23 July 2007, eWeek.com reports that a security firm has successfully run the first remote exploits on Apple’s feverishly sought after iPhone. From the extensive testing carried out on the iPhone, its been discovered that the adored iPhone is not only vulnerable to data theft but can also be turned into a remote snooping device.
Other than the ability to extract data, among some of the more worrisome exploits demonstrated included the potential for would-be iPhone hackers to remotely turn your iPhone into a recording device that could record audio that could be later transmitted to the malicious party, as well as forcing the iPhone into performing other physical actions which included dialing phone numbers and sending out SMS text messages.
In their data extraction exploit tests, the security firm managed to extract personal data, including SMS text messages, contact information, call history, voice mail information, passwords, e-mail messages and browsing history.
According to the eWeek.com report, such exploits were possible owing to the manner which Apple’s popular Safari browser technology has been implemented on the iPhone platform, as well the iPhone’s OS X nature, to run all important processes with administrative privileges. Leaving the iPhone wide open to exploit once, a would-be hacker compromises any application on the iPhone.
Most of the remote exploits that infiltrated the iPhone required duping the iPhone owner into surfing onto a maliciously crafted web site that downloaded exploit code that forced the iPhone to make an outbound connection to the server controlled by the security firm.
This discovery may well quell, the need for corporate IT departments to raise more complicated justifications against the incorporation of the iPhone platform into the corporate connectivity market. Although, the security firm has reported these exploits to Apple Inc, the Cupertino iPhone maker has yet to issue an official statement on the matter.
Read the full article, here.