Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/2/2007
08:35 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

i Caramba! iPhone Hacked Already

Researchers find bugs in iPhone browser, Bluetooth, and WiFi connections

It took a couple of days to finally get the iPhone service activated. But as soon at they got it working, it took researchers at Errata Security only a few minutes to find multiple security vulnerabilities in the iPhone.

So far, Errata has found three main flaws in the long-awaited and much-hyped mobile phone/music/video player/mobile Web/email client device: a heap overflow bug in its Safari browser; a potential denial-of-service bug in its Bluetooth feature; and a data "seepage" bug that could cause seemingly innocuous data to be exposed by chatty client applications over a WiFi connection. (See Tool Uncovers Inadvertent 'Chatter', Joke's on Me, and Data That Doesn't Drip... Drip... Drip....)

These are just the first of the publicized bugs in iPhone: Security researchers say plenty more have been found, but many won't be disclosed until Apple fixes them. John Hering, CEO of Flexilis, a mobile security firm, says his company has found flaws in iPhone and is currently alerting Apple on its findings.

"A number of vulnerabilities exist in the device," Hering says. "The iPhone is going to be a choice target. With something as exciting as this, inherently creative people are always going to be looking into it" security-wise.

Even so, the iPhone, which is based on a version of OS X, is actually more secure than other mobile phones because it has a system for updating and patching it: iTunes, says Robert Graham, Errata's CEO, who has been hammering away at the iPhone since his service finally kicked in. "It's the only one [mobile device] that will be regularly updated for security patches." The iTunes service already has alerted users that it will provide updates on July 5, he says.

A lack of simple patching capabilities has been a major problem in the mobile industry, Hering says. Interfacing with iTunes will make this process simple for iPhone users, but it also opens another potential attack venue. "If the mobile device gets compromised, would it be a great leap to exploit the traditional PC [or laptop]?"

Interestingly, the Safari and Bluetooth bugs found by Errata had already been found on other Mac OS X systems. "One of the major problems with mobile industry is legacy code -- having vulnerabilities hopping from system to system," Hering says. "If you have systems that are 'recycled' in mobile systems, you're going to see similar security vulnerabilities."

Although the Safari bug wasn't really a surprise, Graham says it's probably the most critical of the bugs Errata has found so far. "Just by visiting a [malicious] Website, you can have your iPhone broken into... and taken over." All it takes is a spam or SMS message luring the user to a malicious link, he says.

Graham says Errata is still exploring the Bluetooth bug, which he has been testing with a fuzzer. "The system hangs -- it may just be a DOS [denial-of-service]" bug.

And like any wireless device, the iPhone is susceptible to what Graham and Errata CTO David Maynor have dubbed as "data seepage," which they confirmed using their Ferret tool that sniffs WiFi traffic.

"If you've got a mobile phone, and you walk by a wireless access point it likes the name of, it will connect you to it and disclose all about you without your being aware you're on WiFi," Graham says. "It has all of the same problems Mac notebooks have."

Security researchers expect iPhone to have lots of security flaws because it's a high-profile device, and because of its Mac OS X ties. "There will be more iPhone vulnerabilities found than in all the other mobile phones put together," predicts Graham. "But in reality, it's [the iPhone] more secure."

It all boils down to threat vs. risk for iPhone users. Flexilis's Hering worries that the iPhone's high profile and expected massive uptake, as well as its links to the Mac OS, could make it an attractive target for a massive worm or other attack. The iPhone's Web browser, unlike other mobile devices, is basically a full-featured Safari application, he says. "That’s neat for the user but it also poses a number of security risks."

Meanwhile, what looks to be the iPhone's system-restore image has appeared online, leading to speculation that iPhone hacking tools may be just around the corner.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Apple Inc. (Nasdaq: AAPL)
  • Errata Security Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 4/10/2020
    Zscaler to Buy Cloudneeti
    Dark Reading Staff 4/9/2020
    Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
    Kelly Sheridan, Staff Editor, Dark Reading,  4/3/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Yes, I do have virus protection on my system, now what?
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    State of Cybersecurity Incident Response
    State of Cybersecurity Incident Response
    Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-11669
    PUBLISHED: 2020-04-10
    An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.
    CVE-2020-1801
    PUBLISHED: 2020-04-10
    There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro vers...
    CVE-2020-3952
    PUBLISHED: 2020-04-10
    Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
    CVE-2020-4362
    PUBLISHED: 2020-04-10
    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.
    CVE-2020-1802
    PUBLISHED: 2020-04-10
    There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product version...