At the Black Hat security conference in Las Vegas, an iPhone security flaw has come to light. The iPhone security flaw–which exploits a weakness in SMS text messaging to take control of the device–appears real, but will probably be addressed before it becomes a serious issue.
Apparently hackers can exploit this vulnerability to knock users off the network and there is a risk of personal information being stolen. The hacks have been tested on four iPhones on a German network, and the folks over at Black Hat think criminals only need about two weeks to write software to exploit this vulnerability.
What are users to do? Should we turn off our phones and wait for Apple to address the issue? Perhaps. Perhaps we should also disconnect our computers from the Internet and forgo all electronic communication while we’re at it. In fact, why not cancel all our credit cards, empty our bank accounts, and keep our money under a mattress? Now that we live in this highly interconnected world, security is an ongoing issue. Personal information about virtually everyone is available on networked computers. It shouldn’t be assumed that any of these systems are unhackable. Since the iPhone is such a hot item, the minutia of its every issue is immediately broadcast around the world. The announcement that the iPhone has security vulnerability probably isn’t as scary as it’s being made out to be.
I don’t mean to underplay the severity of the issue. Clearly it needs to be addressed. Surely Apple, which proudly markets just how secure its computers are, takes this issue seriously and wants to protect its image of ironclad security.
The truth is that there are millions of iPhones in use today, and while many have been jailbroken, I am unaware of a single report of someone having their phone hacked in the wild. Of course, this might change now that the cat is out of the bag, but I wouldn’t lose any sleep until there are reports of iPhones actually being exploited.
Michael Scalisi is an IT manager based in Alameda, California.