be created, and full disclosure will be made with fanfare in Las Vegas at Black Hat USA 2007 on Aug. 2 at precisely 4:45pm. Meantime, details abound on the net:

Article from the New York Times here.

YouTube video here.

PDF of preliminary technical paper here.

ISE website with instructions here.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: