Bug Lets Hackers Take Over iPhone - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Bug Lets Hackers Take Over iPhone

Researchers at Independent Security Evaluators claim they've developed a proof-of-concept exploit for a bug, and they'll give the details about it at BlackHat.

After countless researchers have spent weeks trying to break Apple's new iPhone, three announced Sunday they have developed a proof-of-concept exploit for a vulnerability that would let a remote attacker steal information off the sought-after device.

The three researchers -- Dr. Charlie Miller, Jake Honoroff, and Joshua Mason -- are members of the software security team at Independent Security Evaluators, an information security consulting firm. An advisory on the company Web site noted that Miller will present the full details of the iPhone exploit at the BlackHat USA Conference in Las Vegas on Aug. 2.

The advisory also reported that the researchers notified Apple about the flaw and proposed a fix that they could include in a future iPhone update. They noted that Apple responded and said it's looking into it.

They also noted in their advisory that the vulnerability is present in both the Mac and Windows versions of the Safari Web browser, though it may not be exploitable there.

"Within two weeks of part-time work, we had successfully discovered a vulnerability, developed a toolchain for working with the iPhone's architecture (which also includes some tools from the #iphone-dev community), and created a proof-of-concept exploit capable of delivering files from the user's iPhone to a remote attacker," researchers wrote in the advisory. "The exploit is delivered via a malicious Web page opened in the Safari browser on the iPhone. There are several delivery vectors that an attacker might utilize to get a victim to open such a Web page."

When the iPhone's version of Safari opens a malicious Web page, arbitrary code embedded in the exploit is run with administrative privileges, the researchers said.

"In our proof of concept, this code reads the log of SMS messages, the address book, the call history, and the voicemail data," researchers wrote. "It then transmits all this information to the attacker. However, this code could be replaced with code that does anything that the iPhone can do. It could send the user's mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker."

The advisory noted that since the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to replace the requested page with a page containing the exploit.

The researchers also noted that if an attacker can trick a user into opening a malicious Web site, the attacker can easily embed the exploit into the main page of the Web site.

Researchers are holding back detailed information until BlackHat.

The researchers advised iPhone users to visit only Web sites that they trust, only use trusted Wi-Fi networks, and don't open any Web links in e-mails.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
Register for InformationWeek Newsletters
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll