To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://hardware.silicon.com/pdas/0,39024643,39167928,00.htm

iPhone 'data-stealing' hack claimed
Has Apple's mobile already been owned?

By Tom Espiner

Published: Tuesday 24 July 2007

Security researchers claim to have hacked the iPhone.

The iPhone, Apple's first attempt at manufacturing a mobile phone, was launched to much hype in the US at the end of June.

This is the first serious attempt to hack the device, although hackers started work on the device within days of its launch.

Security researchers from penetration testing company Independent Security Evaluators (ISE) say they have written two exploits that take advantage of "serious problems with the design and implementation of security on the iPhone". They claim that one of the exploits, for the Safari web browser on the iPhone, could be used for stealing data.

The researchers used an unmodified iPhone to surf to a malicious HTML document they had created. When this page was viewed, the payload forced the iPhone to make an outbound connection to a server that the researchers controlled. The compromised iPhone then sent personal data including SMS text messages, contact information, call history and voicemail information over the connection.

The second exploit created by the researchers enabled them to perform so-called "physical actions" on the iPhone. Using their iPhone to visit a second malicious web page, they forced the device to "vibrate for a second".

They also raised the spectre of premium-rate rogue-dialler fraud, and the use of the iPhone as a bugging device. By using other API functions, the researchers claimed the exploit could have "dialled phone numbers, sent text messages or recorded audio as a bugging device, and transmitted it over the network for later collection by a malicious party".

The security researchers claim the iPhone's "most glaring" security fault is that all major processes run with administrative privileges. This is a problem because a compromise of any application gives a attacker full access to the device.

The number of ways the iPhone can be attacked has been reduced by stripping down OS X. But, as on the desktop version of OS X, iPhone software does not utilise security practices such as address randomisation, which would make exploiting the operating system more difficult, said the researchers.

The researchers wrote in a whitepaper: "These weaknesses allow for the easy development of stable exploit code once a vulnerability is discovered." They said they were unwilling to divulge any more details about the exploits until the Black Hat security conference in Las Vegas in August, because Apple was only notified of their research findings on 17 July.

In response to news of the hack, Apple said: "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."

Tom Espiner writes for ZDNet UK