Computer security experts at a company called Independent Security Evaluators have discovered a flaw in the iPhone that lets attackers gain full access to the device, potentially making users' private information privy to prying eyes.
The hack -- first reported by John Schwartz in Monday's New York Times -- can be activated through a malicious Web site, a Wi-Fi access point or a link sent to the phone through e-mail or a text message. After it's activated, an attacker can make the phone transmit files or passwords, run up wireless services or even record audio and relay it back to the attacker.
Expect the hack to be fixed promptly. The firm has already sent details of the hack -- and a potential solution -- to Apple, and a company spokeswoman tells the Times that Apple is on the case.
But as Aviel Rubin, the founder of ISE, tells the Times, the flaw only highlights an inevitable corollary to the iPhone's success: "The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back," he says. The iPhone's a complex little machine, and it runs a popular program -- the Safari Web browser -- that security researchers haven't found too safe. Indeed, Charles Miller, a security analyst at ISE, stumbled on the iPhone flaw after finding a similar hole in Safari. In other words, this likely isn't the last security hole someone will find in the iPhone.
Necessary caveat: None of this is to say that any other phone is more secure than the iPhone; probably every phone at your standard cellphone store can be exploited by the likes of Rubin and his crew. Until this hole's sealed, researchers advise iPhone users to visit only Web sites they trust; to use only Wi-Fi networks they trust; and to not open Web links from e-mail messages.
And note what Rubin tells the Times about his iPhone, even knowing what he knows about its security: "You'd have to pry it out of my cold, dead hands to get it away from me."
The world in the iPod
The microchip that runs Apple's popular music player is made in India, Taiwan, China and Silicon Valley. Is this an example of how globalization works to everyone's benefit -- or a sign that the world economy is about to roll over America?
By Andrew Leonard, Salon
iLove it or iHate it
Is Apple's new blue bombshell a hit or a dud?
By Janelle Brown and Scott Rosenberg, Salon
An end to the Apple turnover
Steve Jobs accepts the inevitable -- and embraces the CEO title.
By Lydia Lee, Salon
Steve Jobs' iTunes dance
Now the Apple CEO says he would gladly sell songs without digital restrictions, if the record companies let him. That's hardly a brave defiance, and besides, I don't believe him.
By Cory Doctorow, Salon
Apple's iTunes sells 5 billion songs, but you don't own them
Why DRM means your music isn't really yours.
By Farhad Manjoo, Salon
Steve Jobs’ 2009 letter to the community about his health.
Terse and obfuscatory, this thing is Jobs all over.
Apple's obsession with secrecy grows stronger
Apple’s decision to limit communication with the media, shareholders and the public is at odds with the approach of other companies, which are embracing online outlets like blogs and Twitter.
By Brad Stone and Ashlee Vance, The New York Times
The Untold Story: How the iPhone blew Up the wireless industry
This 4.8-ounce sliver of glass and aluminum is an explosive device that has forever changed the mobile-phone business.
By Fred Vogelstein, Wired
A list of Steve Jobs' best quotes
An example: "The cure for Apple is not cost-cutting. The cure for Apple is to innovate its way out of its current predicament."
By Owen Linzmayer, Wired
The Secret Diary of Steve Jobs
Fake Steve Jobs tells all in this hilarious and often informative act of fraudulent auto-blography.
Apple Announces New iPhone OS 3.1 at Keynote
Good Vibrations Sold Everywhere