Security Vulnerabilities highlighted by hackers targeting the iPhone

Apple's iPhone is officially available at, September 10, June 29. To buy it, some Americans even waited in a queue for "camping. As soon as the iPhone was sold, it was targeted by security personnel (including hackers, of course). In less than 72 hours of its release, security personnel reported that, they have discovered at least one vulnerability that can be attacked and gain partial control permissions. At the same time, some hackers claimed they had discovered a password hidden in Apple software that could gain root privileges.

Errata Security reports that the most serious iPhone error exists in the iPhone's Safari browser. Errata CEO Robert Graham said: "The buffer overflow vulnerability in the iPhone Safari browser allows attackers to fully control the iPhone and run any code on the iPhone. Taking into account the ancient attack methods, hackers can use computers that intrude into the system to call toll-based phones and make profits from them, hackers who have successfully exploited the iPhone vulnerability can also use the controlled iPhone to make a profit by dialing "900 phones."

Errata Security also announced a vulnerability in the iPhone Bluetooth function. By using fuzzer to test the vulnerability, it is found that attackers can easily use conventional methods to completely lock the iPhone.

At present, Apple representatives have not responded to questions about iPhone security.

Since the release of the iPhone last Friday, hackers have been scrambling to discover security vulnerabilities in the iPhone or try to perform operations that are not allowed by designers on the iPhone. Researchers are currently trying to unlock the iPhone so that it can be used on networks outside AT&T, or run Linux on the iPhone, the researchers said they have been making progress.

IPhone researchers even built a Wiki on the Internet about iPhone security to share their findings on the iPhone, such as how to unlock the iPhone and enable it to run third-party software.

So far, a relatively successful example is that a hacker has discovered the password required for the root access to the application on the iPhone, one of which is "dottie" (remove the quotation marks ), the other password "alpine" (remove the quotation marks ).

Kevin Finisterre, a researcher at a neutral institution, said that although no one has been fully granted the root permission to access the iPhone, he thinks this is only a matter of time. At the same time, Finisterre said: "Not many people buy an iPhone just like me, and not everyone will be willing to spend $500 to buy the iPhone. However, once the iPhone is popularized, I believe there will be more novel things about the iPhone ."