Researchers hack into iPhone via Web

[javaguru]

http://news.yahoo.com/s/ap/20070724/ap_on_hi_te/iphone_hack;_ylt=Ainus7DVKUtbS8.6ddxmHz7MWM0F

By PETER SVENSSON, AP Technology Writer
Tue Jul 24, 7:44 AM ET



NEW YORK - Hackers could take control of an iPhone if its owner visits a doctored Web site or Internet hotspot, security researchers reported Monday.

The vulnerability of the vaunted device, Apple Inc.'s first cell phone, is only theoretical for now. There are no reports of criminals actually taking advantage of the security glitch to remotely access an iPhone.

But if it were exploited, hijacked iPhones could be very useful to the same gangs that take over personal computers and use them to disseminate spam, said Charlie Miller, principal security analyst at Independent Security Evaluators, which discovered the flaw.

"You could have a million iPhones dialing the company's main line and overwhelm it that way," Miller said.

In addition, hijacked iPhones could be used to send spam by cell-phone text message, which computers generally can't. Any personal data on the phones, such as private phone numbers and text messages, would be accessible as well.

The flaw applies not only to the iPhone, which was launched just three weeks ago, but also to Apple computers running Mac OS and the company's Safari Web browser, a version of which comes with the iPhone. It does not affect Safari running on Microsoft Corp.'s Windows systems.

The researchers at Baltimore-based ISE haven't released the specifics of the vulnerability to the public, but have provided details to Apple and supplied the company with a patch, a software update for plugging the hole.

On Aug. 2, Miller will present details of the flaw at the Black Hat USA hacker conference in Las Vegas and online. That will make it easier for criminals to replicate the exploit, but he stressed that it should also be easy for Apple to release a patch to all its users before then. The iPhone and Macintosh computers are configured to receive software updates automatically from Apple.

"Hopefully, on Aug. 2, nothing happens: we release the information, everyone's patched and that's it," Miller said.

Apple spokeswoman Lynn Fox said Apple is looking into ISE's report, but would not say if there are plans for a patch.

"We always welcome feedback on our security," Fox said.

Miller said the flaw did not necessarily reflect badly on Apple.

"I'm sure that if you put any sort of mobile device that's complex enough in front of me, we'd find pretty much the same thing," he said. At the same time, "the security of the iPhone is not as good as the security of the Mac desktop, and I think that's something they need to work on."

Miller and the rest of the ISE team, which included Jake Honoroff and Joshua Mason, discovered holes in the security of the iPhone within minutes of getting their hands on their boss' phone.

"He didn't really want to let us do it, but eventually he gave in, and we poked around with it for a few minutes, and already saw some things that could make the programs crash," Miller said.

Their technique, called "fuzzing," involves sending lots of random or improperly formatted data to a device, and noting what causes crashes or other problems that could be openings to sending code that takes over the device.

To protect an iPhone against this and similar future vulnerabilities, the ISE team recommends that users only visit sites they trust, not open Web sites from e-mails and not use unfamiliar Wi-Fi hotspots.

 

[jh1]

shocking

 

[javaguru]

shocking

A lot of people are operating under the assumption that using an Apple product , OS or Iphone, to surf the web is 100% safe.

 

[jh1]

A lot of people are operating under the assumption that using an Apple product , OS or Iphone, to surf the web is 100% safe.

Same douche nips that think that getting a Mac makes them invulnberable to viruses and other malware.

Nigga... Please.

Even when their OS was Mac and not skinned Linux it was vulnerable, just as if not more than any other - but because there was a total of like 10-20 on the intertubes - very few viruses existed for them *IN THE WILD* because they weren't a worthy target. That doesn't make them any more secure. Security by obscurity is moronic.

 

[jack sparrow]

I got a mac, but I still protect it like it was a windoze machine. It's still a target, and will be an even bigger target in the future.

 

[Freddie de Lux]

Are they able to cover the iphone with Swarovski crystals? I have not bought one yet because I have not found someone who will do that, and I love my blingged out Razr.

 

[Cal_21]

Are they able to cover the iphone with Swarovski crystals? I have not bought one yet because I have not found someone who will do that, and I love my blingged out Razr.

They decked mine own with broken glass so I'd feel tuff

 

[KBEKQT]

The vulnerability of the vaunted device, Apple Inc.'s first cell phone, is only theoretical for now. There are no reports of criminals actually taking advantage of the security glitch to remotely access an iPhone.

but by all means, let's write about it to give the geniuses the idea!

 

[jh1]

but by all means, let's write about it to give the geniuses the idea!

They're all over it, always have been, always will be...

Not writing about it only allows the public to go on thinking everything is secure.

 

[mrplunkey]

iphones are still the shiznit. I love mine.

 

[KBEKQT]

They're all over it, always have been, always will be...

Not writing about it only allows the public to go on thinking everything is secure.

True...I was feeling facetious...

 

[javaguru]

Same douche nips that think that getting a Mac makes them invulnberable to viruses and other malware.

Nigga... Please.

Even when their OS was Mac and not skinned Linux it was vulnerable, just as if not more than any other - but because there was a total of like 10-20 on the intertubes - very few viruses existed for them *IN THE WILD* because they weren't a worthy target. That doesn't make them any more secure. Security by obscurity is moronic.

LOLLOLOOL...I was working a trade show for my company when I overheard a lecture about the invulnerabilities of the AS/400 to the virus....who the fuck would write an AS/400 virus....

 

[redsamurai]

iphones are still the shiznit. I love mine.

god you're a capitalist whore.............you really paid $600 for that thing? Look, I don't care if I had Bill Gates money.........I'm not paying apple $600 for a first run product that I FUCKING KNOW IS GOING TO BE FUCKED IN SOME WAY BECAUSE THAT"S HOW APPLE ROLLS!!! Is the desire to consume so intense that product quality and integrity is some vague nebulous notion of the "stone ages"?? I guess I'm just really not a good capitalist............that or I'm fucking smart and read consumer reports which say theirs other phones out there like the Nokia E70 that do everything the iphone does and more, and cost's 50% less. But I won't buy that one either............I won't buy a phone that hooks up to the net.........I have no use for that like ever.........and it's just a backdoor for hackers, or the government............to exploit my shit.

 

[javaguru]

god you're a capitalist whore.............you really paid $600 for that thing? Look, I don't care if I had Bill Gates money.........I'm not paying apple $600 for a first run product that I FUCKING KNOW IS GOING TO BE FUCKED IN SOME WAY BECAUSE THAT"S HOW APPLE ROLLS!!! Is the desire to consume so intense that product quality and integrity is some vague nebulous notion of the "stone ages"?? I guess I'm just really not a good capitalist............that or I'm fucking smart and read consumer reports which say theirs other phones out there like the Nokia E70 that do everything the iphone does and more, and cost's 50% less. But I won't buy that one either............I won't buy a phone that hooks up to the net.........I have no use for that like ever.........and it's just a backdoor for hackers, or the government............to exploit my shit.

I hope it doesn't have a failure rate like the IPod...... dies in six months...so much for Apple reliability. I've heard some bad things about it's storage capacity and speed......

 

[javaguru]

but by all means, let's write about it to give the geniuses the idea!

The "researchers" were hackers that realized they could get paid for doing what they would have done on their own.... Hackers are nerds that want to prove they're smarter than the "system."

 

[redsamurai]

of course it will......it's apple. The are the next sony!! That horseshit with the Ipod battery is like straight out of the sony playbook. And those fuckers dare charge $400? I'll bet money on the iphone being the same...........people are going to be sending that shit in and getting a nice little reply saying they'll need to come out their pockets if they want their $600 fucking dollar phone fixed. Only in this country can a business model like this not only survive, but PROSPER!!! It's inconceivable to me how stupid and trendy people are............people actually waited in line for this like the second coming...........unbeleivable.............and we wonder why people around the world look at us with tilted heads, we're not real people anymore, just little consumer bots that will buy what we're told to buy.

I hope it doesn't have a failure rate like the IPod...... dies in six months...so much for Apple reliability. I've heard some bad things about it's storage capacity and speed......

