Related
Internal Links
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
A group of security experts in the United States say they have discovered a flaw in Apple Inc.'s iPhone that can be exploited to allow hackers to take control of the hand-held device.
Baltimore, Md.-based Independent Security Evaluators (ISE) published an explanation of the flaw and its exploitation on a web page on Thursday. A more detailed explanation is to be presented at a conference in early August.
According to ISE security expert Charlie Miller, the exploit is delivered via a malicious web page opened in the Safari web browser on the iPhone. The iPhone user can be tricked into opening the web page either through an attacker controlled wireless access point or a link delivered via e-mail or text message. A modified version of the exploit can also be delivered through a misconfigured forum website.
In order to gain control of the handset through Wi-Fi, or wireless network, the hacker would have to create a network with the same name and encryption method as one the handset already uses. The attacker then substitutes a web page with their own malicious code, Miller wrote.
Once an attacker gains control of the iPhone they could read the iPhone's message log, address book, call history and voice mail information, the ISE report said.
ISE published the exploit as a proof-of-concept and included a number of suggestions for fixing the problem.
Apple's spokesperson Lynn Fox told CBC News: "We're looking into the report from the ISE and always welcome feedback on how to improve our security."
Web-based exploits such as the one detailed are relatively common and require software companies to continuously update their security features to close loopholes in the software.
But because Apple's Safari browser and OS X operating system are used by a small percentage of the personal computing market, the software has traditionally been a less appealing target for hackers.
"The attention the malware community gives a device is directly correlated with the adoption in the marketplace," Symantec director of mobile security Paul Miller told CBC News in May.
"It's not a function of the operating system, it's a case of market penetration," he said.
Security analysts have speculated the iPhone's expected popularity could make the hand-held device — and Apple software in general — a more appealing target.
Apple is expected to release its third quarter results later this week, with much of the attention to focus on the last two days in June when the mobile device was officially launched.
The device, which combines many of the features of a personal computer with those of a mobile phone and digital media player, was released on June 29 in the United States. No Canadian release date for the iPhone has yet been issued.
Share Tools
Top News Headlines
- Everest victim's husband says family not seeking government help
- The husband of a Toronto woman who died trying to climb Mt. Everest on Saturday says his family is not seeking government help to cover the cost of bringing his wife's body home. more »
- B.C. premier unhappy with disgraced Mountie's transfer
- B.C. Premier Christy Clark says she is not happy with the RCMP decision to transfer a disgraced Alberta Mountie to the West Coast. more »
- Henrique's OT goal sends Devils into Stanley Cup final
- The New Jersey Devils will vie for a potential fourth Stanley Cup in franchise history after defeating the New York Rangers in six games in the Eastern final, courtesy of rookie Adam Henrique's goal early in overtime. more »
- Employment Insurance review boards to be scrapped
- The federal government is scrapping two review boards used by people appealing decisions made about their employment insurance. more »
Latest Technology & Science News Headlines
- Unloading of docked SpaceX capsule to start Saturday
- The privately bankrolled SpaceX Dragon capsule made a historic arrival at the International Space Station on Friday, and astronauts will begin unloading some of the 544 kilograms of food, water, clothing and other supplies its carrying starting Saturday. more »
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- Everest victim's husband says family not seeking government help
- B.C. premier unhappy with disgraced Mountie's transfer
- Third B.C. salmon farm quarantined
- What a Greek euro exit could mean for Canada
- RCMP officer charged in fatal crash
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- Reclaiming the dead on Mt. Everest
- Employment Insurance review boards to be scrapped
