Security experts have found a flaw in the Apple iPhone that allows hackers to take control of the device, the New York Times reported.The researchers test the security of devices by hacking them, found that the Wi-Fi connectivity of the iPhone allowed them to take control of it and mine the wealth of private information the phones contain.
The story quotes Lynn Fox, spokeswoman for Apple, saying, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."
Welcome iPhone:
Shortly Independent Security Evaluators decided to investigate how hard it would be for a remote adversary to compromise the private information stored on the device. Within 2 weeks of part time work they had successfully discovered vulnerability, developed a tool chain for working with the phone’s architecture and created a proof-of-concept exploit capable of delivering files from the user's iPhone to a remote attacker.
We have notified Apple of the vulnerability and proposed a patch. Apple is currently looking into it.
A member of our team, Dr. Charlie Miller, will be presenting the full details creating the exploit at Black Hat on August 2nd.
How the exploit works
There are several delivery vectors that an attacker might utilize to get a victim to open such a web page. Like: An attacker controlled wireless access point: Because the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user by replacing the requested page with a page containing the exploit.
0 Comments Here::
Post a Comment