iPhones: The Wi-Fi threat to business security

An Australian security expert has warned that enterprises will face new Wi-Fi security threats thanks to the rise of the iPhone.

Speaking at the IDC SecurityVision conference in Sydney today, Chris Gatford, senior security consultant for Pure Hacking, told delegates that the arrival of the iPhone in Australia and gradual adoption by business will "elevate risk to a level never seen before".

"We're going to find a lot of executives using the iPhone's push email to combine their personal and business messages ... combined with the ever-increasing use [on the iPhone] of Web 2.0 applications, there are a lot of vulnerabilities," he said.

"Like it or not, there's about to be a whole lot more risks for a lot of organisations," he added.

Gatford identified Wi-Fi as being a technology ripe to hack the iPhone, and said its exploitation for malicious purposes would only continue to grow: "Wi-Fi spots aren't encrypted ... nor is a great amount of the information you receive from Web 2.0 applications."

The Pure Hacking consultant demonstrated how a point and click attack can be used to gain access to a victim's Gmail account over a hotspot, using a tool to "sniff out" unencrypted information stored in cookies, and then using a separate tool to dig out the required information to enter someone's personal account without a password.

"Loads of applications are vulnerable to this kind of attack, Gmail is just one of them," he noted.

Gatford claimed that the cost of data plans for converged devices in Australia will also fuel growth in the use of Wi-Fi enabled spots, another factor which will "only increase the vulnerability of the iPhone".