cybermage's Journal: iPhone Cracked/Hacked

A group of researchers working for a company called Independent Security Evaluators have managed to crack/hack their way into iPhones using either WiFi or malicious code on sites visited by the iPhone's web browser.

The New York Times has the story (registration required) of the groups effort.

Although Apple built considerable security measures into its device, said Charles A. Miller, the principal security analyst for the firm, "Once you did manage to find a hole, you were in complete control." The firm, based in Baltimore, alerted Apple about the vulnerability this week and recommended a software patch that could solve the problem.

The firm demonstrated the flaw to the NY Times reporter, showing the phone handing over files in response to malicious code on a site they setup to prove the exploit. They are putting up a site that explains the exploit at http://www.exploitingiphone.com/.

A spokesperson for Apple says they're reviewing the report from ISE and that they take security very seriously.

ISE has been working on finding security holes in Safari for some time and were planning to reveal an exploit when it occurred to them to see if the exploit existed in the version of Safari on the iPhone. It apparently does.

Reprinted with permission from Mia Mobi.