The InformationWeek -- Blogs
Over The Air

Mobility Breifing Center -- Sponsored by Windows Mobile
Topics:   Apple Unvarnished : Google : Mobile

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share
  • icon

iPhone Is A Bigger Security Risk Than You Think


Posted by Stephen Wellman, Nov 18, 2007 04:13 PM

Just when it looked like the iPhone might make headway with the business market, a security expert shows just how vulnerable the iPhone really is to hackers.

Here is a video with security expert Rik Farrow showing how one might hack an iPhone:

The full article from Fast Company is pretty scary. Here is a look at the findings:

As a result, there are a number of ways to exploit the iPhone's defenses. If you know your target's phone number, you could text message a link to a malicious Website, which would covertly install a third-party application executing malicious code. The corollary would be to send your target an e-mail with a nefarious attachment; he clicks on it and the attacker "owns" the phone. Or there's always the "man-in-the-middle" (MITM) attack, which is perhaps the most James Bondian: You sit in, say, Starbucks with a laptop set up, as part of the ruse, to operate as a Wi-Fi access point, so a target's Web browsing and e-mail pass through your computer first. (How can you tell who has an iPhone as opposed to someone with a standard laptop, rival smartphone, or PDA? Simple -- the exploit only works on iPhones.) "This method would allow exploitation of any application that downloads images from the Internet," Moore says. "This covers standard Web-browsing using Safari, but also includes the iTunes Music Store, the YouTube video browser, and the Google Maps application."

Now, before you go and lock your iPhone in a vault lined with tin foil let me point this out:

"Taking over a PC allows you to install spam distribution servers that shoot out ads," says Daniel Eran Dilger, a San Francisco-based technical consultant and contributing editor to AppleInsider. "There's no real business model behind the kind of spy surveillance imagined by many writers." And Apple (which declined to comment), in its latest patch, inoculated the iPhone against the Metasploit that Farrow used. But in the cat-and-mouse game that hackers and companies like Apple play, you can be sure someone somewhere is hatching up new schemes to hack the iPhone. Perhaps they already have.

What do you think? Are iPhones vulnerable to Metasploit and other hacks? Will we see lots of iPhone users hacked in the next few weeks and months? Or is this just more gloom and doom from security experts?

« Is AT&T About To Join The Google Android Alliance? | Main | Nokia Explains Web 2.0 With Video »



Sign up now for the weekly InformationWeek Blog Newsletter.


This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.