Hackers say one text message is all it takes to gain control of the device.Canadian iPhone users may want to think about hanging up for a while if two hacker heavyweights prove they can infiltrate the system and put a worm inside the Apple.
Charlie Miller and Collin Mulliner say they've found a security weakness in Apple's iPhone which would allow a hacker to gain control of the device by sending a single SMS — or text message — and they shared that information Thursday at the 2009 Black Hat security conference in Las Vegas.
At the conference, iPhone users were warned their devices were not entirely secure.
"It's scary. I don't want people taking over my iPhone," Miller, a security analyst with consulting firm Independent Security Evaluators, told Reuters, adding the information they presented at Black Hat will give criminals enough information to develop software to break into iPhones within about two weeks. They also told Reuters they warned Apple of the flaw earlier this month, but that the company has yet to fix it.
Miller — one of the top computer hackers in the U.S. — and Mulliner, a PhD student at Technical University of Berlin, focusing on the security of mobile devices, say they discovered the vulnerability and alerted Apple to the problem, but the computer giant hasn't come out with any official statement or a security update to combat the problem.
Canadian Tech guru Jesse Hirsh says if the hackers have cracked the code, there is little iPhone users can do, for now. Other tech experts suggest iPhone users turn off their device immediately if they see a square box in the body of a text message.
Many mobile phone owners use text messaging daily, so Canadian iPhone users are just as vulnerable as those in the rest of the world, said Hirsh.
There have been more than 20 million iPhones sold worldwide. A spokeswoman for Rogers Canada, the only service provider for iPhones in Canada, declined to comment, and referred people instead to contact Apple. Apple didn't immediately return calls to Canwest News Service Thursday.
Hirsh said users should think of the iPhone as a computer, which is vulnerable to hacking.
"In this case, just like how a computer can be infected by an e-mail, they're using an SMS message, not so much to infect it, but to open up a back door that then allows them to control the computer and do whatever they want with it," said Hirsh.
Hirsh said the hackers would be able to use the iPhone just as its owner would — they could send e-mails, text messages, surf the Internet and make phone calls. He warned that criminals could access a user's personal banking information if they have saved passwords into their iPhone.
Hirsh explained the technology could also be used on a wider scale, by accessing an entire network, finding out all the iPhone numbers and sending an automatic, viral SMS to every number. The phones would then respond, and the hacker would potentially have control of at least a few thousand phones, Hirsh said, adding that there's not much iPhone users can do aside from putting their phone away until Apple comes up with a solution.
"It's Apple's job to fix this, not the individual user," he said.
Hirsh says this incident demonstrates that all technology, at some point, is fundamentally insecure and today, it's Apple's turn to squirm.
He's confident Apple will fix the problem, but said another hacker will come along soon to highlight yet another weakness in new technologies.
"It's a perpetual cat-and-mouse game," Hirsh said. "The big companies work hard to prevent this type of thing, but they can never be perfect.
"There's always knowledge that they don't have, that someone else has, that can be used against them."
"Fundamentally, those who want to get into my system are going to get into my system," said the tech guru who doesn't use any anti-virus software on his own personal computers.
"Anti-virus software is not going to protect me against the things I want to be protected against so why should I subscribe to an industry that's broken?"
This comes six weeks after Apple launched its new iPhone 3GS, billed as "the fastest, most powerful iPhone yet."
About 4,000 people are at the Las Vegas conference.
Security experts told Reuters news agency attacks on Apple computers are still quite rare, but that will change once Macs gain a larger market share.
(Canada)