iPhone, Apple PCs vulnerable to hackers
The iPhone and Apple Inc's desktop computers may be vulnerable to hackers due to a flaw in their Web browser, according to a security firm, which said it found a way to hack into the iPhone.
Baltimore-based Independent Security Evaluators, which tests its clients' computer security by hacking it, said on Monday that three employees found a way to take control of iPhones through a Wi-Fi link or by tricking users into going to a Web site.
Charles Miller, principal security analyst at the firm, said a security weakness allows someone to take control of Apple's Safari Web browser and see other applications on the device at the same time, which could potentially make users of Macintosh desktop computers vulnerable to attacks.
"The same problem actually exists on Apple's desktops," said Miller. But he added that while his firm had identified the risk for both desktops and phones, it had only written the code necessary to hack into the iPhone.
The security consultant, which took about a week and a half to work out the move, said they were able to take control of an iPhone and make calls or send text messages, as well as access e-mails, voice-mail, address books and call and Web browsing history.
An Apple representative was not immediately available for comment. Miller said his firm gave details about the hack and a potential security patch to Apple, but did not publicly release the details.
Miller said Apple could have avoided the risk by eliminating links between the browser and other applications.
"It turns out that on the iPhone there are probably some basic things they could have done that would have made it better," said Miller.
The claim comes almost two months after Apple and AT&T Inc started selling Apple's first cell phone, which includes a music and video player as well as a Web browser.
As many as 700,000 iPhones were sold on the first weekend after the June 29 launch, according to analyst estimates.
Days after launch, a well-known hacker Jon Johansen, claimed to have overcome restrictions on the iPhone, allowing highly technical users to bypass AT&T's network to use the phone's Internet and music features.
While cell phones have not historically been as vulnerable to attack as desktop computers, some experts worry that as phones add more computer-like features they take on greater risks.
Miller said he had not looked into security on other mobile phones to see how they compare to the iPhone, but he noted that the more complex the system the greater the likelihood of problems.