The iPhone is just short of a month old, yet the list of security risks associated with it already seems as long as a year. There has been no letup of reports of serious attacks that may be mounted in relation to the gadget of the moment, from phishing sites to vulnerabilities in the Safari browser, as discussed in the following entries:
It was noted that real downpour is yet to come, and it seems that the time is nigh. In a recent case, too many Wi-Fi requests from iPhones at Duke University flooded the campus wireless LAN (WLAN), rendering around 30 access points unusable. Network administrators were quick to discover from captured wireless traffic that 18,000 requests per second made from iPhones were to blame and to absolve Cisco, provider of the WLAN, although Cisco has since admitted that it was a network issue that caused the flooding.
Meanwhile, Independent Security Evaluators researchers, who hack their client’s machines to test security, have also set the stage for a deeper iPhone scrutiny, with an announcement that they have cracked Apple’s wonder gadget. The white hat hackers claim that through an unsecured Wi-Fi connection or through compromised Web sites that the user was tricked into visiting, a hacker could take complete control of the much-hyped device.
The nitty-gritty of the exploit remains under wraps, however, and will not be disclosed until the BlackHat conference in Las Vegas on August 2, 2007. For now, preliminary details on the vulnerability are available at exploitingiphone.com and an introductory technical paper may be downloaded here. From the looks of it, however, there is no more waiting with bated breaths for the details because a video about the said hack by the same Baltimore-based researchers is already on YouTube.com. See related story by NBC in this news clip, where Trend Micro Senior Threat Research Consultant Jamz Yaneza appears.