iPhone Is A Bigger Security Risk Than You Think - InformationWeek
IoT
IoT
Mobile
Commentary
11/18/2007
04:13 PM
Stephen Wellman
Stephen Wellman
Commentary
50%
50%

iPhone Is A Bigger Security Risk Than You Think

Just when it looked like the iPhone might make headway with the business market, a security expert shows just how vulnerable the iPhone really is to hackers.

Just when it looked like the iPhone might make headway with the business market, a security expert shows just how vulnerable the iPhone really is to hackers.Here is a video with security expert Rik Farrow showing how one might hack an iPhone:

The full article from Fast Company is pretty scary. Here is a look at the findings:

As a result, there are a number of ways to exploit the iPhone's defenses. If you know your target's phone number, you could text message a link to a malicious Website, which would covertly install a third-party application executing malicious code. The corollary would be to send your target an e-mail with a nefarious attachment; he clicks on it and the attacker "owns" the phone. Or there's always the "man-in-the-middle" (MITM) attack, which is perhaps the most James Bondian: You sit in, say, Starbucks with a laptop set up, as part of the ruse, to operate as a Wi-Fi access point, so a target's Web browsing and e-mail pass through your computer first. (How can you tell who has an iPhone as opposed to someone with a standard laptop, rival smartphone, or PDA? Simple -- the exploit only works on iPhones.) "This method would allow exploitation of any application that downloads images from the Internet," Moore says. "This covers standard Web-browsing using Safari, but also includes the iTunes Music Store, the YouTube video browser, and the Google Maps application."

Now, before you go and lock your iPhone in a vault lined with tin foil let me point this out:

"Taking over a PC allows you to install spam distribution servers that shoot out ads," says Daniel Eran Dilger, a San Francisco-based technical consultant and contributing editor to AppleInsider. "There's no real business model behind the kind of spy surveillance imagined by many writers." And Apple (which declined to comment), in its latest patch, inoculated the iPhone against the Metasploit that Farrow used. But in the cat-and-mouse game that hackers and companies like Apple play, you can be sure someone somewhere is hatching up new schemes to hack the iPhone. Perhaps they already have.

What do you think? Are iPhones vulnerable to Metasploit and other hacks? Will we see lots of iPhone users hacked in the next few weeks and months? Or is this just more gloom and doom from security experts?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll