iPhones vulnerable to being taken over, hackers contend

Friday, July 31st, 2009

Teresa Smith

Canadian iPhone users may want to think about hanging up for a while if two hacker heavyweights prove they can infiltrate the system and put a worm inside the Apple.

Charlie Miller and Collin Mulliner say they’ve found a security weakness in Apple’s iPhone which would allow a hacker to gain control of the device by sending a single SMS — or text message — and they shared that information Thursday at the 2009 Black Hat security conference in Las Vegas.

At the conference, iPhone users were warned their devices were not entirely secure.

“It’s scary. I don’t want people taking over my iPhone,” Miller, a security analyst with consulting firm Independent Security Evaluators, told Reuters, adding the information they presented at Black Hat will give criminals enough information to develop software to break into iPhones within about two weeks.

Miller — one of the top computer hackers in the U.S. — and Mulliner, a PhD student at Technical University of Berlin, focusing on the security of mobile devices, say they discovered the vulnerability and alerted Apple to the problem, but the computer giant hasn’t come out with any official statement or a security update to combat the problem. Apple didn’t immediately return calls to Canwest News Service Thursday.

Canadian Tech guru Jesse Hirsh says if the hackers have cracked the code, there is little iPhone users can do, for now. Other tech experts suggest iPhone users turn off their device immediately if they see a square box in the body of a text message.

Many mobile phone owners use text messaging daily, so Canadian iPhone users are just as vulnerable as those in the rest of the world, said Hirsh.

Hirsh said the hackers would be able to use the iPhone just as its owner would — they could send e-mails, text messages, surf the Internet and make phone calls. He warned that criminals could access a user’s personal banking information if they have saved passwords into their iPhone.

Hirsh explained the technology could also be used on a wider scale, by accessing an entire network, finding out all the iPhone numbers and sending an automatic, viral SMS to every number. The phones would then respond, and the hacker would potentially have control of at least a few thousand phones, Hirsh said, adding that there’s not much iPhone users can do aside from putting their phone away until Apple comes up with a solution.

“It’s Apple’s job to fix this, not the individual user,” he said.

Hirsh says this incident demonstrates that all technology, at some point, is fundamentally insecure and today, it’s Apple’s turn to squirm.

He’s confident Apple will fix the problem, but said another hacker will come along soon to highlight yet another weakness in new technologies.

“It’s a perpetual cat-and-mouse game,” Hirsh said. “The big companies work hard to prevent this type of thing, but they can never be perfect.

“There’s always knowledge that they don’t have, that someone else has, that can be used against them.”

This comes six weeks after Apple launched its new iPhone 3GS, billed as “the fastest, most powerful iPhone yet.”

About 4,000 people are at the Las Vegas conference.

© Copyright (c) The Vancouver Sun

Comments are closed.