 

[javaguru]

of course it will......it's apple. The are the next sony!! That horseshit with the Ipod battery is like straight out of the sony playbook. And those fuckers dare charge $400? I'll bet money on the iphone being the same...........people are going to be sending that shit in and getting a nice little reply saying they'll need to come out their pockets if they want their $600 fucking dollar phone fixed. Only in this country can a business model like this not only survive, but PROSPER!!! It's inconceivable to me how stupid and trendy people are............people actually waited in line for this like the second coming...........unbeleivable.............and we wonder why people around the world look at us with tilted heads, we're not real people anymore, just little consumer bots that will buy what we're told to buy.

It's an interesting turn our country has taken.....we're too prosperous for our own good. These days a car is good for 2-3 years before everyone wants a new model....my dad could keep a 15 year old car running for ten for years reliably.

 

[redsamurai]

. These days a car is good for 2-3 years before everyone wants a new model....my dad could keep a 15 year old car running for ten for years reliably.

yeah no shit!! why I only fuck with Jap cars. And yeah, the free market has realized there's no incentive to make something last long anymore..........it's like a pit fight for every last one of our disposable dollars........means we have crap flooding every single market and you can't tell anymore what's good and what's not.

 

[mrplunkey]

god you're a capitalist whore.............you really paid $600 for that thing? Look, I don't care if I had Bill Gates money.........I'm not paying apple $600 for a first run product that I FUCKING KNOW IS GOING TO BE FUCKED IN SOME WAY BECAUSE THAT"S HOW APPLE ROLLS!!! Is the desire to consume so intense that product quality and integrity is some vague nebulous notion of the "stone ages"?? I guess I'm just really not a good capitalist............that or I'm fucking smart and read consumer reports which say theirs other phones out there like the Nokia E70 that do everything the iphone does and more, and cost's 50% less. But I won't buy that one either............I won't buy a phone that hooks up to the net.........I have no use for that like ever.........and it's just a backdoor for hackers, or the government............to exploit my shit.

Wow! So angry. Seek help. And why do I get the feeling the government isn't particularly interested in exploiting your shit?

I've been a Treo 650/700 user for years and the iPhone blows it away. You can launch the damn space shuttle with this thing. Also, it's flatter than a treo so it slips into a pants pocket easily. I also has this combination map/satellite/location lookup service -- it's like 411 on steroids!

Oh... and I know I'm rambling. But it connects to your voicemail, downloads the messages into audio clips, and sorts them in a list. At last! You can see voicemails before listening to each one of them, can replay them in arbitrary order, etc. etc. No more dialing-up voicemail and going through the menus.

 

[redsamurai]

Wow! So angry. Seek help. And why do I get the feeling the government isn't particularly interested in exploiting your shit?

first, I'm not angry bro.....just giving you shit for being a capitalist stooly........

and if you must know, due to my former employment and more specifically my former employers.......I was told by a federal officer that I "most likely" had my phone tapped, along with others I worked with. Also, remember why most people are here at EF in the first place...........it's not for C&C............go look at the first discussion board if you still don't get it. It's a completely legitimate concern...............especially considering that nationwide penalties are going up...........even a little misdemeanor possession charge can drastically effect your future employment. This may not be an issue for you......but for alot of us it is.

I've been a Treo 650/700 user for years and the iPhone blows it away. You can launch the damn space shuttle with this thing. Also, it's flatter than a treo so it slips into a pants pocket easily. I also has this combination map/satellite/location lookup service -- it's like 411 on steroids!

Oh... and I know I'm rambling. But it connects to your voicemail, downloads the messages into audio clips, and sorts them in a list. At last! You can see voicemails before listening to each one of them, can replay them in arbitrary order, etc. etc. No more dialing-up voicemail and going through the menus.

none of this seems to be worth $600. I still don't get why anyone would want to browse the net with some stupid little wallet size box............it's like people have been told it's "so cool"..............but how useful is it really? I can see having some sort of email service which allows you to see possibly important emails on your phone............but just browsing? wtf?

 

[mrplunkey]

first, I'm not angry bro.....just giving you shit for being a capitalist stooly........

