LAS VEGAS - Security experts have uncovered flaws in Apple Inc.'s iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.
IPhone users needed to be warned that their devices were not entirely secure and Apple should try to repair the vulnerability as soon as possible, they said at the Black Hat conference in Las Vegas, one of the world's top forums for exchanging information on computer security threats.
"It's scary. I don't want people taking over my iPhone," Charlie Miller, a security analyst with consulting firm Independent Security Evaluators, said in an interview.
Miller and Collin Mulliner, a Ph.D. student at the Technical University of Berlin, also discovered a method for hacking the iPhone that lets hackers easily knock a victim's iPhone off a carrier's network.
It prevents users from making calls, accessing the Internet and exchanging text messages, they added.
The two showed how they can disconnect an iPhone from the cellular network by sending it a single, maliciously crafted text message — a message the victim never sees. The messages exploit bugs in the way iPhones handle certain messages and are used to crash parts of the software.
They even said it's possible to remotely control an iPhone by sending 500 messages to a single victim's phone. Those messages contain the necessary commands for the attack and would get executed automatically by exploiting a weakness in the way the iPhone's memory responds to that volume of traffic.
Miller said messaging attacks are so attractive, and are going to become more common, because the underlying technology is a core phone feature that can't be turned off.
"It's such a powerful attack vector," Miller said. "All I need to know is your phone number. As long as their phone's on, I can send this and their phone's going to do something with this. ... It's always on, it's always there, the user doesn't have to do anything — it's the perfect attack vector."
They said the information they presented at Black Hat will give criminals enough information to develop software to break into iPhones within about two weeks.
They said they warned Apple of the flaw in the middle of July, but that the company has yet to fix it.
About 4,000 security professionals were in attendance, including some who are really hackers. While experts ferret out software flaws to fix them and protect users, hackers use the same information to devise pranks or commit crimes.
It is not illegal to disclose ways to hack into computer systems, though it is against the law to use it to break into them.
When asked why they would hand over such information to criminals, they said they felt it was necessary to alert the public that iPhones were just as vulnerable to attack as personal computers.
[via msnbc]
0 comments:
Post a Comment