iPhone In The Line Of Fire

Tuesday, July 3, 2007

It took a couple of days to finally get the iPhone service activated.  But as soon at they got it working, it took researchers at Errata Security only a few minutes to find multiple security vulnerabilities in the iPhone.  So far, Errata has found three main flaws in the long-awaited and much-hyped mobile phone/music/video player/mobile Web/email client device: a heap overflow bug in its Safari browser; a potential denial-of-service bug in its Bluetooth feature; and a data “seepage” bug that could cause seemingly innocuous data to be exposed by chatty client applications over a WiFi connection…..Even so, the iPhone, which is based on a version of OS X, is actually more secure than other mobile phones because it has a system for updating and patching it: iTunes…..A lack of simple patching capabilities has been a major problem in the mobile industry…..Interfacing with iTunes will make this process simple for iPhone users, but it also opens another potential attack venue : if the mobile device gets compromised, would it be a great leap to exploit the traditional PC ?…..Although the Safari bug wasn’t really a surprise, it’s probably the most critical of the bugs Errata has found so far.  Just by visiting a [malicious] Website, you can have your iPhone broken into… and taken over.  All it takes is a spam or SMS message luring the user to a malicious link…..And like any wireless device, the iPhone is susceptible to what is dubbed as “data seepage,” which can be confirmed using the Ferret tool that sniffs WiFi traffic.  If you’ve got a mobile phone, and you walk by a wireless access point it likes the name of, it will connect you to it and disclose all about you without your being aware you’re on WiFi.   It has all of the same problems Mac notebooks have.  Security researchers expect iPhone to have lots of security flaws because it’s a high-profile device, and because of its Mac OS X ties.  “There will be more iPhone vulnerabilities found than in all the other mobile phones put together,” predicts Graham (Errata CEO). “But in reality, it’s [the iPhone] more secure.”…..The iPhone’s Web browser, unlike other mobile devices, is basically a full-featured Safari application.  That’s neat for the user but it also poses a number of security risks……

Reference : http://www.darkreading.com/document.asp?doc_id=128169

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: