Security experts claim first iPhone hack::Binu G in Thiruvananthapuram : Mobile blog at Rediff iLand

Welcome Guest, | Create your own iLand

| Sign In | New User? Get Started

iLand

Blogs

Friends/Contributors

Guestbook

Binu G

Categories

Technical
Life
Personal
Mobile

Favourites 1

Binu G

What is an RSS feed?

RSS Feed

redhacker.rediffiland.com/

<<previous | next>>

Sunday 23 November, 2008

By Binu G 20:33 | 25/Jul/2007 |

1 Comment(s)

Add Binu G as Friend

Write to Binu G

Forward this link

Security experts claim first iPhone hack

Hackers could take control of an iPhone and gain access to text messages and contact information, experts say

A
vulnarabilty has found in the Apple Inc.'s iPhone handset that can help
an attacker to gain access to the private data stored on it. This flaw
has found by a team of security expert of Independent Security
Evaluators (ISE). Hackers could gain access to the iPhone
through a wireless access point or through a website controlled by the
attacker. This was the first major security incident reported.

Numerous hackers have been working to gain access to the iPhone in order to activate certain features or to allow it to be
used on cellular networks. However, this is the first major exploitation of an iPhone security flaw.

The expolit is delivered via a malicious web page opened in the Safari browser on the iPhone, ISE said on its Website. There are several methods that an attacker utilize to get a victim to open such a webpage.

1. An attacker controlled wireless access point:

The
iPhone connects to wireless Internet access networks, such as Wi-Fi, an
attacker could create a network with the same name and encryption
method as one the handset already uses. The attacker could then
substitute a Web page with exploit code to gain access to the phone.

2. A miss configured forum website:

On a website detailing the hack, www.exploitingiphon e.com,
Dr Miller said that the most likely scenarios in which iPhone owners
would fall victim were if they opened a link in an e-mail or text
message, or if they connected to the internet via a rogue wi-fi access
point controlled by hackers.

A
link planted on an unedited or unmoderated online forum, an attacker
could cause the exploit to run in any iPhone browser that viewed the
thread.

3. A link delivered via e-mail or SMS:

A link sent by SMS or e-mail to use make use of the flaw and gain access to the handset.

The
ISE said that when the iPhone's Safari browser opens a malicious Web
page, malicious code can be run on the phone via the flaw, allowing the
attacker to read the iPhone's SMS log, address book, call history, and
voicemail information, which are also then sent to the attacker. It
could send the user's mail passwords to the attacker, send text
messages that sign the user up for pay services, or record audio that
could be relayed to the attacker.

Category: Mobile | Permalink