Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Browser flaw opens iPhone to attack
Published: 2007-07-23

A major flaw in the Apple iPhone's browser opens the device to attack through a malicious wireless access point or Web server, the security firm that discovered the vulnerability announced on Monday.

Because of some poor security choices in the phone's design, an attacker could install code to steal any and all data on the iPhone by exploiting a flaw in Apple's MobileSafari browser, the company, Independent Security Evaluators, said in a general analysis of the issue. An attack could use a link sent through e-mail or by an SMS (short message service) text message, or use an attacker-controlled wireless access point to execute a man-in-the-middle to redirect the iPhone's browser to the malicious code.

"We only retrieved some of the personal data but could just as easily have retrieved any information off the device," the company's analysis stated.

The exploit developed by Independent Security Evaluators takes advantage of a number of security weaknesses in the iPhone, the company stated. The worst issues is that all the device processes run with full administrator privileges. Moreover, the phone does not use address layout randomization and non-executable heaps to make exploitation more difficult, the firm's analysis said.

Released at the end of June, the Apple iPhone immediately came under scrutiny by security researchers and consumer electronics' hackers. Within days, noted Apple and DVD hacker Jon Lech Johansen found a way to turn on certain functions of the phone without going through the activation process. Other hackers discovered ways to make the file system accessible to non-Apple programmers.

Charles Miller, a security researcher with Independent Security Evaluators, plans to reveal the full details of the attack at the Black Hat Security Briefings in Las Vegas on August 2.

If you have tips or insights on this topic, please contact SecurityFocus.

CORRECTION: The original article did not include Charles Miller's full name or affiliation.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus