A team of computer security consultants say they have found a flaw in Apple's popular new iPhone that allows them to take control of the device.
The researchers, working for Independent Security Evaluators (ISE), a company that tests its clients' computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.
"Once you did manage to find a hole, you were in complete control," said Charles Miller, the principal security analyst for the firm.
The company, based in Baltimore, alerted Apple about the vulnerability this week and recommended a software patch that could solve the problem.
"Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," Apple spokeswoman Lynn Fox said. "We're looking into the report submitted by ISE and always welcome feedback on how to improve our security," she said.
The company said there was no evidence that this flaw had been exploited or that users had been affected, and it knew of no other exploits of this nature.
Miller, a former employee of the National Security Agency who has a doctorate in computer science, demonstrated the hack to a reporter by using his iPhone's Web browser to visit a Web site of his own design.
Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages -- including one that had been sent to the reporter's mobile phone moments before -- as well as telephone contacts and e-mail addresses.
"We can get any file we want," he said.
Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.
Steven Bellovin, a professor of computer science at Columbia University, said: "This looks like a very genuine hack."
Bellovin, who was for many years a computer security expert at AT&T Labs Research, said the vulnerability of the iPhone was an inevitable result of the long-anticipated convergence of computing and telephony.
"It's not the end of the world; it's not the end of the iPhone," he said, any more than the regular revelations of vulnerabilities in computer browser software have killed off computing. "It is a sign that you cannot let down your guard. It is a sign that we need to build software and systems better."
Details on the vulnerability, but not a step-by-step guide to hacking the phone, could be found at www.exploitingiphone.com, which the researchers said would be unveiled yesterday.
Hackers around the world have been trying to unveil the secrets of the iPhone since its release last month; most have focused their efforts on unlocking the phone from its sole wireless provider, AT&T, and getting unauthorized programs to run on it. The iPhone is a closed system that cannot accept outside programs and can be used only with the AT&T wireless network.
Some of those hackers have posted bulletins of their progress on the Web. A posting went up on Friday that a hacker going by the name of "Nightwatch" had created and started an independent program on the phone.
The ISE researchers were able to crack the phone's software in a week, said Aviel Rubin, the firm's founder and the technical director of the Information Security Institute at Johns Hopkins University.
Rubin said the research was not intended to show that the iPhone was necessarily more vulnerable to hacking than other phones, or that Apple products were less secure than those from other companies.
"Anything as complex as a computer -- which is what this phone is -- is going to have vulnerabilities," he said.
There are far more viruses, worms and other malicious software affecting Windows systems than Apple systems. But Rubin said that Apple products have drawn fewer attacks because the computers have fewer users, and hackers reach for the greatest impact.
"Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows," he said. "The other 5 percent have enjoyed a honeymoon that will eventually come to an end."
MORE VISITORS: The Tourism Administration said that it is seeing positive prospects in its efforts to expand the tourism market in North America and Europe Taiwan has been ranked as the cheapest place in the world to travel to this year, based on a list recommended by NerdWallet. The San Francisco-based personal finance company said that Taiwan topped the list of 16 nations it chose for budget travelers because US tourists do not need visas and travelers can easily have a good meal for less than US$10. A bus ride in Taipei costs just under US$0.50, while subway rides start at US$0.60, the firm said, adding that public transportation in Taiwan is easy to navigate. The firm also called Taiwan a “food lover’s paradise,” citing inexpensive breakfast stalls
TRADE: A mandatory declaration of origin for manufactured goods bound for the US is to take effect on May 7 to block China from exploiting Taiwan’s trade channels All products manufactured in Taiwan and exported to the US must include a signed declaration of origin starting on May 7, the Bureau of Foreign Trade announced yesterday. US President Donald Trump on April 2 imposed a 32 percent tariff on imports from Taiwan, but one week later announced a 90-day pause on its implementation. However, a universal 10 percent tariff was immediately applied to most imports from around the world. On April 12, the Trump administration further exempted computers, smartphones and semiconductors from the new tariffs. In response, President William Lai’s (賴清德) administration has introduced a series of countermeasures to support affected
CROSS-STRAIT: The vast majority of Taiwanese support maintaining the ‘status quo,’ while concern is rising about Beijing’s influence operations More than eight out of 10 Taiwanese reject Beijing’s “one country, two systems” framework for cross-strait relations, according to a survey released by the Mainland Affairs Council (MAC) on Thursday. The MAC’s latest quarterly survey found that 84.4 percent of respondents opposed Beijing’s “one country, two systems” formula for handling cross-strait relations — a figure consistent with past polling. Over the past three years, opposition to the framework has remained high, ranging from a low of 83.6 percent in April 2023 to a peak of 89.6 percent in April last year. In the most recent poll, 82.5 percent also rejected China’s
PLUGGING HOLES: The amendments would bring the legislation in line with systems found in other countries such as Japan and the US, Legislator Chen Kuan-ting said Democratic Progressive Party (DPP) Legislator Chen Kuan-ting (陳冠廷) has proposed amending national security legislation amid a spate of espionage cases. Potential gaps in security vetting procedures for personnel with access to sensitive information prompted him to propose the amendments, which would introduce changes to Article 14 of the Classified National Security Information Protection Act (國家機密保護法), Chen said yesterday. The proposal, which aims to enhance interagency vetting procedures and reduce the risk of classified information leaks, would establish a comprehensive security clearance system in Taiwan, he said. The amendment would require character and loyalty checks for civil servants and intelligence personnel prior to
RSS