Saturday, July 28, 2007

iPhone hacked under laboratory conditions

There is no doubt that the iPhone, Apples new entry in the smart phone market, has received a lot of attention. I just had the opportunity to use one and they are truly an amazing toy, especially when compared to what else is out there.

Whenever something is popular, Internet outlaws normally try to figure out an angle on how to exploit it for their personal (probably financial) gain. In the interest of getting one step ahead of the bad guys - some of the good guys are trying to discover some of the potential issues with the iPhone before they occur.

Read a post written by Mike Gikas on the Consumer Reports Electronic Blog, which stated:

This week Independent Security Evaluators (ISE), a U.S. independent testing lab, dramatized the looming danger by piercing the defenses of the much-vaunted iPhone. (ISE is the lab whose help Consumer Reports seeks for our evaluations of security software. See our report on how we test antivirus software and look for our 2007 State of the Net report, which posts to ConsumerReports.org in early August.)

Apparently, ISE was able to hack New York Times reporter's iPhone by having it visit a website, which downloaded malware (malicious software) on the phone and gave the testers access to files and iPhone functions.

A visual presentation of this evaluation has been posted on YouTube:



Please note this was done under lab conditions and we've yet to see any hacking of the iPhone done in the wild (at least to my knowledge).

Nonetheless, hacking smart phones might become a new trend that people need to be made aware of. Just about any device can be hacked if hackers are motivated enough to do so.

My personal theory is that as smart phones become more common, we will see them exploited more often.

Perhaps, common sense when using any device that connects to the Internet is the best defense out there. Here are the tips offered from the electronic's blog:
1. Only visit Web sites you know.
2. Only use Wi-Fi networks you trust.
3. Don’t open Web links from e-mails.


And of course, don't fall for anything that is too good to be true, or doesn't make sense. Social engineering techniques (confidence tricks, fraud) normally are what lures anyone into a technology exploit.

Here is a previous post on some controversial software being sold that can invade someone's privacy (my opinion) by loading it on their smart phone. Thus far, they are not advertising software that is compatible with the iPhone.

FlexiSpy - software that spies on people via their smart phone

Full post from Mike Gikas on the Electronics Blog (Consumer Reports), here.

No comments: