Monday, July 23, 2007

Get Ready for the iWorm

The Safari browser shipping with the iPhone has been hacked by researchers at Independent Security Evaluators, based in Baltimore.

Charlie Miller, who used to work at the NSA before going over to ISE, appears to have based his attack on a buffer overflow exploit he originally found while researching Safari on his Mac - and planned to reveal next month at Black Hat. He said after the hack he was in "complete control" of the hacked iPhone.

Here's how the New York Times described the attack (I take it that the fact that ISE's web site points to this article establishes this as the "official" version of events - either that or they just think the NYT picture of Miller on his iPhone is cool - which it is):

Dr. Miller, a former employee of the National Security Agency who has a doctorate in computer science, demonstrated the hack to a reporter by using his iPhone’s Web browser to visit a Web site of his own design.

Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages — including one that had been sent to the reporter’s cellphone moments before — as well as telephone contacts and e-mail addresses.

“We can get any file we want,” he said. Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.

This is a pity on many levels. I got to play with the iPhone browser the other day, and it provides a superlative - and extremely responsive - user experience.

But, that said, user experience and coolness counts for less if someone can steal your files, copy your text messages, mess up your game stats, or make phone calls from your phone via your iPhone browser.

The vulnerability is still very new, but with hundreds of press articles likely to land at the feet of the first hacker to design the "iWorm", you can bet there are already several folks out there lining up cases of RedBull and cracking their knuckles.

What does this mean for Apple? It means, with 15% share of the 2007 laptop market and millions of iPhones/computers likely to ship the same year, that they are finally becoming big enough in terms of market share to grab the attention of hackers.

Apple shareholders should read this news as positive. After all, the iPhone security vulnerability will be fixed in short order - that's what operating system developers and security companies, such as Authentium, do for a living.

Will there be more vulnerabilities? Of course - with success comes attention. Parasites love a healthy host, and the iPhone appears to have a long, healthy life in front of it.

No comments: