There haven't been too many iPhone exploits, it seems, despite the popularity of said devices. However, Charlie Miller, a security researcher, recently uncovered a vulnerability in the iPhone OS that could possibly "allow an attacker to run software code on the phone that is sent by SMS over a mobile operator's network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet." Scary, isn't it? They say it's not very likely that others will exploit it even on a small scale before Apple issues the patch, but having a hole like that just sitting there makes me glad right now that I don't own an iPhone.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Ugh. I apologize for being a jerk. But I'm already in a foul mood and...
Our company makes us take security training every year. We have some security professionals come in and teach our engineers (myself included) all the potential security risks we or bad people could exploit. We are taught HOW to hack a website (altho' strictly advised to never ever do it to a REAL website) in the hopes that we will write better code. They then run a battery of tests against OUR website and provide us with a report on the various weaknesses open to exploitation.
They weight the results. They indicate the probability of exploitation and the level of damage that might be caused. In our case it turned out there were some smaller holes that could be exploited but that no chance that *real* damage (ie. credit card info stolen, etc.) would occur. There were a couple of potential exploitable holes that COULD cause severe damage but the caveat was that the person doing the exploiting would have to be VERY good, and VERY knowledgeable.
The LIKELIHOOD of this occurring was very very small.
The problems were immediately addressed for the next release.
But in a very real sense I think there is an entire business based on instilling FEAR in corporations based on potential security risks that are very very small.
What irks me more are when people respond with "well I'm so glad *I* didn't use that software" or what-have-you, as if they have any idea what they are talking about in the first place.
Member since:
2005-07-06
...and tired of this kind of FUD.
"They say it's not very likely that others will exploit it even on a small scale before Apple issues the patch, but having a hole like that just sitting there makes me glad right now that I don't own an iPhone."
There are too many people on the internet writing so much bullshit that sometimes I just want to disconnect.
OMFG!!!1!!! Th3r3'5 a s3cur1ty h0l3!?!11!!