iPhones: The Wi-Fi threat to business security

Summary:An Australian security expert has warned that enterprises will face new Wi-Fi security threats thanks to the rise of the iPhone.

An Australian security expert has warned that enterprises will face new Wi-Fi security threats thanks to the rise of the iPhone.

Speaking at the IDC SecurityVision conference in Sydney today, Chris Gatford, senior security consultant for Pure Hacking, told delegates that the arrival of the iPhone in Australia and gradual adoption by business will "elevate risk to a level never seen before".

"We're going to find a lot of executives using the iPhone's push email to combine their personal and business messages ... combined with the ever-increasing use [on the iPhone] of Web 2.0 applications, there are a lot of vulnerabilities," he said.

"Like it or not, there's about to be a whole lot more risks for a lot of organisations," he added.

Gatford identified Wi-Fi as being a technology ripe to hack the iPhone, and said its exploitation for malicious purposes would only continue to grow: "Wi-Fi spots aren't encrypted ... nor is a great amount of the information you receive from Web 2.0 applications."

The Pure Hacking consultant demonstrated how a point and click attack can be used to gain access to a victim's Gmail account over a hotspot, using a tool to "sniff out" unencrypted information stored in cookies, and then using a separate tool to dig out the required information to enter someone's personal account without a password.

"Loads of applications are vulnerable to this kind of attack, Gmail is just one of them," he noted.

Gatford claimed that the cost of data plans for converged devices in Australia will also fuel growth in the use of Wi-Fi enabled spots, another factor which will "only increase the vulnerability of the iPhone".

Topics: iPhone, Apple, CXO, Enterprise 2.0, IT Priorities, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.