A team of computer security consultants say they have found a flaw in Apple's popular new iPhone that allows them to take control of the device.
The researchers, working for Independent Security Evaluators (ISE), a company that tests its clients' computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.
"Once you did manage to find a hole, you were in complete control," said Charles Miller, the principal security analyst for the firm.
The company, based in Baltimore, alerted Apple about the vulnerability this week and recommended a software patch that could solve the problem.
"Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," Apple spokeswoman Lynn Fox said. "We're looking into the report submitted by ISE and always welcome feedback on how to improve our security," she said.
The company said there was no evidence that this flaw had been exploited or that users had been affected, and it knew of no other exploits of this nature.
Miller, a former employee of the National Security Agency who has a doctorate in computer science, demonstrated the hack to a reporter by using his iPhone's Web browser to visit a Web site of his own design.
Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages -- including one that had been sent to the reporter's mobile phone moments before -- as well as telephone contacts and e-mail addresses.
"We can get any file we want," he said.
Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.
Steven Bellovin, a professor of computer science at Columbia University, said: "This looks like a very genuine hack."
Bellovin, who was for many years a computer security expert at AT&T Labs Research, said the vulnerability of the iPhone was an inevitable result of the long-anticipated convergence of computing and telephony.
"It's not the end of the world; it's not the end of the iPhone," he said, any more than the regular revelations of vulnerabilities in computer browser software have killed off computing. "It is a sign that you cannot let down your guard. It is a sign that we need to build software and systems better."
Details on the vulnerability, but not a step-by-step guide to hacking the phone, could be found at www.exploitingiphone.com, which the researchers said would be unveiled yesterday.
Hackers around the world have been trying to unveil the secrets of the iPhone since its release last month; most have focused their efforts on unlocking the phone from its sole wireless provider, AT&T, and getting unauthorized programs to run on it. The iPhone is a closed system that cannot accept outside programs and can be used only with the AT&T wireless network.
Some of those hackers have posted bulletins of their progress on the Web. A posting went up on Friday that a hacker going by the name of "Nightwatch" had created and started an independent program on the phone.
The ISE researchers were able to crack the phone's software in a week, said Aviel Rubin, the firm's founder and the technical director of the Information Security Institute at Johns Hopkins University.
Rubin said the research was not intended to show that the iPhone was necessarily more vulnerable to hacking than other phones, or that Apple products were less secure than those from other companies.
"Anything as complex as a computer -- which is what this phone is -- is going to have vulnerabilities," he said.
There are far more viruses, worms and other malicious software affecting Windows systems than Apple systems. But Rubin said that Apple products have drawn fewer attacks because the computers have fewer users, and hackers reach for the greatest impact.
"Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows," he said. "The other 5 percent have enjoyed a honeymoon that will eventually come to an end."
SECURITY: Taipei presses the US for arms supplies, saying the arms sales are not only a reflection of the US security commitment to Taiwan but also serve as a mutual deterrent against regional threats Taiwan is committed to preserving the cross-strait “status quo” and contributing to regional peace and stability, the Presidential Office said yesterday. “It is an undeniable fact that the Republic of China is a sovereign and independent democratic nation,” Presidential Office spokeswoman Karen Kuo (郭雅慧) reiterated, adding that Beijing has no right to claim sovereignty over Taiwan. The statements came after US President Donald Trump warned against Taiwanese independence. Trump wrapped up a state visit to Beijing on Friday, during which Chinese President Xi Jinping (習近平) had pressed him not to support Taiwan. Taiwan depends heavily on US security backing to deter China from carrying
The subsidiary of Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) in Kumamoto, Japan, turned a profit in the first quarter of this year, marking the first time the first fab of the unit has become profitable since mass production started at the end of 2024. According to the contract chipmaker’s financial statement released on Friday, Japan Advanced Semiconductor Manufacturing Inc (JASM), a joint venture running the fab in Kumamoto, posted NT$951 million (US$30.19 million) in profit in the January-to-March period, compared with a loss of NT$1.39 billion in the previous quarter, and a loss of NT$3.25 billion in the first quarter of
RESOLUTE BACKING: Two Republican senators are planning to introduce legislation that would impose immediate sanctions on China if it attempts to invade Taiwan US House of Representatives Speaker Mike Johnson on Sunday reaffirmed US congressional support for Taiwan, saying the US and “all freedom-loving people” have a stake in preventing China from seizing Taiwan by force. Johnson made the remarks in an interview with Fox News Sunday on US President Donald Trump’s summit with Chinese President Xi Jinping (習近平) last week. In an interview that aired on Friday on Fox News, just as Trump wrapped up a high-stakes visit to China, he said he has yet to green-light a new US$14 billion arms package to Taiwan and that it “depends on China.” “It’s a very good
US President Donald Trump yesterday said he would speak to President William Lai (賴清德) as his administration considers whether to move ahead with a US$14 billion weapons sale to Taiwan — a potential arms deal that has drawn criticism from China. “Well, I’ll speak to him. I speak to everybody,” Trump told reporters yesterday when asked if he had any plans to call his counterpart, although he did not offer a time frame for when such a conversation could take place. Trump previously said he would speak to the person “that’s running Taiwan,” without specifying who he meant. “We have that situation very
RSS