iPhone Security Flaw -- First of Many With Nextgen Phones?

Posted by Lance Koonce

We can't say we weren't warned.

Experts have been saying for years that as cell phone technology advanced, so would the risk of security problems (see, e.g., "Ten Dangerous Claims About Smart Phone Security", at Computerworld.com).  We've already seen purported "hacks" of celebrity phones like that of Paris Hilton, although that was allegedly pulled off in part through an old-fashioned con of a phone company employee. 

Now comes a report in today's New York Times that a team of consultants working for working for Independent Security Evaluators has discovered a flaw in Apple's iPhone that could potentially allow a hacker to take "complete control" over the phone remotely.  The flaw is described in detail at the ISE website.  Given the amount of information that can be stored on an iPhone, this represents a serious risk.   More coverage here.

The NY Times article quotes Steven M. Bellovin, a professor of computer science at Columbia University:

We’ve been hearing for a few years now that viruses and worms were going to be a problem on cellphones as they became a little more powerful, and we’re there.  The iPhone is a full-fledged computer, and sure enough, it’s got computer-grade problems.

But don't expect the threat of security holes to dampen the public's enthusiasm for iPhones (nor should it, as we should all understand that the possibility of hacking is a price we pay for more sophisticated handheld devices).  In fact, how did the head of the computer security company that found the iPhone flaw persuade his researchers to take on the challenge of hacking the new device? 

“I told the guys I would buy them iPhones.”

Trackbacks (0) Links to blogs that reference this article Trackback URL
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.