Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:35 AM
Connect Directly

i Caramba! iPhone Hacked Already

Researchers find bugs in iPhone browser, Bluetooth, and WiFi connections

It took a couple of days to finally get the iPhone service activated. But as soon at they got it working, it took researchers at Errata Security only a few minutes to find multiple security vulnerabilities in the iPhone.

So far, Errata has found three main flaws in the long-awaited and much-hyped mobile phone/music/video player/mobile Web/email client device: a heap overflow bug in its Safari browser; a potential denial-of-service bug in its Bluetooth feature; and a data "seepage" bug that could cause seemingly innocuous data to be exposed by chatty client applications over a WiFi connection. (See Tool Uncovers Inadvertent 'Chatter', Joke's on Me, and Data That Doesn't Drip... Drip... Drip....)

These are just the first of the publicized bugs in iPhone: Security researchers say plenty more have been found, but many won't be disclosed until Apple fixes them. John Hering, CEO of Flexilis, a mobile security firm, says his company has found flaws in iPhone and is currently alerting Apple on its findings.

"A number of vulnerabilities exist in the device," Hering says. "The iPhone is going to be a choice target. With something as exciting as this, inherently creative people are always going to be looking into it" security-wise.

Even so, the iPhone, which is based on a version of OS X, is actually more secure than other mobile phones because it has a system for updating and patching it: iTunes, says Robert Graham, Errata's CEO, who has been hammering away at the iPhone since his service finally kicked in. "It's the only one [mobile device] that will be regularly updated for security patches." The iTunes service already has alerted users that it will provide updates on July 5, he says.

A lack of simple patching capabilities has been a major problem in the mobile industry, Hering says. Interfacing with iTunes will make this process simple for iPhone users, but it also opens another potential attack venue. "If the mobile device gets compromised, would it be a great leap to exploit the traditional PC [or laptop]?"

Interestingly, the Safari and Bluetooth bugs found by Errata had already been found on other Mac OS X systems. "One of the major problems with mobile industry is legacy code -- having vulnerabilities hopping from system to system," Hering says. "If you have systems that are 'recycled' in mobile systems, you're going to see similar security vulnerabilities."

Although the Safari bug wasn't really a surprise, Graham says it's probably the most critical of the bugs Errata has found so far. "Just by visiting a [malicious] Website, you can have your iPhone broken into... and taken over." All it takes is a spam or SMS message luring the user to a malicious link, he says.

Graham says Errata is still exploring the Bluetooth bug, which he has been testing with a fuzzer. "The system hangs -- it may just be a DOS [denial-of-service]" bug.

And like any wireless device, the iPhone is susceptible to what Graham and Errata CTO David Maynor have dubbed as "data seepage," which they confirmed using their Ferret tool that sniffs WiFi traffic.

"If you've got a mobile phone, and you walk by a wireless access point it likes the name of, it will connect you to it and disclose all about you without your being aware you're on WiFi," Graham says. "It has all of the same problems Mac notebooks have."

Security researchers expect iPhone to have lots of security flaws because it's a high-profile device, and because of its Mac OS X ties. "There will be more iPhone vulnerabilities found than in all the other mobile phones put together," predicts Graham. "But in reality, it's [the iPhone] more secure."

It all boils down to threat vs. risk for iPhone users. Flexilis's Hering worries that the iPhone's high profile and expected massive uptake, as well as its links to the Mac OS, could make it an attractive target for a massive worm or other attack. The iPhone's Web browser, unlike other mobile devices, is basically a full-featured Safari application, he says. "That’s neat for the user but it also poses a number of security risks."

Meanwhile, what looks to be the iPhone's system-restore image has appeared online, leading to speculation that iPhone hacking tools may be just around the corner.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Apple Inc. (Nasdaq: AAPL)
  • Errata Security Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    How to Better Secure Your Microsoft 365 Environment
    Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
    Attackers Leave Stolen Credentials Searchable on Google
    Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-01-27
    The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
    PUBLISHED: 2021-01-27
    A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to
    PUBLISHED: 2021-01-27
    Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to
    PUBLISHED: 2021-01-27
    Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to
    PUBLISHED: 2021-01-27
    ** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.