A security concern that makes the Apple iPhone vulnerable to attack has recently been identified although Apple has made no comment. The potential attack operates by sending corrupted SMS messages that allow an attacker to gain complete control over the device. They would have the power to make phone calls and send messages, even operate the camera and access the internet.
A similar problem had been identified on Windows Mobile devices and those using Google Android. While Microsoft and Apple have given no response to Charlie Miller, the researcher who highlighted the problem, Google were quick to take action and issued a patch within a day of it being identified to them.
Because the malicious code can be sent through SMS, which is delivered automatically, there is little phone users can do to stop the attack or block these messages. Once infected the only way to get rid of the malicious code is to wipe the phone and reinstall the firmware. It has also been pointed out that because the security vulnerability will grant complete control of the phone to the attacker, the phone can then be used to forward on more malicious messages to all numbers contained within the contact list.
Although this particular loophole will no doubt be rectified fairly soon, it does highlight the fact that viruses and malicious software that have become commonplace on PCs could soon become a regular feature of mobile phones as well. This could lead to the requirement of anti-virus software for phones with these applications becoming popular downloads from app stores.
However, these vulnerabilities could be more than just a mild nuisance for consumers and cash cow for anti-virus software developers as they have raised serious concerns about privacy. The code could be used to activate a phones GPS to keep tabs on the location of the phone user, and could even be used to activate the phones microphone to listen in on private conversations even when the owner is not making a phone call. This could be a serious problem, with reports last week that a state owned network provider in the United Arab Emirates had been installing spyware on their customers BlackBerry devices, the idea of these loopholes being exploited to infringe on personal liberties is not at all far-fetched.
Tags: Apple-iPhone-3G-S