iPhone Is A Bigger Security Risk Than You Think

As a result, there are a number of ways to exploit the iPhone's defenses. If you know your target's phone number, you could text message a link to a malicious Website, which would covertly install a third-party application executing malicious code. The corollary would be to send your target an e-mail with a nefarious attachment; he clicks on it and the attacker "owns" the phone. Or there's always the "man-in-the-middle" (MITM) attack, which is perhaps the most James Bondian: You sit in, say, Starbucks with a laptop set up, as part of the ruse, to operate as a Wi-Fi access point, so a target's Web browsing and e-mail pass through your computer first. (How can you tell who has an iPhone as opposed to someone with a standard laptop, rival smartphone, or PDA? Simple -- the exploit only works on iPhones.) "This method would allow exploitation of any application that downloads images from the Internet," Moore says. "This covers standard Web-browsing using Safari, but also includes the iTunes Music Store, the YouTube video browser, and the Google Maps application."

"Taking over a PC allows you to install spam distribution servers that shoot out ads," says Daniel Eran Dilger, a San Francisco-based technical consultant and contributing editor to AppleInsider. "There's no real business model behind the kind of spy surveillance imagined by many writers." And Apple (which declined to comment), in its latest patch, inoculated the iPhone against the Metasploit that Farrow used. But in the cat-and-mouse game that hackers and companies like Apple play, you can be sure someone somewhere is hatching up new schemes to hack the iPhone. Perhaps they already have.