Apple iPhone
Researchers have uncovered more problems with the design and implementation of security on the iPhone

Remote control flaw found in iPhone

Attackers could take complete control of the platform

Written by Iain Thomson

vnunet.com, 23 Jul 2007

A team of security researchers in the US claims to have found a flaw in Apple's iPhone that could allow a hacker to take complete control of the device via Wi-Fi.

Independent Security Evaluators, headed by a former professor at Johns Hopkins University, found the hole last week, developed a patch and alerted Apple to the problem. 

Advertisement

"There are serious problems with the design and implementation of security on the iPhone," said the company in a Security Evaluation paper (PDF) on the flaw. 

"The most glaring is that all processes of interest run with administrative privileges. This implies that a compromise of any application gives an attacker full access to the device."

The exploit uses a web page with malware built in that can access the phone via the Safari browser.

This can either be used to force the phone to send personal information stored in its files or to take control of the device and make it place outgoing calls to other numbers.

"Unfortunately, once an iPhone application is breached by an attacker, very little prevents the attacker from obtaining complete control of the system," the team said.

"Additionally, no address randomisation is used in by the operating system. This means that each time a process runs, the stack, heap and executable code is located at precisely the same spot in memory. This helps attackers write reliable exploit code."

Experts have already warned that the phone may be as insecure as a PC because of its powerful operating system, and problems have already been reported with the dialler software

Matt Bancroft, vice president at mobile device management company Mformation, said: "All mobile phones are becoming more powerful, and the iPhone is really a sophisticated mini computer. 

"As we get more powerful mobile devices, it is inevitable that we will get more security issues and threats to mobile devices.

"The key is to manage the device once it is in the hands of the user. Being able to update or patch the security and applications over the air in an ever-changing environment is the way forward."

Tags:

Further reading

Related articles

Related whitepapers

Related jobs

Do you agree?

Have your say on this article

IT white papers

Search vnunet IThound

Top categories

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Watch

Shaun Nichols

19 Dec 2008

2.93 MBPodcast Special: Views from the Valley More...

Podcast image

18 Dec 2008

17.6 MBComputing podcast - the highlights of 2008 More...

Shaun Nichols and Iain Thomson

15 Dec 2008

4.98 MBPodcast Special: Views from the Valley More...

Listen to more

Poll

Communications super-database

Communications super-database

Should the government be allowed to track our emails and internet use?

Previous poll results

Spotlight

CES logo

CES 2009 preview

vnunet.com looks at what is in store for delegates at...  More...

Lotus Notes

IBM unveils Lotus Notes 8.5

Collaboration suite beefs up Mac support and cuts email storage...  More...

Asus Eee Top

Review: Asus Eee Top ET1602 PC

A compact, touchscreen desktop PC best suited for basic computing...  More...

Moto W233 Renew

Motorola launches eco-friendly mobile phone

Moto W233 Renew handset is made out of recycled water...  More...

Primary Navigation