iPhone Hacked via Website - Steal Info?

[SimonTuffGuy]

http://abcnews.go.com/Technology/sto...3404299&page=1

Quote:

It seems the so-called "Jesus Phone" is not so perfect.

According to a security consulting firm, the iPhone can easily be taken control of by hackers, leaving your personal information out in the open.

According to the Maryland-based firm Independent Security Evaluators, hackers can take over an iPhone if a user accesses a Web site designed by the hacker.

For example, an attacker can send an iPhone user an e-mail that says, "'Check this link out. It's great,'" Charles Miller, the firm's principal security analyst, told ABCNEWS.com.

If the user then clicks on the link to the site, the person controlling the site can access anything on the user's iPhone, including text messages, e-mails, phone numbers and address books. In other words, hackers can access "stuff you don't want people to know about," Miller said.

"People put all sorts of information on it. It's important that they work properly," Miller said of the phone. "That was our main motivation. We want to make sure we can feel safe and comfortable carrying them around."

Potentially, the method can also be used to send text messages and dial calls from the phone, although Miller said that Security Evaluators did not test for this capability specifically.


Public Wi-Fi a Concern
The firm began looking into potential security issues last Monday when the company's founder, Avi Rubin, was showing off his iPhone, Miller said.

"He gave us the proposition," Miller said. "'If you guys think you can do it.' He gave us a week and an iPhone to play with."

When the firm made the discovery last week, it called Apple to warn about the issue.

"They haven't said a whole lot to us," Miller said. "They basically acknowledged that they were looking into it."

Apple told ABCNews.com that the company is looking into the firm's report.

"We always welcome feedback on how to improve our security," said Lynn Fox, an Apple spokeswoman.

The security firm also found that the iPhone could also be hacked using a public Wi-Fi connection, for example at an airport or a coffee shop, if the hacker set up an additional wall between users and the connection.

"I can basically sit between you and the real Web server you're talking to," Miller said. If the user connects to any Web page, the hacker can take control of the iPhone and the owner's information.

Although the test was only for the iPhone, Miller said that if future Wi-Fi capable phones have similar flaws, they probably can be accessed in a similar way.

[SimonTuffGuy]

Thoughts or concerns? I can see this happening just about anywhere, with any device... Your computer is similar without the proper firewall in place...

Hopefully Apple will step up, acknowledge it and get it fixed.

[Kender]

I've been hearing this report bandied about for almost a week now - and from what I can gather, it's a standard man-in-the-middle attack, and it is only going to really hurt (and this isn't politically correct, but truth hurts) stupid people.

"Ooh! I should click on this link to see an e-Card someone sent me!" *virus on your PC*

The media and the anti-Mac folks are just getting their glee on by finding a flaw. It's a security hole - they found it and informed Apple, Apple will patch. This happens with glaring regularity on Windows, and people just see this as the Apple folk "getting their own".

To me, it just makes me glad I'm not dumb enough to randomly open links in emails.