Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:35 AM
Connect Directly

i Caramba! iPhone Hacked Already

Researchers find bugs in iPhone browser, Bluetooth, and WiFi connections

It took a couple of days to finally get the iPhone service activated. But as soon at they got it working, it took researchers at Errata Security only a few minutes to find multiple security vulnerabilities in the iPhone.

So far, Errata has found three main flaws in the long-awaited and much-hyped mobile phone/music/video player/mobile Web/email client device: a heap overflow bug in its Safari browser; a potential denial-of-service bug in its Bluetooth feature; and a data "seepage" bug that could cause seemingly innocuous data to be exposed by chatty client applications over a WiFi connection. (See Tool Uncovers Inadvertent 'Chatter', Joke's on Me, and Data That Doesn't Drip... Drip... Drip....)

These are just the first of the publicized bugs in iPhone: Security researchers say plenty more have been found, but many won't be disclosed until Apple fixes them. John Hering, CEO of Flexilis, a mobile security firm, says his company has found flaws in iPhone and is currently alerting Apple on its findings.

"A number of vulnerabilities exist in the device," Hering says. "The iPhone is going to be a choice target. With something as exciting as this, inherently creative people are always going to be looking into it" security-wise.

Even so, the iPhone, which is based on a version of OS X, is actually more secure than other mobile phones because it has a system for updating and patching it: iTunes, says Robert Graham, Errata's CEO, who has been hammering away at the iPhone since his service finally kicked in. "It's the only one [mobile device] that will be regularly updated for security patches." The iTunes service already has alerted users that it will provide updates on July 5, he says.

A lack of simple patching capabilities has been a major problem in the mobile industry, Hering says. Interfacing with iTunes will make this process simple for iPhone users, but it also opens another potential attack venue. "If the mobile device gets compromised, would it be a great leap to exploit the traditional PC [or laptop]?"

Interestingly, the Safari and Bluetooth bugs found by Errata had already been found on other Mac OS X systems. "One of the major problems with mobile industry is legacy code -- having vulnerabilities hopping from system to system," Hering says. "If you have systems that are 'recycled' in mobile systems, you're going to see similar security vulnerabilities."

Although the Safari bug wasn't really a surprise, Graham says it's probably the most critical of the bugs Errata has found so far. "Just by visiting a [malicious] Website, you can have your iPhone broken into... and taken over." All it takes is a spam or SMS message luring the user to a malicious link, he says.

Graham says Errata is still exploring the Bluetooth bug, which he has been testing with a fuzzer. "The system hangs -- it may just be a DOS [denial-of-service]" bug.

And like any wireless device, the iPhone is susceptible to what Graham and Errata CTO David Maynor have dubbed as "data seepage," which they confirmed using their Ferret tool that sniffs WiFi traffic.

"If you've got a mobile phone, and you walk by a wireless access point it likes the name of, it will connect you to it and disclose all about you without your being aware you're on WiFi," Graham says. "It has all of the same problems Mac notebooks have."

Security researchers expect iPhone to have lots of security flaws because it's a high-profile device, and because of its Mac OS X ties. "There will be more iPhone vulnerabilities found than in all the other mobile phones put together," predicts Graham. "But in reality, it's [the iPhone] more secure."

It all boils down to threat vs. risk for iPhone users. Flexilis's Hering worries that the iPhone's high profile and expected massive uptake, as well as its links to the Mac OS, could make it an attractive target for a massive worm or other attack. The iPhone's Web browser, unlike other mobile devices, is basically a full-featured Safari application, he says. "That’s neat for the user but it also poses a number of security risks."

Meanwhile, what looks to be the iPhone's system-restore image has appeared online, leading to speculation that iPhone hacking tools may be just around the corner.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Apple Inc. (Nasdaq: AAPL)
  • Errata Security Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-04-14
    An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
    PUBLISHED: 2021-04-13
    A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
    PUBLISHED: 2021-04-13
    The Motorola MH702x devices, prior to version, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
    PUBLISHED: 2021-04-13
    A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could allow unauthorized access to the driver's device object.
    PUBLISHED: 2021-04-13
    A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could cause systems to experience a blue screen error.