In what appears to be the first successful hack of Apple's iPhone, a group of security experts have shown how to take control of the device remotely using its internet connection.
The researchers at Independent Security Evaluators (ISE) demonstrated that by tricking the phone into accessing a particular website, or by using a rogue wi-fi connection, hackers could force the phone to forward on personal information, such as text messages and contact numbers.
By installing a piece of malicious code in the iPhone via its Safari internet browser, a hacker could take "complete control" of the device, Charles Miller, principal security analyst at ISE, said.
The firm said that it had spoken with Apple about the vulnerability, and suggested that a software patch could fix the problem.
An Apple spokeswoman told The New York Times: "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users.
"We’re looking into the report submitted by ISE and always welcome feedback on how to improve our security," she said.
On a website detailing the hack, www.exploitingiphone.com, Dr Miller said that the most likely scenarios in which iPhone owners would fall victim were if they opened a link in an e-mail or text message, or if they connected to the internet via a rogue wi-fi access point controlled by hackers.
A piece of malicious code would initially read the phone's text messages, address book, call history and voicemail data and then forward this on to the attacker, "but this code could be replaced with code that does anything that the iPhone can do", he said.
"It could send the user's mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker."
No comments:
Post a Comment