iPhone flaw lets hackers take over, security firm says

A team of computer security consultants says it has found a flaw in the Apple iPhone that allows them to take control of the device.
The New York Times

The story "iPhone flaw lets hackers take over, security firm says" published July 22, 2007 at 8:55 AM is no longer available on CNET News.

Content from The New York Times expires after 7 days.

[rapier1]

Let the annoying pointless flaming begin!

I'll start:

"Obviously this shows that Apple is no better than anyone else"
'No it doesn't!'
"Yes it does!"
'No it doesn't'
"Yes it does!"
'No it doesn't and you're fat ugly and stupid'
"Yeah, well my OS can beat up your OS!"
lather, rinse, repeat.

[shoffmueller]

Somethimes fun though

I have to admit that I click on apple/microsoft stories, not to read the articles, but to laugh at the goofballs who echo the dialog you just sampled.

[mithodge]

iBug

Too bad... I thought it would at least be a month before something like this was found for the iPhone. I guess even Apple can get careless when they quickly develop a mobile operating system...

[Vegaman_Dan]

I'm curious

If this exploit is found on the iPhone which is running OS X, does it mean the same thing can happen to a Mac running OS X too?

Somehow I doubt it, but.... ?

[WJeansonne]

Stupid defensive remark regarding Windows Mobile

These Apple worshipers (including reporters) can't resist dragging Microsoft technology into the issue. When will people learn that no, and I mean no, operating system or software application is immune from attack and probably never will be. Therefore, Apple is just another computer software and hardware vendor--nothing special.

[NewsReader_]

What about Macs

Maybe the author should have speculated about whether the flaw affects other Macs as well. Both run OSX right? Stands to reason that Macs can be exploited in the same fashion. Maybe even PC's that are runnig Safari.

Apple wanted attention. Well they have it now. If enough bugs are found, maybe the fanboys will accept the fact that Apple creates software just like everyone else. There are no gods working for Steve Jobs.

[richto]

So true. I havnt seen a single exploit on Windows Mobile

So true. I havnt seen a single exploit on Windows Mobile

Not like Symbian and Linux based OSs where you have a zillion patches and vulnerabilities to worry about. Symbian in particular has loads of virues and Malware floating around,

[qwerty75]

True

But as usual you are missing the important point.

You don't see script kiddies breaking into non-windows systems.

It takes a lot of effort and knowledge to legitimately compromise a *nix machine.

That is NOT the case with windows.

If you can't see the difference, well I am not surprised.

If this gets fixed quickly and without incident then not much has changed. It certainly doesn't let the criminally incompetent Microsoft off the hook.

[pisceandelusions]

I'm not worried about it.

I'm sure Apple will get it taken care of, and I've heard nothing of
anyone actually having their iPhone hacked. Not to say it won't
happen, it's definitely possible. But Apple's iPhone support is
outstanding, I know somoene who was extremely satisfied with it,
so I have to assume they will take care of any legitimate security
issues as they are discovered.

<a class="jive-link-external" href="http://www.pisceandelusions.org" target="_newWindow">http://www.pisceandelusions.org</a>

[K.P.C.]

* Nothing to do with story . . . *

Nice web page fellow Piscean ;-)

[aemarques]

The important bit of this story...

I guess you ALL missed the important bit of this story:
"Windows gets hacked all the time not because it is more insecure than Apple, but because 95 percent of computer users are on Windows," he said. "The other 5 percent have enjoyed a honeymoon that will eventually come to an end."

The iPhone is becoming a victim of its own success, he said. "The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back."

Welcome to (in)security hell, Apple! ;-)

[imacpwr]

Re: The important bit of this story...

Yea yea yea...
For the same reason Unix and Linux Servers outnumbered Window
Servers yet Window Servers were the ones that were most often
compromised..? Sorry, but it's been long proven that it's not a
market percentage which gets one OS targeted more than another.
It's the ease of which even young hackers have been frequently able
to remotely gain entry into a Window's based computer.