Alas... perhaps I can master capitalism as you have an no longer be a "stooly". But for now I guess I'll just tread through life as I do now.

and if you must know, due to my former employment and more specifically my former employers.......I was told by a federal officer that I "most likely" had my phone tapped, along with others I worked with. Also, remember why most people are here at EF in the first place...........it's not for C&C............go look at the first discussion board if you still don't get it. It's a completely legitimate concern...............especially considering that nationwide penalties are going up...........even a little misdemeanor possession charge can drastically effect your future employment. This may not be an issue for you......but for alot of us it is.

1) I didn't need to know.
2) Some people infer self-importance by constructing these elaborate belief structures based on the notion that the government gives a diddly-damn about their personal activities. I'm not saying you're doing that, but perhaps this can be an opportunity for some self-examination and introspection.

none of this seems to be worth $600. I still don't get why anyone would want to browse the net with some stupid little wallet size box............it's like people have been told it's "so cool"..............but how useful is it really? I can see having some sort of email service which allows you to see possibly important emails on your phone............but just browsing? wtf?

Browsing is only a tiny piece of the puzzle. Personally I think having my voicemails automatically downloaded as sound snipits and organized by caller where I can thumb through them even if I have no service at the moment is worth $600 alone.

Then there's the ipod function and seamless integration with itunes... so sweet.

Then their map/satellite function... it's the shit. You can type something like "Land Rover" and sure enough a little push-pin drops on a map of knoxville almost instantly where you can expand it and see the address and phone number.

Oh and stock trackers, weather services, a killer mail client, etc. etc. This thinkg crushes a Treo and I've always loved those devices.

Anyway... iPhone > All. Buy one today!!!

 

[javaguru]

I didn't own a mobile phone until two years ago.

 

[redsamurai]

Alas... perhaps I can master capitalism as you have an no longer be a "stooly". But for now I guess I'll just tread through life as I do now.

it's not easy disassociating yourself from pure carnal consumerism............but keep working at it and you'll free yourself of the "stooly" moniker. So hopefully the next time apple puts out some half assed gizmo that's assured to break down long before it's ammortized itself...............you'll stay home and wait for later flights of same product.

2) Some people infer self-importance by constructing these elaborate belief structures based on the notion that the government gives a diddly-damn about their personal activities. I'm not saying you're doing that, but perhaps this can be an opportunity for some self-examination and introspection

.

I worked for very wealthy Italians..........and that's my final word on this, again........no wrong doing on my part.........ever.................but working for people who are constantly being looked at by the feds............being someone who delivers them very large sums of money.................will get you looked at. No self importance here...........I didn't like it because it made me think twice about "other" activities that I liked to do.............like what is being discussed in discussion board number one on this site..................do you feel me now?

Browsing is only a tiny piece of the puzzle. Personally I think having my voicemails automatically downloaded as sound snipits and organized by caller where I can thumb through them even if I have no service at the moment is worth $600 alone.

really?......that's worth $600 to you?

Then there's the ipod function and seamless integration with itunes... so sweet.

see that's almost the dealbreaker for me..............I HATE ITUNES!!! Itunes fucks with your music files..............happened to all my friends..........shit get's deleted out of your folders for no fucking reason. Case in point.........my ipod just broke a few weeks ago.........so the other day I was looking to backup all my song files to a detachable HD. I hadn't looked at this folder in ages because all of it was on my ipod...................well fuck me was there shit missing.............I mean was there ever. Shit I KNOW i didn't fucking erase.

Then their map/satellite function... it's the shit. You can type something like "Land Rover" and sure enough a little push-pin drops on a map of knoxville almost instantly where you can expand it and see the address and phone number.

let me guess...........you're one of those guys that can't even take a one tank trip anymore without GPS huh? I raz my dad about his acura all the time...............what happened to men who could find their way around the country just by looking up at the position of the sun or the allignment of the stars? There's no grown ass men anymore unfortunately.
Oh and stock trackers, weather services, a killer mail client, etc. etc. This thinkg crushes a Treo and I've always loved those devices.

