IPhone Flaw Lets Hackers Take Over, Security Firm Says

Charles Miller, shown on his iPhone, said that after finding a hole in security, “you were in complete control.”

By JOHN SCHWARTZ
Published: July 23, 2007

A team of computer security consultants say they have found a flaw in Apple’s wildly popular iPhone that allows them to take control of the device.

The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

Although Apple built considerable security measures into its device, said Charles A. Miller, the principal security analyst for the firm, “Once you did manage to find a hole, you were in complete control.” The firm, based in Baltimore, alerted Apple about the vulnerability this week and recommended a software patch that could solve the problem.

A spokeswoman for Apple, Lynn Fox, said, “Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users.”

“We’re looking into the report submitted by I.S.E. and always welcome feedback on how to improve our security,” she said.

There is no evidence that this flaw had been exploited or that users had been affected.

Dr. Miller, a former employee of the National Security Agency who has a doctorate in computer science, demonstrated the hack to a reporter by using his iPhone’s Web browser to visit a Web site of his own design.

Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages —[Full story]

A Casualty Of War: MySpace (and other web sites)

U.S. Military Blocks Popular Web Sites

By Alan Sipress and Sam Diaz

Washington Post Staff Writers
Tuesday, May 15, 2007; Page A01

The Defense Department began blocking access on its computers to YouTube, MySpace and 11 other Web sites yesterday, severing some of the most popular ties linking U.S. troops in combat areas to their far-flung relatives and friends, and depriving soldiers of a favorite diversion from the boredom of overseas duty.

The banned Web sites include some of the Internet’s most popular destinations for social networking and sharing photographs, videos and audio recordings. Soldiers and their families frequent the sites to exchange notes, swap pictures and share recorded messages — a form of digital communication that, along with e-mail, has largely replaced the much-anticipated mail call of previous wars.

Senior officers said they enacted the worldwide ban out of concern that the rapidly increasing use of these sites threatened to overwhelm the military’s private Internet network and risk the disclosure of combat-sensitive material.

The Defense Department began blocking access to these Web sites yesterday:

MySpace, YouTub, Photobucket, Metacafe, MTV, iFilm, Hi5, Pandora, Live365, BlackPlanet, 1.FM, StupidVideos, Filecabi, SOURCE: Staff reports

Read the rest of this entry »