[dejo]

Security through obscurity myth

Hmm, I wonder what percentage of cell-phones, or heck even
smart-phones, are iPhones? It couldn't be 95 percent already,
could it? ;-)

[morubio]

You hit the nail right on the head.

How funny will it be when Apple has a dominant share of the
smartphone market...

[csg7]

Look at the obsession of iPhone fans !

So call die-hard iPhone fan can't even allow a security flaw to be reported and say they don't care. If this device is so expensive and is suppose to be become universal over the years than it has to perform as expected.
I own one now and its the best tech device I have seen but then again it just barely makes for the price with its flaws, and these reports add up to it.
Alright, now over to the 'fans' ...

[richto]

Hardly a surprise. Full of Holes, Just like MacOSX and Safari.

Hardly a surprise that it's full of Holes, Just like MacOSX and Safari.

[nmcphers]

You right. Almost as much is Windows and IE

You right. Almost as much is Windows and IE

[qwerty75]

Hardly a surprise indeed

I guess the fact that there are no exploits in the wild for OSX over 5+ years is meaningless?

[catbutt5]

Why did you go there?

This article was going fine discussing a flaw in the iPhone,
specifically Safari until you decided to MacOS vs. Windows thing.

Fine, look at the facts: there are zero, 0, nada, zip viruses/
malware for Mac OSX. Don't trust me, ask your AV vendor of
choice.

OSX has been out since what 2001? Six years and counting...
that sounds like a helluva "black target" doesn't it.

As virus writers/skiddies/black-hats are in it for self-
agrandizement, what better feather in your cap than to be the
first to write a virus for Mac OSX?

I use Windows, I use Mac, I use Linux. I know each of their
strengths and weaknesses.

Anyone who says a UNIX based OS has no viruses/malware/etc.
because of it's installed numbers simply doesn't know what they
are talking about. UNIX is a completely different architecture
which is not susceptible in the same ways as Windows.

Don't trust me, please, do the research yourself.

[qwerty75]

What an ignorant statement

"The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back."

Security and popularity have nothing to do with each other. If this security flaw is valid, it would still be a security flaw if they only sold a small handful. Given the sparse details, it looks like it is a relatively simple attack to carry out, which is the real reason that systems get attacked.

It is unlikely that you will see 12 year old script kiddies successfully compromising non-Windows based systems anytime soon. That is where Windows fails. No system is 100% safe from attacks, but that doesn't mean that technically ignorant people should be able to easily attack the system.

If his ridiculous statement were true then Apache would be getting hacked all the time, instead of Windows server offerings.

This might not necessarily affect desktop machine. there are undoubtedly significant modifications on the iPhone version.

[qwerty75]

statistics

For the people wanting statistics but don't know how to search at secunia.com:

Windows Server: 10,278 viruses listed This includes the entire Windows Server family

Apache: 49 listed virus This includes, not only the traditional Apache but other servers like Struts and Tomcat(Servlet/JSP).

The interesting thing is that Windows Server has 517 advisories listed and Apache 402. So much for the all flaws are equal argument.

For completeness IIS has 46 advisories and 802 viruses, and is much, much younger then Apache.

But yeah, popularity and security problems are related.

[qwerty75]

popularity

Depending on how independent the report is statistics for Apache market share, varies. But they all agree on one thing: they have the majority share by a wide margin.

[qwerty75]

popularity

Depending on how independent the report is statistics for Apache market share, varies. But they all agree on one thing: they have the majority share by a wide margin.

[LuvThatCO2]

Talk about ignorant!

"It is unlikely that you will see 12 year old script kiddies successfully compromising non-Windows based systems anytime soon. "

How about the 12 yo script kiddies who have been trashing *nix based web servers for years? How many sites have been defaced and databases wiped out on non-windows servers? MILLIONS.

Please get a clue.

The reason there's no successful virii on MacOS is because there's just not enough of them to allow for propagation. If a virus sends itself to everyone in a person's address book - particularly at businesses - they'd be unlikely to even reach one mac. A virus cant spread that way. Same with other OS's.

[LuvThatCO2]

iPhone over-hyped, over-rated!

I love watching Apple fanboys flip out.

I dont get this whole iPhone hype - other than the multi-touch, what isnt already available on a Win mobile phone? The 'HTC Touch' and several other of their phones meet, if not exceed, the feature spec of an iphone - and they've been doing that for years on their phones. The iphone doesnt even have bluetooth file transfer, not to mention the programming interface isnt 'open' making 3rd party apps scarce... that makes the iPhone basically a fancy paper weight in my book. My motorola has an mp3 player &#38; full bluetooth (all profiles). The iphone cant match that? Plus the suckers I know who bought an iPhone say the phone's reception and clarity is awful. Meanwhile, my motorola is better than a land line.

Over-rated!

[sciontcya]

Who's flippin'?

I'll tell ya who - M$ fanboyz.
M$ announces it's weekly holes/patches.
M$ announces yet another HUGE hardware recall.
Who stood in line for a Zune?
Who stood in line for Windows mobile?
Answer?
Nobody.
Look at Apple's stock. It's high for good reason - great
products and support.
Perfect?
Heck no.
Better than most?
Yes.

Seems you M$ fanboyz are the ones in a tizzy. :)

[thedreaming]

Proof Of Concept

A security company which I never heard of before finds and uses an exploit in the iphone to show off how smart they are and get themselves alot of free publicity. Did I nail it right the first time?

Just like Microsoft or Apple, the flaw in their software is found and fixed and life continues.

[inachu]

this bug will never hit me but!

I am so angry that I can't use attachments!

So hackers can use attachments but normal users can't?

I could throw away my work pc if apple enabled the use of attachments.

[nuckelhedd]

LMAO

Choked on some water bt thanks for the laugh

[Kings X Rocks!]

Yawn! Again...

nt

[Xenu7-214951314497503184010868]

Now Hackers Can Have A Slow Connection Too

Pity the hacker that takes over a iPhone and has to do his criminal work at dial-up speeds.

[Kings X Rocks!]

Hear Hear!

nt

[erezhustla]

Soon you will all be able to toss your iphone to next river

Soon Google is coming with Google Cell Phone, wich will have all google services such as gmail, google maps, search etc.

I think the right thing to do right now is buy a relevant domain names like those sell on ebay:

<a class="jive-link-external" href="http://cgi.ebay.com/Google-Cellular-Google-Cell-Phone-com-8-domain-names_W0QQitemZ120144690732QQihZ002QQcategoryZ11153QQssPageNameZWDVWQQrdZ1QQcmdZViewItem" target="_newWindow">http://cgi.ebay.com/Google-Cellular-Google-Cell-Phone-com-8-domain-names_W0QQitemZ120144690732QQihZ002QQcategoryZ11153QQssPageNameZWDVWQQrdZ1QQcmdZViewItem</a>

[intro27]

iPhone Security Hole Patched

GoTrusted just launched a new iPhone Security Service that encrypts your internet communications over WiFi networks. The best part is, it?s FREE!

<a class="jive-link-external" href="http://www.gotrusted.com" target="_newWindow">http://www.gotrusted.com</a>

[intro27]

GoTrusted Patches iPhone Security Hole

GoTrusted just launched a new iPhone Security Service that encrypts your internet communications over WiFi networks. The best part is, it?s FREE!

<a class="jive-link-external" href="http://www.gotrusted.com" target="_newWindow">http://www.gotrusted.com</a>

[BigMike707]

PEOPLE PEOPLE... Calm the blank down....AS long as something is a piece of technology, it will have flaws.

No Matter if it is Mac or Windows it will have them.. I have had both the HTC 8525 and now thew iPhone..Both have had there fair share of annoying problems..

\BUt look at the BIG PICTURE, you guys fighting about it online is like being retarded..No matter who "THINKS" they won your still both RETARDED