Feeds

back to article Latest iPhone hacked to blab all your secrets

Dutch hackers have exploited a WebKit bug in mobile web browser Safari to rinse an iPhone 4S of its photos, address book contacts and its browser history. The flaw exists in Apple's iOS 5.1.1 and the latest developer preview of iOS 6, the first public build of which was released last night to fanbois. It should thus affect …

COMMENTS

This topic is closed for new posts.
Gimp

There is no vulnerability

They were simply holding it wrong

14
5
Bronze badge
Meh

Re: There is no vulnerability

Actually, following your logic, holding it wrong would actually close the vulnerability on an iPhone 4 (in a sledgehammer/walnut style). Of course, that issue was fixed on the 4S and 5, so these would remain vulnerable...

0
6
adw

Re: There is no vulnerability

Party pooper. Or didn't you get the joke?

3
1

Eh?

"Email and SMS were not not available because they were sealed off from the hijacked Safari process and separately encrypted."

+

"The CEO of a company should never be doing e-mail or anything of value on an iPhone"

/

" There are a lot of people taking photos on their phones that they shouldn't be taking."

= WTF???

3
5

Re: Eh?

Today somebody hacks the browser and cannot get to the email (but could get to the photos). Maybe tomorrow somebody else hacks the email and cannot get to your bookmarks (but probably still can get your photos). The warning is in general, not as a defense against the specific hack.

Whether the warning is one you should heed, would depend on a proper risk-analysis. "Oh my God, there's an exploit, abandon all hope!" is nearly as silly as "My phone is my castle."

10
0
Anonymous Coward

Re: Eh?

My thoughts exactly - the author evidently just took a few completely unrelated sentences and stuck them on the end of the article. It doesn't say anything coherent and there is no explanation.

Rubbish.

4
2
Silver badge
Paris Hilton

Re: Eh?

"...the author evidently just took a few completely unrelated sentences and stuck them on the end of the article. It doesn't say anything coherent and there is no explanation..."

Note the by-line.

Par for the course.

Adolescent 'look-at-me-I'm-ever-so-clever' scribbling masquerading as grown-up journalism.

0
0

This post has been deleted by a moderator

Wonder if this could be used for jailbreaking the new ios?

As above.

2
1
Silver badge

AC trash talk

Android phones. At least you can install Firefox or Opera (not the shell over webkit iOS one).

It's NEWS because Apple is reported to be the most secure.

3
0

Re: AC trash talk

What odds that Firefox and Opera don't have zero-day vulnerabilities? Before this one was discovered in Webkit every one said much the same about Webkit.

1
2
(Written by Reg staff) Silver badge

Re: AC trash talk

If you're referring to the deleted comment, it was removed for the anonymous abuse. Let's stick to technical discussions.

One thing we forgot to add is that the S III is set to get Android 4.1 Jelly Bean, which has had a lot of NFC fixes and is not the 4.0.4 compromised by the team . Anyway, both hacks are significant in terms of security and skill, and a second story is in the works.

C.

4
1

Re: AC trash talk

Yes but only by apple and the uniformed members of the press

1
1

email

so email couldn't be accessed through the exploit but then there's an express warning not to use email...

1
1

Re: email

Some people use web-mail...

0
0

Re: email

The express warning was for specifically CEOs, which implies to me that you shouldn't rely on email being secure for the sort of documents a CEO would handle.

0
0
Bronze badge
Thumb Up

Re: email

But email addresses reside in the contacts list which was available to the exploit, if I read TFA correctly. Just the addresses of the people that CEOs communicate with in the course of business could facilitate a spear phishing attack, no?

The advice is good, if a bit elliptical: keep your confidential work communications safely on a confidential work communications network.

0
0
Anonymous Coward

Blackberry

They'll be lucky to exploit much on my BB's browser - fucking useless thing crashes on any sites much more complicated that BBC News... :-(

1
1

developer preview of iOS6?

The flaw exists in Apple's iOS 5.1.1 and the latest developer preview of iOS 6, which was made public last night. It should thus affect iPhones...

i take it that is not meant to imply that the latest developer preview was released last night...?

0
0
(Written by Reg staff) Silver badge

Re: nigel 15

Yers, very good. But before you reach for your pedantry badge, consider that the latest developer preview - the gold master - is what will effectively ship to fanbois anyway. Huzzah!

C.

2
2

Re: nigel 15

It's not pedantry. the phrasing is ambiguous at best.

because you know what you meant to write it's difficult to see how it reads to other people. it was constructive criticism. do with it what you will.

0
0
Anonymous Coward

"Email and SMS were not not available"

So, Email and SMS were available, then?

1
0
Gimp

IOS, bleegh but morre serious

Steam also uses Webkit!

So now, the unholy trinity on a (windows) PC; IE, Flash & PDF is made into a Quadrility (if that even is correct english) IE, Flash, PDF .........& Steam

all your games are belong to us... and then some..

are you paying attention, Gabe?

0
1

Re: IOS, bleegh but morre serious

No he's not- he's too busy putting the finishing touches on HL3...

Or at least I hope he is!

0
0

More about the Galaxy S3 exploit

"MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation."

At least Apple was wise enough to leave NFC out of the iPhone 5...

Seriously, paying with NFC when the hardware you rub your phone against can just take it over then seems to be a very bad idea.

They're all fumbling around, all of them.

1
1
Silver badge
FAIL

Aoole software doen't have bugs

These are unannounced, undocumented features - in this case for the US NSA so they can tap all iPhones without difficulty. Their motto is: Your secrets are ours.

1
1
Black Helicopters

What ignorant nonsense

Why bother infiltrating end-user equipment when tapping OC-192s offers so much better value for your time and money?

0
0
Anonymous Coward

Not just iOS and Andorid use webkit

Webkit is a very widely used web engine, and turns up in all sorts of places. Of course, they'd all need their own exploit writing for them independently, since this involves constructing executable code which talks to the OS, assuming the exploit is in all versions of it.

Mind you, I'm yet to be convinced that anything more complex than a microwave oven connected to the internet can't be exploited if someone has a reason to spend the time to hack you.

0
0

Re: Not just iOS and Andorid use webkit

Stuxnet, for one, would seem a point in favor of this suspicion.

0
0
This topic is closed for new posts.