Anyway... iPhone > All. Buy one today!!!

no.................................................does that upset you? does it irk you that I simply disavow the need for everything new and impulsive? I'll consider an iphone when two things happen...............A) it comes down in price like a mother........no fucking phone is worth more than a new video game system.....that's just ridiculous B) it has a year or two of TOTAL RELIABILITY under it's belt till then the iphone can lick my taint and swirl my balls..............peace

 

[Spartacus]

Security by obscurity is moronic.

nice

 

[JumpBallWinner]

I like text messages

 

[mrplunkey]

it's not easy disassociating yourself from pure carnal consumerism............but keep working at it and you'll free yourself of the "stooly" moniker. So hopefully the next time apple puts out some half assed gizmo that's assured to break down long before it's ammortized itself...............you'll stay home and wait for later flights of same product.

Yeah... apple is such a terrible company. Maybe if a visionary, get-things-done kinda guy such as yourself ran it... just maybe... then it could be world class!

I worked for very wealthy Italians..........and that's my final word on this, again........no wrong doing on my part.........ever.................but working for people who are constantly being looked at by the feds............being someone who delivers them very large sums of money.................will get you looked at. No self importance here...........I didn't like it because it made me think twice about "other" activities that I liked to do.............like what is being discussed in discussion board number one on this site..................do you feel me now?

Oh! I "feel" you now. See, I'm a double-sekrit ninja CIA operative too! My cufflinks shoot paralysis darts and my ball point pen doubles as a remote control for my Astin Martin Vanquish. I would tell you more about my work, but lives hang in the balance and loose lips sink ships. Of course, I'm sure you understand.

really?......that's worth $600 to you?

Yup. I typically make and receive 40-60 calls a day each. During my peak times (9:30-11:30 am) I usually get more calls and vmails than I can process. So I use my afternoons to sort-through and prioritize things.

see that's almost the dealbreaker for me..............I HATE ITUNES!!! Itunes fucks with your music files..............happened to all my friends..........shit get's deleted out of your folders for no fucking reason. Case in point.........my ipod just broke a few weeks ago.........so the other day I was looking to backup all my song files to a detachable HD. I hadn't looked at this folder in ages because all of it was on my ipod...................well fuck me was there shit missing.............I mean was there ever. Shit I KNOW i didn't fucking erase.

OMG its an apple conspiracy to deny you access to music! My guess is they've flagged you as a malcontent based on what you post here on the EF site, traced your IP, cross-referenced it back to your apple username, and sekritly flagged your itunes client with the "randomly delete shit" option! Damn those apple guys.

let me guess...........you're one of those guys that can't even take a one tank trip anymore without GPS huh? I raz my dad about his acura all the time...............what happened to men who could find their way around the country just by looking up at the position of the sun or the allignment of the stars? There's no grown ass men anymore unfortunately.

Yeah, but if you were a real man you'd be accessing the EF board using a serial line and decoding the signal by hand instead of using one of those new-fangled computers to do it for you. So I put the question back to you, where HAVE the real men gone?

Oh and stock trackers, weather services, a killer mail client, etc. etc. This thinkg crushes a Treo and I've always loved those devices.

Still having trouble with that tricky QUOTE tags, eh? Some things never change.

no.................................................does that upset you? does it irk you that I simply disavow the need for everything new and impulsive? I'll consider an iphone when two things happen...............A) it comes down in price like a mother........no fucking phone is worth more than a new video game system.....that's just ridiculous B) it has a year or two of TOTAL RELIABILITY under it's belt till then the iphone can lick my taint and swirl my balls..............peace

No, I'm not upset at all. It actually comforts me to know I'll always be ahead of some people technologically simply due to their beliefs. As competitive as today's environment is, it's nice to know there are a few easy wins left.

Oh... and your standard is "more than a new video game system"? Do you mean to tell me you're comparing a phone, which is a business productivity tool, to a console gaming system? Now *that* is too funny. I feel guilty about even having this discussion with you now because it's probably detracting from your Playstation time.

 

[Spartacus]

gonna be a good thread

 

[javaguru]

Allthewhey needs to post a cat hacking your Iphone....