John Paczkowski

Recent Posts by John Paczkowski

iPhone to Support Third-Party Security Exploit Applications

header.jpgHere’s an unintended, but perhaps inevitable, corollary to the iPhone’s success: the proof-of-concept security exploit. Researchers at Independent Security Evaluators have discovered a vulnerability that could give an attacker unfettered access to an iPhone, with administrator privileges, and they have written a bit of code to demonstrate it. “In our proof of concept, this code reads the log of SMS messages, the address book, the call history and the voice-mail data,” the ISE team explains. “However, this code could be replaced with code that does anything that the iPhone can do. It could send the user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.”

The vulnerability, which can be exploited by an attacker-controlled WiFi point or Web page, hasn’t yet been reported in the wild. And Apple’s working on a fix for it. That said, we’re certain to see others in the months ahead now that the iPhone has been proved vulnerable.

“Anything as complex as a computer–which is what this phone is–is going to have vulnerabilities,” Johns Hopkins professor Avi Rubin told the New York Times. “The irony is that the more popular something is, the more insecure it becomes, because popularity paints a large target on its back.”

Added Steven M. Bellovin, a professor of computer science at Columbia University, “It’s not the end of the world; it’s not the end of the iPhone. It is a sign that you cannot let down your guard. It is a sign that we need to build software and systems better.”

Twitter’s Tanking

December 30, 2013 at 6:49 am PT

2013 Was a Good Year for Chromebooks

December 29, 2013 at 2:12 pm PT

BlackBerry Pulls Latest Twitter for BB10 Update

December 29, 2013 at 5:58 am PT

Apple CEO Tim Cook Made $4.25 Million This Year

December 28, 2013 at 12:05 pm PT

Latest Video

View all videos »

Search »

When AllThingsD began, we told readers we were aiming to present a fusion of new-media timeliness and energy with old-media standards for quality and ethics. And we hope you agree that we’ve done that.

— Kara Swisher and Walt Mossberg, in their farewell D post