Sister CISA CISSP

Jul 30 2009   1:44PM GMT

Don’t Go Banking with your iPhone Just Yet

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Articles are being released today about a flaw discovered by security researchers Charlie Miller and Collin Mulliner. They informed Apple a month ago about this flaw, but no fix had been issued. So they decided to go public at the Black Hat conference with a demo of just how easy it is to take over an iPhone. The demo will be done today and I’m sure details of how to do it will be flying. From here, it sounds like a buffer overflow.

Experts are warning that a text message containing a square character means someone is in the process of taking over the phone. They recommend that you shut down the phone immediately and “wait awhile.”

I suppose they think waiting awhile will motivate the hacker to move on to other iPhones. I’d suggest, however, that you turn OFF text messaging until they get this fixed. Shocking to some, I know, but it would be much more shocking to have all your information compromised.

Have a new iPhone with 3G? You can visit a site on YouTube that demonstrates the ease of bypassing both the passcode and the encrypted backup. He has a number of other videos that are equally painful.

Once again, security has taken a backseat to speedy software development. Now Apple is getting a lot (more) bad press.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: