iPhone Is A Bigger Security Risk Than You Think - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
11/18/2007
04:13 PM
Stephen Wellman
Stephen Wellman
Commentary
50%
50%

iPhone Is A Bigger Security Risk Than You Think

Just when it looked like the iPhone might make headway with the business market, a security expert shows just how vulnerable the iPhone really is to hackers.

Just when it looked like the iPhone might make headway with the business market, a security expert shows just how vulnerable the iPhone really is to hackers.Here is a video with security expert Rik Farrow showing how one might hack an iPhone:

The full article from Fast Company is pretty scary. Here is a look at the findings:

As a result, there are a number of ways to exploit the iPhone's defenses. If you know your target's phone number, you could text message a link to a malicious Website, which would covertly install a third-party application executing malicious code. The corollary would be to send your target an e-mail with a nefarious attachment; he clicks on it and the attacker "owns" the phone. Or there's always the "man-in-the-middle" (MITM) attack, which is perhaps the most James Bondian: You sit in, say, Starbucks with a laptop set up, as part of the ruse, to operate as a Wi-Fi access point, so a target's Web browsing and e-mail pass through your computer first. (How can you tell who has an iPhone as opposed to someone with a standard laptop, rival smartphone, or PDA? Simple -- the exploit only works on iPhones.) "This method would allow exploitation of any application that downloads images from the Internet," Moore says. "This covers standard Web-browsing using Safari, but also includes the iTunes Music Store, the YouTube video browser, and the Google Maps application."

Now, before you go and lock your iPhone in a vault lined with tin foil let me point this out:

"Taking over a PC allows you to install spam distribution servers that shoot out ads," says Daniel Eran Dilger, a San Francisco-based technical consultant and contributing editor to AppleInsider. "There's no real business model behind the kind of spy surveillance imagined by many writers." And Apple (which declined to comment), in its latest patch, inoculated the iPhone against the Metasploit that Farrow used. But in the cat-and-mouse game that hackers and companies like Apple play, you can be sure someone somewhere is hatching up new schemes to hack the iPhone. Perhaps they already have.

What do you think? Are iPhones vulnerable to Metasploit and other hacks? Will we see lots of iPhone users hacked in the next few weeks and months? Or is this just more gloom and doom from security experts?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll