Researcher: iPhone has potential security problems
Security researcher lists ways that determined hackers could use the Web to try to find a way into Apple's iPhone
By Jeremy Kirk, IDG News Service, Info World

September 21, 2007
Apple's iPhone is a tough target for hackers, but a security researcher warned Friday that there are ways the sleek device could potentially be compromised.

The iPhone has no security software, but Apple doesn't let people load third-party programs on the device, reducing the risk of infection from malicious software. But when the iPhone is connected to the Web, possibilities emerge, said Marius van Oers, a security researcher with McAfee's AVERT Labs in Amsterdam.
 

He doesn't claim to have uncovered a specific security hole in the device, but listed several ways that determined hackers could use the Web to try to find a way in.

Apple is relying on developers to create rich Web-based applications that will be accessed through the mobile version of the company's Safari Web browser. Browser flaws are a proven way for hackers to get unauthorized code running on a system, van Oers said.
"It's fairly easy to send someone an SMS (Short Messaging Service) or an e-mail with a Web link," he said. "And once you go to the Web link, then that server can inject code into the iPhone, and if that happens, [a hacker] can have full control."

That's what happened with a Safari flaw found by Independent Security Evaluators, a company that detailed its findings at the Black Hat security conference in August. By constructing a malicious Web site, the researchers injected code into the iPhone and pilfered recent text messages, phone numbers and e-mail. Apple has since patched the flaw.
"Once you get access to the system, it's all over," van Oers said.... More       Comment in the Forums