Ethical hackers, or white hats, have discovered that an iPhone could theoretically be taken over by not-so-well-meaning hackers if the owner of the device visits a corrupted website or Wi-Fi hotspot, it emerged yesterday.
Employees of US-based Independent Security Evaluators (ISE), which tests its customers’ computer security by hacking into it, have found a way of taking control of iPhones through a Wi-Fi link or by tricking users into going to a website.
The ISE investigation was led by Dr Charlie Miller, a former employee of the National Security Agency, who told the New York Times yesterday: “Once you did manage to find a hole, you were in complete control.”
The firm is understood to have worked out the hacking method within a week and a half and were able to control an iPhone, make calls or send text messages as well as access emails , voice mail, address books and browser history.
By taking over a large number of these devices, gangs could launch massive denial-of-service attacks on web servers or corporate phone exchanges. The devices could also be used to send spam by text message.
ISE says the flaw applied not only to the iPhone but also to Apple computers running Mac OS and the company’s Safari web browser.
ISE is expected to present the details of the flaw at a Black Hat hacker conference in Las Vegas on 2 August next.
It is understood that ISE has provided Apple with details of the flaw and a patch to resolve the issue.
By John Kennedy