TEST

Three security researchers claimed Sunday that they have found the first exploitable vulnerability in Apple's iPhone, a flaw that allows them to steal any data from the device or even to turn it into a remote surveillance tool.

The trio -- Charles Miller, formerly with the National Security Agency; Jake Honoroff; and Joshua Mason of Baltimore-based Independent Security Evaluators (ISE) -- have notified Apple of the vulnerability and given the company less than two weeks to fix the bug before Miller presents more information at the Black Hat conference on Aug. 2.

According to a paper posted by the three, they rooted out a vulnerability in the iPhone's version of Safari using "fuzzing" tools and wrote a proof-of-concept exploit that can be delivered from a malicious Web site or using "man in the middle" tactics to trick users into connecting to a malicious wireless access point.

Once the exploit runs, it's essentially game over, the researchers said: The iPhone is owned. "In our proof of concept, this code reads the log of SMS messages, the address book, the call history and the voicemail data," the researchers wrote on the ISE site. "It then transmits all this information to the attacker."

According to a paper posted by the three, they rooted out a vulnerability in the iPhone's version of Safari using "fuzzing" tools and wrote a proof-of-concept exploit that can be delivered from a malicious Web site or using "man in the middle" tactics to trick users into connecting to a malicious wireless access point.

Once the exploit runs, it's essentially game over, the researchers said: The iPhone is owned. "In our proof of concept, this code reads the log of SMS messages, the address book, the call history and the voicemail data," the researchers wrote on the ISE site. "It then transmits all this information to the attacker."

According to a paper posted by the three, they rooted out a vulnerability in the iPhone's version of Safari using "fuzzing" tools and wrote a proof-of-concept exploit that can be delivered from a malicious Web site or using "man in the middle" tactics to trick users into connecting to a malicious wireless access point.

Once the exploit runs, it's essentially game over, the researchers said: The iPhone is owned. "In our proof of concept, this code reads the log of SMS messages, the address book, the call history and the voicemail data," the researchers wrote on the ISE site. "It then transmits all this information to the attacker."

According to a paper posted by the three, they rooted out a vulnerability in the iPhone's version of Safari using "fuzzing" tools and wrote a proof-of-concept exploit that can be delivered from a malicious Web site or using "man in the middle" tactics to trick users into connecting to a malicious wireless access point.

Once the exploit runs, it's essentially game over, the researchers said: The iPhone is owned. "In our proof of concept, this code reads the log of SMS messages, the address book, the call history and the voicemail data," the researchers wrote on the ISE site. "It then transmits all this information to the attacker."

According to a paper posted by the three, they rooted out a vulnerability in the iPhone's version of Safari using "fuzzing" tools and wrote a proof-of-concept exploit that can be delivered from a malicious Web site or using "man in the middle" tactics to trick users into connecting to a malicious wireless access point.

Once the exploit runs, it's essentially game over, the researchers said: The iPhone is owned. "In our proof of concept, this code reads the log of SMS messages, the address book, the call history and the voicemail data," the researchers wrote on the ISE site. "It then transmits all this information to the attacker."

Schedule

Footer

Upcoming Events

TEST

Related News

Related Videos

Promotional Background Photo

Footer