Security researchers find a dangerous iPhone flaw

The hole in the iPhone lets attackers gain access to users' private information.

Published July 23, 2007 11:10AM (EDT)

Computer security experts at a company called Independent Security Evaluators have discovered a flaw in the iPhone that lets attackers gain full access to the device, potentially making users' private information privy to prying eyes.

The hack -- first reported by John Schwartz in Monday's New York Times -- can be activated through a malicious Web site, a Wi-Fi access point or a link sent to the phone through e-mail or a text message. After it's activated, an attacker can make the phone transmit files or passwords, run up wireless services or even record audio and relay it back to the attacker.

Expect the hack to be fixed promptly. The firm has already sent details of the hack -- and a potential solution -- to Apple, and a company spokeswoman tells the Times that Apple is on the case.

But as Aviel Rubin, the founder of ISE, tells the Times, the flaw only highlights an inevitable corollary to the iPhone's success: "The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back," he says. The iPhone's a complex little machine, and it runs a popular program -- the Safari Web browser -- that security researchers haven't found too safe. Indeed, Charles Miller, a security analyst at ISE, stumbled on the iPhone flaw after finding a similar hole in Safari. In other words, this likely isn't the last security hole someone will find in the iPhone.

Necessary caveat: None of this is to say that any other phone is more secure than the iPhone; probably every phone at your standard cellphone store can be exploited by the likes of Rubin and his crew. Until this hole's sealed, researchers advise iPhone users to visit only Web sites they trust; to use only Wi-Fi networks they trust; and to not open Web links from e-mail messages.

And note what Rubin tells the Times about his iPhone, even knowing what he knows about its security: "You'd have to pry it out of my cold, dead hands to get it away from me."


By Farhad Manjoo

Farhad Manjoo is a Salon staff writer and the author of True Enough: Learning to Live in a Post-Fact Society.

MORE FROM Farhad Manjoo


Related Topics ------------------------------------------

Apple Iphone Smart Phones