June 16, 2009 at 18:22New exploit threatens iPhone
- Transfer
Information security researchers have found a way to run unconfirmed code on an unlocked iPhone. Charles Miller (chief analyst at Independent Security Evaluators) and Vincenzo Iozzo (student at the University of Milan) discovered "more than one" way to download the application to their new iPhone as regular data, and then turn it into a fully working program.
“Whatever you are going to do with the iPhone, you will need to run your application there. Get personal data, listen to conversations, just turn on the phone’s microphone and record - all this is possible only if you have already managed to run your code, ”the researchers comment.
Unlike the usual hacking iPhone, new methods do not require physical access to the phone. Of course, special Apple software protects against most exploits, but Miller and Iozzo managed to find several ways to get around this protection.
Attacks will be demonstrated at the Black Hat Conference in Las Vegas next month. Phones running iPhone OS 2.0 are currently vulnerable. To test the operability of an exploit on OS 3.0, developers are waiting for its release tomorrow, June 17.
“Whatever you are going to do with the iPhone, you will need to run your application there. Get personal data, listen to conversations, just turn on the phone’s microphone and record - all this is possible only if you have already managed to run your code, ”the researchers comment.
Unlike the usual hacking iPhone, new methods do not require physical access to the phone. Of course, special Apple software protects against most exploits, but Miller and Iozzo managed to find several ways to get around this protection.
Attacks will be demonstrated at the Black Hat Conference in Las Vegas next month. Phones running iPhone OS 2.0 are currently vulnerable. To test the operability of an exploit on OS 3.0, developers are waiting for its release tomorrow, June 17.