14 DAY TRIAL // The iPhone has been out for nearly a month and has proven to be a wildly popular device, with computer-like capabilities in a small intuitive package. But the iPhone's capabilities have a downside, making it as vulnerable to security threats as computers are and it looks like major exploits have been discovered.
Independent Security Evaluators, a security company has found a way to take control of iPhones, giving them full access to the device's capabilities and all the information within. Apple has taken the security of the device very seriously and has built a lot of security measures into the device, however, once bypassed though the discovered flaw, these measures mean nothing. "Once you did manage to find a hole, you were in complete control," said Charles A. Miller, the principal security analyst for the firm.
The company has already alerted Apple about the vulnerability and recommended a software patch that could solve the problem. So far, there is no indication that this flaw has been discovered by other parties, or that it has been exploited, users remaining largely unaffected. "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," said Lynn Fox, a spokeswoman for Apple. "We're looking into the report submitted by I.S.E. and always welcome feedback on how to improve our security."
The flaw itself has the potential to do a lot of damage. It can be triggered either through a malicious WiFi network or a malicious web site. Once triggered, arbitrary code can be run with full permission, allowing any information to be extracted from the device or giving the attacker the ability to perform various activities such as placing calls, sending messages or even recording the users' activities.
The security experts that discovered the flaw view it as being intrinsic in a device such as the iPhone which is basically a computer. The complexity of the iPhone makes it far less secure than other phones that don't have its capabilities. Despite this, the researchers are very happy with their iPhones and will continue to use them. "You'd have to pry it out of my cold, dead hands to get it away from me," said Aviel D. Rubin, the firm's founder and the technical director of the Information Security Institute at Johns Hopkins University.