Apple Dodges Remote Hack Bullet

On Thursday, July 30th, two independent security experts by the names of Collin Mulliner and Charlie Miller told listeners at the Black Hat Conference in Las Vegas about a vulnerability  that could give someone complete control of your iPhone. With a series of mostly invisible text messages, generated by a piece of software written by the team, a hacker could have access to your camera, your Hosted Exchange email account, address book, surf the web and even make phone calls.

The weakness is in the regular network data, the part of messages for device communication that the end-user doesn’t see. This makes the flaw particularly dangerous because messages are received and processed automatically, which means the code can sneak in unseen.

Using their software, Miller and Mullliner were capable of targeting iPhones in the US and Germany, and believe it would work as well anywhere. They chose to make their findings public, because ” The bad guys are going to do it no matter what” says Mulliner.

Although the team said hackers would have software ready to take advantage of the weakness in a very short period of time, Apple gave “the bad guys” two days.

They released a security patch on Saturday, August 1st, plugging the vulnerability quickly.

Apple said that Android and Windows Mobile phones might have the same weakness. It went on to say that there had been no successful use of the hack.

Networks all over the world are encouraging users to update their iPhones to the latest update. Google has already taken steps to address the issue.

The Black Hat Conference took place on July 25 to 30, and was host to almost 5000 people, the majority of which were security minded individuals from North America, according to a survey commissioned by Symantec. Also of  those surveyed, 55 percent said they had never created a piece of malicious code in the name of research, and only 17 percent said that they would.

  • Share/Save/Bookmark
No Comments

Leave A Comment

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS