Apple iPhone - Hacked and Hi-jacked by ex(?) NSA wire juggler

Charles Miller ex NSA employee, now a security analyst for Baltimore based Independent Security Evaluators claims he can take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code.

Miller demonstrated the hack 'n' hijack to a reporter on the International Herald Tribune by using his iPhone's Web browser to visit a Web site of his own design.

Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages - including one that had been sent to the reporter's cellphone moments before - as well as telephone contacts and e-mail addresses.

"We can get any file we want," he said. Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.

The whole thing is explained at http://www.securityevaluators.com/iphone/with a handy video and FAQ's and a downloaded PDF with more technical gumph. http://www.securityevaluators.com/iphone/exploitingiphone.pdf

The trick appears to take advantage of buffer overflow bug at 1024 bytes in Safari that has been previously reported to Apple (and exploited). If the hole is on the Safari side, it identifies the downside to a phone with a semi-real browser installed — it becomes vulnerable to attack like any other user of the browser on a laptop / desktop machine.

The same problem has been identified with the release of Safari for Windows last month with a great deal more detail available... Apple very swiftly fixed it... and no doubt will fix this claimed vulnerability. Meanwhile stay well clear of unauthorised Wi-fi nodes and don't be misled into looking at sites called http://www.nakedladies.com/

Update : Apple claims a patch fixes this problem Times