Tech security firm claims iPhone vulnerable to hack

SAN FRANCISCO - A computer security firm said Monday that it had found a way to hack into Apple's new iPhones, take command of the devices and steal stored information.

Researchers at Independent Security Evaluators (ISE) said they were able to slip past the iPhone's defenses through Wi-Fi connections, or by tricking users into visiting websites that secretly implant malicious computer code.

ISE said by tricking iPhone owners into downloading the code or luring them into traps at wireless (Wi-Fi) "hot spots," hackers can turn the devices into "zombies" under their command.

The vulnerability is in the Apple Safari web browser used by iPhones to access the Internet, according to ISE security analyst Jake Honoroff.

"An attacker who can get a user to go to a website that they control can basically take complete control of the iPhone through a flaw in mobile Safari," Honoroff told AFP.

"They can really do anything the iPhone can do; read any file, passwords, text messages, call history, contacts and other stuff."

A hacker can even activate iPhone recording features, turning devices into "bugs" planted on owners, Honoroff said.

ISE has shared the discovery, along with a way to patch the vulnerability, with Apple.

ISE specializes in testing computer security by attacking systems online.

"We are looking into the report submitted by ISE and always welcome feedback on how to improve our security," Apple spokeswoman Lynn Fox told AFP. "We take security very seriously."

Apple has not heard of any iPhones being "hijacked" by hackers, according to Fox.

The key to the hack is luring people to bogus websites where malicious computer code is automatically downloaded to visitors' iPhones, Honoroff said.

In a practice referred to as "phishing" or "social engineering," hackers trick people with e-mails claiming to be from legitimate businesses or promising rewards if recipients click on enclosed computer links.

Links in the messages connect to bogus websites rigged with malicious computer codes or asking for sensitive information such as passwords or personal financial data.

"Traditional phishing can be just trying to get a user to enter bank account numbers," Honoroff said. "In this case all they would have to do is get the person to click on the link and that would download the exploit."

Hackers could also get malicious code onto iPhones by operating wireless access "hot spots" and then routing iPhone-using visitors to rigged websites, according to Honoroff.

Software savants have been trying to hack the iPhone since it went on sale in the United States in June, mostly in an effort to break the exclusive bond it has with service provider ATT.

Infamous Norwegian hacker Jon Leck Johansen claims on his online blog that he has found a way to activate the iPhone's music and Wi-Fi features, but has yet to do the same with the telephone capabilities.

yahoo.com/