Security Alert: first iPhone vulnerability

vansouza

New Member
Bronze
Jul 11, 2007
164
0
0
Las Vegas, NV USA
www.usheroes.us
#1
Well the update will be coming now...

The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.



snatched the above from macrumors.com
 
Jun 7, 2007
545
0
16
Queens, NY
#2
The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.



snatched the above from macrumors.com
i don't really believe that. Especially from macrumors.
 

ob123

New Member
Bronze
Jul 3, 2007
29
0
0
#6
my internet always shuts off like that, im gonna assume that someone is messing around with my phone?
 

TrippalHealicks

New Member
Gold
Mar 2, 2007
1,341
0
0
#11
How the heck would anyone connect to your phone via WiFi, anyway?
I mean, it's like you would HAVE to be on a WiFi connection, and then you would HAVE TO go to some web address... They would have to have some way of giving you that URL before it would do them any good, at all.
In other words, they would have to have an email address, or your phone#, or something like that, before it would do them any good. Then they would have to actually have you on the same WiFi network as them.
I'm not even the least bit worried about this BS. lol
:cool:
 

jbaraga

Member
Bronze
Jun 26, 2007
270
0
16
Pittsburgh, PA
www.baraga.me
#12
How the heck would anyone connect to your phone via WiFi, anyway?
I mean, it's like you would HAVE to be on a WiFi connection, and then you would HAVE TO go to some web address... They would have to have some way of giving you that URL before it would do them any good, at all.
In other words, they would have to have an email address, or your phone#, or something like that, before it would do them any good. Then they would have to actually have you on the same WiFi network as them.
I'm not even the least bit worried about this BS. lol
:cool:
First of all, you're making some inaccurate statements. Re-read the quote:

"Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website OR WiFi connection..."

Essentially, all you would have to do in order to give a hacker complete access to the info on your iPhone is visit a particular website. You could be surfing anywhere, click a link to the site that with malicious code, and BAM...they're in. This vulnerability can be exploited that way OR simply through a shared WiFi connection where a hacker would have more direct access to your device.

The point is that it can be done, and for you not to be even remotely concerned is just silly. The fact that the vulnerability has been found means that people with bad intentions will ramp up their efforts to take advantage of it. I think you're underestimating the negative impact of complete strangers having full access to your text messages, e-mails, contacts, calendar, etc.

If Apple ever expects to capture any of the businesss user market, these are the kinds of things they're going to have to fix. Just because you don't keep any personal or confidential information on your device doesn't mean that others don't. Many corporate users exhange e-mails on a daily basis which are highly confidential in nature. Until that flaw is fixed, I can't see the corporate world warming up to the iPhone.
 

TrippalHealicks

New Member
Gold
Mar 2, 2007
1,341
0
0
#13
If Apple ever expects to capture any of the businesss user market, these are the kinds of things they're going to have to fix. Just because you don't keep any personal or confidential information on your device doesn't mean that others don't. Many corporate users exhange e-mails on a daily basis which are highly confidential in nature. Until that flaw is fixed, I can't see the corporate world warming up to the iPhone.
I don't think Apple ever intended to capture any part of that market.
My statement was purely based on opinion, btw.
I don't surf to anything but myspace, google, ebay and my bank's page with my phone, so none of this scares me at all.
 

Mark Booth

New Member
Bronze
Jun 28, 2007
62
0
0
#14
And some of you are missing the point that the exploit can access ALL the information on your iPhone. Names, addresses, telephone numbers, etc. And did you miss the part about how it could turn on the microphone and a person on the other end of the hack could record or listen to your conversation in the room without you knowing it is even happening?

The folks that have demonstrated this hack have already informed Apple of the vulnerability. Expect a security update from Apple sometime this week.

Mark
 

TrippalHealicks

New Member
Gold
Mar 2, 2007
1,341
0
0
#15
And some of you are missing the point that the exploit can access ALL the information on your iPhone. Names, addresses, telephone numbers, etc. And did you miss the part about how it could turn on the microphone and a person on the other end of the hack could record or listen to your conversation in the room without you knowing it is even happening?

The folks that have demonstrated this hack have already informed Apple of the vulnerability. Expect a security update from Apple sometime this week.

Mark
As a former trojan / back door pirate, this sounds awesome to me. lol
I don't do that kinda stuff anymore, but that is just cool as hell. lol
 

jbaraga

Member
Bronze
Jun 26, 2007
270
0
16
Pittsburgh, PA
www.baraga.me
#17
I don't think Apple ever intended to capture any part of that market.
My statement was purely based on opinion, btw.
I don't surf to anything but myspace, google, ebay and my bank's page with my phone, so none of this scares me at all.
So you're not at all concerned that someone has the ability to access your bank's website under your account.

Okaaaaay...

Isn't it enough for someone to tell you the stove is hot, or do you need to touch it to find out for yourself?
 

TrippalHealicks

New Member
Gold
Mar 2, 2007
1,341
0
0
#18
So you're not at all concerned that someone has the ability to access your bank's website under your account.

Okaaaaay...

Isn't it enough for someone to tell you the stove is hot, or do you need to touch it to find out for yourself?
No, still not worried. Sorry.