While Apple spent a lot of time and money making sure that the iPhone was safe and secure, there was really no way for them to come out with a product that was 100% hacker-proof.
After the iPhone was released, a group of people at Independent Security Evaluators, a security firm, tried to find a way to make an iPhone vulnerable to hackers. According to a website that they set up for the exploit (www.exploitingiphone.com), it only took two weeks of part time work to discover a vulnerability.
The video below demonstrates how arbitrary code was executed as root. In the video, you’ll notice that sensitive information like SMS messages, the address book, call history, and voicemail data is made available to the hacker.
ISE has contacted Apple about the problem and proposed a patch which they say Apple is looking into. Charles Miller, principal security analyst for ISE says, “Once you did manage to find a hole, you were in complete control.”
I’m sure you don’t want anybody in control of your precious iPhone except you, so what precautions should you take? It’s actually pretty simple, only visit trusted sites and only use WiFi networks that you trust.
Source: New York Times
I’m sure Apple will release a software update any day now, there are a bunch of things that should be fixed and there has also been speculation of a software update since the thing has been out. I think we will see it sometime this week.
I’m sure an update is due, but it would be really impressive if Apple issues an update with this vulnerability fixed that quickly. Normally it takes weeks to fix a vulnerability so that you can create a patch, and test to make sure that it doesn’t open even more holes.