So, some of you camped out for your new toy, others ordered it online. Many of you devoted much time covering the gadget until you were blue in the face. Look- the iPhone is undoubtedly cool… I’m all for shiny toys that make noise. But for all of you Mac Hipsters who have made fun of my loyalty to the PC (you know who you are), guess what- your iPhone is has been caught with its pants down…
The Independent Security Evaluators out of Maryland has exposed the “serious problems with the design and implementation of security on the iPhone“. Multiple separate hacks were made. First, ISE used an unmodified iPhone to “surf to a malicious HTML document they had created. When this page was viewed, the payload forced the iPhone to make an outbound connection to a server that the researchers controlled. The compromised iPhone then sent personal data including SMS text messages, contact information, call history and voicemail information over the connection.” Uh oh- I see London, I see France…
The second vulnerability found was the ability of the hackers to “perform so-called ‘physical actions’ on the iPhone. Using their iPhone to visit a second malicious web page, they forced the device to ‘vibrate for a second’.”
Other hacks:
*because apps run with admin priviledges, “a compromise of any application gives an attacker full access to the device”
*“premium-rate rogue-dialler fraud”
*transforms an iPhone into a bugging device
*wirless Internet used to hack and store dialed numbers, texts etc. for later use
So, what’s next? Well, for me, I’m sticking with my ol’ Sprint phone. ISE shows that I can hack admin priviledges to your iPhone and use your e-Key to enter homes when that function becomes available (remember, it’s a sleeper hack… I can come back whenever I want to access your iPhone). Or, if I’m a jerk competitor, I can text your buyers telling them the house is no longer available and they smell like garlic and you refuse to work with them, or when I get bored, I can call your wife and tell her that I caught you with another woman. Uh oh, I see London, I see France…
Apple has likely been aware of ISE’s project for some time and are working on a fix, but this never should have been an issue in the first place. iPhone users are left hanging, especially Realtors who handle sensitive information. What about dignitaries, politicians, any government offical, homeland security officers, famous movie stars, musicians, athletes or Steve Jobs?
**********
Top 13 iPhone articles (from Jay Thomspon & Greg Swann… thanks, geeks guys!):
This is Not About the iPhone…
Apple’s New iPhone
Realtor.org’s inner-geeks peer into the iPhone
The iPhone is excellent, but its missing features give laptop computers a reprieve — for now
With the iPhone is Apple’s Steve Jobs placing a collect call to the entire wireless communications industry?
The iPhone is not just a phone, it’s the perfect mobile convergence device for cyberstalkers
iPhone may herald a whole new way to shop for homes
The big iDea: iPhone could spawn a host of new products
A contrary point of view: “Apple iPhone debut to flop, product to crash in flames”
iPhone reviews begin to appear: A strong win with caveats
The sweet euphony of iPhone news . . .
Apple iPhone round-up . . .
Time mag on the iPhone . . .
Greg Swann says:
Good on ya, Lani. This is why we are not early-adopters of new technology. We always wait for the shake-out of mission-critical tools. The good news is, because of all the attention it has gotten, these kinds of problems will be discovered in the iPhone. What vulnerabilities do we have in our current cell phones? We won’t know until a hacker exploits them, because security researchers aren’t interested in mere telephones.
July 23, 2007 — 5:44 pm
Lani Anglin says:
My husband always says, “we’re on the trailing edge of technology”… safer and cheaper!
July 23, 2007 — 5:49 pm
J. Ferris says:
Far be it for me to be the Mac fanatic here but your PC allegiance exposes you to far more hacks, viruses and spyware than the iPhone will. That goes for Macs too. π
July 23, 2007 — 6:05 pm
Lani Anglin says:
True, J.Ferris, but, at least my TELEPHONE is not leaking pentagon intelligence while I’m talking to my mom about Desperate Housewives. π
Computers are known to be hacked- that’s why we have a plethora of safeguards crammed down our throats. As Greg said, we’re talking about “mere telephones.” If you’re going to morph a phone into an Optimus Prime iPhone, you should probably warn consumers that this fuzzy phone is at high risk, and be prepared to release the safeguards granted our computers.
July 23, 2007 — 6:24 pm
J. Ferris says:
haha indeed. Macs are pretty safe all around though. I have a Motorola Q which runs Windows Mobile 5 (an utter nightmare of a buggy, crappy operating system) and would gladly take an iPhone with OS X, hackers and all, rather than live another day with this thing. That being said AT&T doesn’t service my area at all so I’m out of luck until they do. The good news is they are buying Dobson Communications, owners of Cellular One. They have full coverage of my entire county so AT&T will be here once the merger goes through. You have NO idea how overjoyed I am about this!
July 23, 2007 — 10:39 pm
Morgan Brown says:
I would argue that my cell phone contact list is of far less import than the monumental amount of confidential, sensitive information found on my PC. While I may be open to text-message “garlic” attacks on my iphone I am surely open to much larger transgressions against my private data via a simple internet connection and my swiss cheese PC operating system.
Traditional cell phones have some amazing security flaws and associated hacks as well. Bluetooth opened up a whole range of phone-hijacking scenarios that are quite interesting. And I’m sure Paris Hilton would tell you that other models tend to have some security flaws as well. http://www.securityfocus.com/columnists/310
I am neither pro-Mac nor a Gates-follower; but they both have their strengths and weaknesses. The iPhone is cool, and if I get caught with my pants down it won’t be the first time and if someone gets my contact list, well at least it wasn’t my Quickbooks file.
Long live early adopters!
July 24, 2007 — 12:29 am
Todd Carpenter says:
“Using their iPhone to visit a second malicious web page, they forced the device to ‘vibrate for a second’.”
Depending on the page being visited, if they could get it to vibrate for more than a second, Apple could spin this weakness into a feature! :p
July 24, 2007 — 12:31 am
Mike Elliott says:
Ah, the laws of unintended consequences. Reminds me of the old Palm Pilot exploits we used to put into play 10 years ago (yes, I’m beginning to feel old).
July 24, 2007 — 6:53 am
scott schmitz says:
The iPhone is a mini computer. Like a mini-computer it’s upgradable. So, it’s not like the tainted pet-food from China where you thriw it away. Instead, wait and there will be an upgrade.
Scott Schmitz
RealOrganized, Inc.
BTW RealtyJuggler Desktop runs great on the iPhone.
July 24, 2007 — 11:23 am