A team of computer security consultants say they have found a flaw in Apple's popular new iPhone that allows them to take control of the device.
The researchers, working for Independent Security Evaluators (ISE), a company that tests its clients' computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.
"Once you did manage to find a hole, you were in complete control," said Charles Miller, the principal security analyst for the firm.
The company, based in Baltimore, alerted Apple about the vulnerability this week and recommended a software patch that could solve the problem.
"Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," Apple spokeswoman Lynn Fox said. "We're looking into the report submitted by ISE and always welcome feedback on how to improve our security," she said.
The company said there was no evidence that this flaw had been exploited or that users had been affected, and it knew of no other exploits of this nature.
Miller, a former employee of the National Security Agency who has a doctorate in computer science, demonstrated the hack to a reporter by using his iPhone's Web browser to visit a Web site of his own design.
Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages -- including one that had been sent to the reporter's mobile phone moments before -- as well as telephone contacts and e-mail addresses.
"We can get any file we want," he said.
Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.
Steven Bellovin, a professor of computer science at Columbia University, said: "This looks like a very genuine hack."
Bellovin, who was for many years a computer security expert at AT&T Labs Research, said the vulnerability of the iPhone was an inevitable result of the long-anticipated convergence of computing and telephony.
"It's not the end of the world; it's not the end of the iPhone," he said, any more than the regular revelations of vulnerabilities in computer browser software have killed off computing. "It is a sign that you cannot let down your guard. It is a sign that we need to build software and systems better."
Details on the vulnerability, but not a step-by-step guide to hacking the phone, could be found at www.exploitingiphone.com, which the researchers said would be unveiled yesterday.
Hackers around the world have been trying to unveil the secrets of the iPhone since its release last month; most have focused their efforts on unlocking the phone from its sole wireless provider, AT&T, and getting unauthorized programs to run on it. The iPhone is a closed system that cannot accept outside programs and can be used only with the AT&T wireless network.
Some of those hackers have posted bulletins of their progress on the Web. A posting went up on Friday that a hacker going by the name of "Nightwatch" had created and started an independent program on the phone.
The ISE researchers were able to crack the phone's software in a week, said Aviel Rubin, the firm's founder and the technical director of the Information Security Institute at Johns Hopkins University.
Rubin said the research was not intended to show that the iPhone was necessarily more vulnerable to hacking than other phones, or that Apple products were less secure than those from other companies.
"Anything as complex as a computer -- which is what this phone is -- is going to have vulnerabilities," he said.
There are far more viruses, worms and other malicious software affecting Windows systems than Apple systems. But Rubin said that Apple products have drawn fewer attacks because the computers have fewer users, and hackers reach for the greatest impact.
"Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows," he said. "The other 5 percent have enjoyed a honeymoon that will eventually come to an end."
GAINING STEAM: The scheme initially failed to gather much attention, with only 188 cards issued in its first year, but gained popularity amid the COVID-19 pandemic Applications for the Employment Gold Card have increased in the past few years, with the card having been issued to a total of 13,191 people from 101 countries since its introduction in 2018, the National Development Council (NDC) said yesterday. Those who have received the card have included celebrities, such as former NBA star Dwight Howard and Australian-South Korean cheerleader Dahye Lee, the NDC said. The four-in-one Employment Gold Card combines a work permit, resident visa, Alien Resident Certificate (ARC) and re-entry permit. It was first introduced in February 2018 through the Act Governing Recruitment and Employment of Foreign Professionals (外國專業人才延攬及雇用法),
WARNING: From Jan. 1 last year to the end of last month, 89 Taiwanese have gone missing or been detained in China, the MAC said, urging people to carefully consider travel to China Lax enforcement had made virtually moot regulations banning civil servants from making unauthorized visits to China, the Control Yuan said yesterday. Several agencies allowed personnel to travel to China after they submitted explanations for the trip written using artificial intelligence or provided no reason at all, the Control Yuan said in a statement, following an investigation headed by Control Yuan member Lin Wen-cheng (林文程). The probe identified 318 civil servants who traveled to China without permission in the past 10 years, but the true number could be close to 1,000, the Control Yuan said. The public employees investigated were not engaged in national
The zero emissions ship Porrima P111 was launched yesterday in Kaohsiung, showcasing the nation’s advancement in green technology, city Mayor Chen Chi-mai (陳其邁) said. The nation last year acquired the Swiss-owned vessel, formerly known as Turanor PlanetSolar, in a bid to boost Taiwan’s technology sector, as well as ecotourism in Palau, Chen said at the ship’s launch ceremony at Singda Harbor. Palauan President Surangel Whipps Jr and Minister of Foreign Affairs Lin Chia-lung (林佳龍) also attended the event. The original vessel was the first solar-powered ship to circumnavigate the globe in a voyage from 2010 to 2012. Taiwan-based Porrima Inc (保利馬) installed upgrades with
ENHANCE DETERRENCE: Taiwan has to display ‘fierce resolve’ to defend itself for China to understand that the costs of war outweigh potential gains, Koo said Taiwan’s armed forces must reach a high level of combat readiness by 2027 to effectively deter a potential Chinese invasion, Minister of National Defense Wellington Koo (顧立雄) said in an interview with the Chinese-language Liberty Times (sister newspaper of the Taipei Times) published yesterday. His comments came three days after US Secretary of State Marco Rubio told the US Senate that deterring a Chinese attack on Taiwan requires making a conflict “cost more than what it’s worth.” Rubio made the remarks in response to a question about US policy on Taiwan’s defense from Republican Senator John Cornyn, who said that Chinese
RSS