2007.07.23 • 07:10 EST

Security researchers find a dangerous iPhone flaw

Computer security experts at a company called Independent Security Evaluators have discovered a flaw in the iPhone that lets attackers gain full access to the device, potentially making users' private information privy to prying eyes.

The hack -- first reported by John Schwartz in Monday's New York Times -- can be activated through a malicious Web site, a Wi-Fi access point or a link sent to the phone through e-mail or a text message. After it's activated, an attacker can make the phone transmit files or passwords, run up wireless services or even record audio and relay it back to the attacker.

Expect the hack to be fixed promptly. The firm has already sent details of the hack -- and a potential solution -- to Apple, and a company spokeswoman tells the Times that Apple is on the case.

But as Aviel Rubin, the founder of ISE, tells the Times, the flaw only highlights an inevitable corollary to the iPhone's success: "The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back," he says. The iPhone's a complex little machine, and it runs a popular program -- the Safari Web browser -- that security researchers haven't found too safe. Indeed, Charles Miller, a security analyst at ISE, stumbled on the iPhone flaw after finding a similar hole in Safari. In other words, this likely isn't the last security hole someone will find in the iPhone.

Necessary caveat: None of this is to say that any other phone is more secure than the iPhone; probably every phone at your standard cellphone store can be exploited by the likes of Rubin and his crew. Until this hole's sealed, researchers advise iPhone users to visit only Web sites they trust; to use only Wi-Fi networks they trust; and to not open Web links from e-mail messages.

And note what Rubin tells the Times about his iPhone, even knowing what he knows about its security: "You'd have to pry it out of my cold, dead hands to get it away from me."

Read comments (6)

Farhad Manjoo is a Salon staff writer covering technology and tech culture. He lives in San Francisco.

E-mail Farhad at
machinist@salon.com

About Machinist

Farhad’s new book, “True Enough: Learning to Live in a Post-Fact Society,” examines propaganda on the Web, cable news and talk radio.

» Order from Amazon

Posts I’ve just read

Coupon queen spends $10/week on family groceries
www.boingboing.net, 2008.05.17
From Atari Joyboard to Wii Fit: 25 years of "exergaming"
gadgets.boingboing.net, 2008.05.17
File Sharing Comes to the iPhone
blog.wired.com, 2008.05.17
The List: The World’s Most Dangerous Gangs
www.foreignpolicy.com, 2008.05.16
When Obama wins....
kottke.org, 2008.05.16
CNets Allure for CBS: Both Are Laggards
bits.blogs.nytimes.com, 2008.05.15
A Bean Bag That Delivers Web Widgets
www.nytimes.com, 2008.05.15
Fast Food: McDonalds Wants To Feed You Fried Chicken For Breakfast
consumerist.com, 2008.05.15
Grad Students Redefine Easy Money With $1-a-Letter Web Site
www.wired.com, 2008.05.15
Christian Warrior is Behind the Obama Smear Video
blog.wired.com, 2008.05.15

Recent Columns

Recent Blog Posts

Salon

Login to Salon Premium

Currently in Salon

Ignore the McCain vs. Obama polls
By Walter Shapiro
A band of gold
By Sara Miles
Critics' Picks

Posts by date

May 2008
SuMoTuWeThFrSa
123
45678910
11121314151617
18192021222324
25262728293031

Subscribe