« Defending Against Spam | Main | Who's talking to your kids online? »

July 24, 2007

iPhone Hacking Raises Security Concerns for all Smartphone Users

Eyespy Security analysts have long predicted that hackers who routinely pester computer users would eventually target smart phones, whose advanced network connections and operating systems continue to become more computer-like. Indeed, smart-phone virus outbreaks have been reported in Europe and Asia.

This week Independent Security Evaluators (ISE), a U.S. independent testing lab, dramatized the looming danger by piercing the defenses of the much-vaunted iPhone. (ISE is the lab whose help Consumer Reports seeks for our evaluations of security software. See our report on how we test antivirus software and look for our 2007 State of the Net report, which posts to ConsumerReports.org in early August.)

See our complete coverage on:

Some telecom experts believed the iPhone was relatively immune from such attacks because of the limited access Apple granted third-party developers to iPhone's operating system (a stripped-down version of the one that runs on Macs), and because iPhone's Safari Web browser lacks the ability to use plug-ins, such as Flash, a primary entry point for Web-borne attacks.

Yet ISE was able to hack into a New York Times reporter’s iPhone when it (voluntarily) visited a special Web site they created, which uploaded malicious software and gave the "hackers" unlimited access to files and phone functions. (Note: The embedded link will take you to the New York Times Web site, which may display an online ad before presenting its story on hacking the iPhone.)

Besides downloading contact information and recent text messages, ISE claims it was able to seize control of the phone, and program it to dial any number, send any text message—-even turn the iPhone into a bugging device to eavesdrop on anyone within earshot. More important, while ISE’s focus was the iPhone, their main point is cell-phone providers need spruce up their security act. More details of ISE’s iPhone effort are available on http://www.exploitingiphone.com/.

ISE has sent its recommendations for security patches to Apple. In the meantime, it offers these tips for iPhone and other smart-phone owners to minimize risk:

  • Only visit Web sites you know
  • Only use Wi-Fi networks you trust
  • Don’t open Web links from e-mails

--Mike Gikas

For complete Ratings and recommendations on appliances, cars & trucks, electronic gear, and much more, subscribe today and have access to all of ConsumerReports.org.
Print This Page
Posted at 11:08:46 AM in iPhone | Mobile Phones | Smart Phones/PDAs | Wired/Wireless Network

Comments

Post a comment

All comments are reviewed by our moderators, and will not appear on this blog unless they have been approved. Comments that do not relate directly to the blog entry's contents, are commercial in nature, contain objectionable or inappropriate material, or otherwise violate our User Agreement or Privacy Policy, will not be approved. Approved posts generally appear within 24 hours of receipt. For general inquiries not related to this blog, please contact Customer Service.

If you have a TypeKey or TypePad account, please Sign In

About this blog

Consumer Reports' electronics reporters, editors, and testers will quickly report on new developments and trends.

RSS Feed

Recent Posts

Consumer Reports Electronics Blog Categories

Consumer Reports Electronics Blog Archives

-    July 2009
-    June 2009
-    May 2009
-    April 2009
»    View All

More Consumer Reports Blogs