iPhone Security Threat; Hackers Want Your Data

Last Updated Oct 18, 2007 5:30 PM EDT

iphone-hackers.jpgRenowned Hacker HD Moore posted an exploit on his site, The Metasploit, that allows someone to insert malicious code into someone else's iPhone to access its data. The iPhone's Web browser, email program, and iTunes software -- all root processes -- utilize the TIFF library, where the exploitable bug's located.

Andrew Storms, director of security operations for nCircle, explained the situation in an email:

If weaponized, Storms explained, the assault will present itself as a drive-by attack in which sites host seemingly innocuous images and other media that actually perform dangerous actions when rendered in a Web browser on the iPhone.

And, Storms said, the TIFF vulnerability and Safari bugs are "just problems which lie at the surface of the iPhone." Storms pointed out that in a BlackHat 2007 talk, Chris Miller at Independent Security Evaluators disclosed that all processes on the iPhone run privileged as root. "This architectural discovery in the iPhone means that any compromise of the device results in providing the attacker with privileged access."

According to Moore, the root process issue creates a threat to security, rendering the iPhone the perfect spying device. With this information, Apple may be able to make the iPhone far more secure so enterprises can trust it with private data.

(iPhone Hacker image by Jordan Roher)