iPhone root vulnerability or bogus MSM hysteria?

A lot of hay has been made about a purported "vulnerability" in iPhone that allows a malicious Web site to extract personal information and take control of the device from the a WiFi connection. I put "vulnerability" in quotes because it hasn't been publicly demonstrated yet.

A lot of hay has been made about a purported "vulnerability" in iPhone that allows a malicious Web site to extract personal information and take control of the device from the a WiFi connection. I put "vulnerability" in quotes because it hasn't been publicly demonstrated yet.

The NY Times reports that researchers at a security firm Independent Security Evaluators (I.S.E.) have announced that they could take control of iPhones "by tricking users into going to a Web site that contains malicious code." The hack then allows the site to download the target's SMS log, address book, call history and voicemail data. Which would be bad.

Apple acknowledges that they've submitted something. They just don't elaborate on what it is.

Apple spokesperson, Lynn Fox, said, "We’re looking into the report submitted by I.S.E. and always welcome feedback on how to improve our security."

I'm not doubting them, I just don't like all the wild speculation that's made it into the main stream media about how the iPhone is insecure or how it's been rooted by evil hackers.

The company has posted a video demo of the vulnerability, but until I see it at Black Hat on August 2nd or Apple releases a firmware update on or before that date, it's just a claim.

Show Comments