Security Alert: first iPhone vulnerability

vansouza · Jul 23, 2007

Well the update will be coming now...

The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

snatched the above from macrumors.com

justahsquirrel · Jul 23, 2007

vansouza said:
The NY Times reports that researchers at a security firm Independent Security Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website or WiFi connection:The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

snatched the above from macrumors.com

i don't really believe that. Especially from macrumors.

aubrgene · Jul 23, 2007

An update will probably happen in three months.

RTpics · Jul 23, 2007

xoulo · Jul 23, 2007

..... why would someone want to know our text messages... :eek:

ob123 · Jul 23, 2007

my internet always shuts off like that, im gonna assume that someone is messing around with my phone?

vansouza · Jul 23, 2007

No...

ob123 said:
my internet always shuts off like that, im gonna assume that someone is messing around with my phone?

No, because the exploit is not it the "wild"; it is only in a lab somewhere.

ob123 · Jul 23, 2007

o ok good thats a relief ,sorry i read about it fast

RomeoSto · Jul 23, 2007

xoulo said:
..... why would someone want to know our text messages...

Haha i personally don't care if someone reads my text messages, in the end i'm gonna get all the action of course! Unless its my fiancé hacking my phone :oops:

that would be bad.

xoulo · Jul 23, 2007

RomeoSto said:
Haha i personally don't care if someone reads my text messages, in the end i'm gonna get all the action of course! Unless its my fiancé hacking my phone that would be bad.

LOL

TrippalHealicks · Jul 23, 2007

How the heck would anyone connect to your phone via WiFi, anyway?
I mean, it's like you would HAVE to be on a WiFi connection, and then you would HAVE TO go to some web address... They would have to have some way of giving you that URL before it would do them any good, at all.
In other words, they would have to have an email address, or your phone#, or something like that, before it would do them any good. Then they would have to actually have you on the same WiFi network as them.
I'm not even the least bit worried about this BS. lol
:cool:

jbaraga · Jul 23, 2007

TrippalHealicks said:
How the heck would anyone connect to your phone via WiFi, anyway?
I mean, it's like you would HAVE to be on a WiFi connection, and then you would HAVE TO go to some web address... They would have to have some way of giving you that URL before it would do them any good, at all.
In other words, they would have to have an email address, or your phone#, or something like that, before it would do them any good. Then they would have to actually have you on the same WiFi network as them.
I'm not even the least bit worried about this BS. lol

First of all, you're making some inaccurate statements. Re-read the quote:

"Evaluators have announced that they have found a vulnerability in the Apple iPhone that allows them to extract personal information and "take control" of the device from a malicious website OR WiFi connection..."

Essentially, all you would have to do in order to give a hacker complete access to the info on your iPhone is visit a particular website. You could be surfing anywhere, click a link to the site that with malicious code, and BAM...they're in. This vulnerability can be exploited that way OR simply through a shared WiFi connection where a hacker would have more direct access to your device.

The point is that it can be done, and for you not to be even remotely concerned is just silly. The fact that the vulnerability has been found means that people with bad intentions will ramp up their efforts to take advantage of it. I think you're underestimating the negative impact of complete strangers having full access to your text messages, e-mails, contacts, calendar, etc.

If Apple ever expects to capture any of the businesss user market, these are the kinds of things they're going to have to fix. Just because you don't keep any personal or confidential information on your device doesn't mean that others don't. Many corporate users exhange e-mails on a daily basis which are highly confidential in nature. Until that flaw is fixed, I can't see the corporate world warming up to the iPhone.

TrippalHealicks · Jul 23, 2007

jbaraga said:
If Apple ever expects to capture any of the businesss user market, these are the kinds of things they're going to have to fix. Just because you don't keep any personal or confidential information on your device doesn't mean that others don't. Many corporate users exhange e-mails on a daily basis which are highly confidential in nature. Until that flaw is fixed, I can't see the corporate world warming up to the iPhone.

I don't think Apple ever intended to capture any part of that market.
My statement was purely based on opinion, btw.
I don't surf to anything but myspace, google, ebay and my bank's page with my phone, so none of this scares me at all.

Mark Booth · Jul 23, 2007

And some of you are missing the point that the exploit can access ALL the information on your iPhone. Names, addresses, telephone numbers, etc. And did you miss the part about how it could turn on the microphone and a person on the other end of the hack could record or listen to your conversation in the room without you knowing it is even happening?

The folks that have demonstrated this hack have already informed Apple of the vulnerability. Expect a security update from Apple sometime this week.

Mark

TrippalHealicks · Jul 23, 2007

Mark Booth said:
And some of you are missing the point that the exploit can access ALL the information on your iPhone. Names, addresses, telephone numbers, etc. And did you miss the part about how it could turn on the microphone and a person on the other end of the hack could record or listen to your conversation in the room without you knowing it is even happening?

The folks that have demonstrated this hack have already informed Apple of the vulnerability. Expect a security update from Apple sometime this week.

Mark

As a former trojan / back door pirate, this sounds awesome to me. lol
I don't do that kinda stuff anymore, but that is just cool as hell. lol

Sobe · Jul 23, 2007

TrippalHealicks said:
As a former trojan / back door pirate, this sounds awesome to me. lol
I don't do that kinda stuff anymore, but that is just cool as hell. lol

Same here
:lol:

jbaraga · Jul 23, 2007

TrippalHealicks said:
I don't think Apple ever intended to capture any part of that market.
My statement was purely based on opinion, btw.
I don't surf to anything but myspace, google, ebay and my bank's page with my phone, so none of this scares me at all.

So you're not at all concerned that someone has the ability to access your bank's website under your account.

Okaaaaay...

Isn't it enough for someone to tell you the stove is hot, or do you need to touch it to find out for yourself?

TrippalHealicks · Jul 23, 2007

jbaraga said:
So you're not at all concerned that someone has the ability to access your bank's website under your account.

Okaaaaay...

Isn't it enough for someone to tell you the stove is hot, or do you need to touch it to find out for yourself?

No, still not worried. Sorry.

megaphore · Jul 23, 2007

No worries

I just think it's great they found this because it will mean we are gonna get an update sooner than expected

TrippalHealicks · Jul 23, 2007

megaphore said:
No worries I just think it's great they found this because it will mean we are gonna get an update sooner than expected

There ya go! Exactly! haha

Security Alert: first iPhone vulnerability

New Member

Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

Member

New Member

New Member

New Member

New Member

Member

New Member

New Member

New Member