There is a big flaw in Safari on the iPhone that can be exploited to grab information off of one, or even turn it into a remote bugging tool.

Until Apple fixes a problem with the Safari browser, iPhone users should avoid untrusted web pages or WiFi hotspots. A problem in the way Safari handles certain web traffic could result in the injection of malicious code into the browser:

The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

“We can get any file we want,” he said. Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.

Once Black Hat gets underway in Vegas this week, there will be plenty of people at the conference willing to try and drive the iPhone open even farther. Apple has been alerted to the situation, but a patch has not yet been announced.

Via the New York Times

Posted in Hardware, Programming |