Not too long after the iPhone launch, a US security firm has claimed to find a way to hack into the iPhone, due to a flaw in the Apple’s Safari web browser.
Analysts Charles Miller, Joshua Mason and Jake Honoroff of the Baltimore-based firm Independent Security Evaluators took on the challenge of trying to hack into a colleague’s iPhone to “see what level of security the device currently provides for the user.”
They soon found that they could private information, such as email and text messages through WiFi, a misconfigured web forum or by tricking users into going to a website that the attacker controls. This means hackers could get into an iPhone and to make phone calls.
Principal Security Analyst, Miller, said the security weakness which allows someone to take control of Apple’s Safari Web browser is also present in both the Mac and Windows versions of Safari (as well as iPhone), though it may or may not be exploitable there.
He also said it is a near certainty that there are other vulnerabilities in the iPhone, as well as in other iPhone applications. But the analysts qualify this by saying it doesn’t necessarily add credence to Apple’s position that it doesn’t allow third party applications on iPhone for security reasons.
The analysts, who posted their research on the website www.exploitingiphone.com , said they have contacted Apple and proposed a fix to the vulnerability that the company could include in a future update. Apple has responded and said it is “looking into it.”
The iPhone, which was released in the US in June, is due to be launched in Australia sometime in 2007.