快猫短视频

Security flaw could mean hijacked iPhones

Security experts demonstrate a way to steal data and remotely control Apple's iPhone, via a webpage hosting malicious code or a Wi-Fi connection

Video: Researchers demonstrate a vulnerability that can be used to capture files from an iPhone

A trick that could allow hackers to hijack Apple鈥檚 new iPhone has been revealed by a US computer security company.

Experts working for , based in Maryland, US, say it is possible to steal files and remotely operate a handset if a webpage containing malicious code is loaded.

According to a (pdf) released by the company, its researchers used an as-yet undisclosed software vulnerability to hijack an iPhone.

The researchers say the vulnerability can be used to carry out unauthorised commands on a targeted device, once a user has loaded a suitably modified webpage. A user could be tricked into doing this via a link in an email or text message, or even by being served a fake webpage through a hijacked Wi-Fi access point.

In one experiment, the researchers created a webpage that triggered an iPhone to connect to a remote server and forward previously sent text messages (see video, top right). In further tests, the researchers say they were able to make the phone vibrate, dial given numbers, send text messages and activate its microphone.

鈥楪enuine hack鈥

There is no evidence that the exploit has been used in the wild. The company says it revealed details to Apple on 17 July and plans to release the technical details publicly on 2 August.

Apple spokeswoman Lynn Fox told The New York Times that the company was investigating. 鈥淲e鈥檙e looking into the report submitted by ISE and always welcome feedback on how to improve our security,鈥 she says. 鈥淎pple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users.鈥

, a computer security expert at Columbia University, New York, US, says the greater functionality offered by the iPhone naturally leads to increased security risks.

鈥淭his looks like a very genuine hack,鈥 he told the newspaper. 鈥淲e鈥檝e been hearing for a few years now that viruses and worms were going to be a problem on cellphones as they became a little more powerful, and we are there.鈥

Unprecedented media interest in the iPhone has undoubtedly also lead to extra scrutiny by security experts.

For example, users have to sign up with cellphone network AT&T before using the phone. But within a week of its launch, a well-known Norwegian computer programmer found a way to use most of the phones functions without signing up (see iPhone security cracked after one week).