Baltimore-based Independent Security Evaluators, which tests its clients' computer security by hacking it, said on Monday that three employees found a way to take control of iPhones through a Wi-Fi link or by tricking users into going to a Web site.
Charles Miller, principal security analyst at the firm, said a security weakness allows someone to take control of Apple's Safari Web browser and see other applications on the device at the same time, which could potentially make users of Macintosh desktop computers vulnerable to attacks.
"The same problem actually exists on Apple's desktops," said Miller. But he added that while his firm had identified the risk for both desktops and phones, it had written only the code necessary to hack into the iPhone.
The security consultants, who took about a week and a half to work out the move, said they were able to take control of an iPhone and make calls or send text messages, as well as access e-mails, voice-mail, address books and call and Web browsing history.
Miller said his company gave details about the hack and a potential security patch to Apple, but did not publicly release the details.
"We're looking into the report submitted by (Integrated Security Evaluators) and we always welcome feedback on how to improve our security," Apple spokeswoman Lynn Fox said.
Miller said Apple could have avoided the risk by eliminating links between the browser and other applications.
"It turns out that on the iPhone there are probably some basic things they could have done that would have made it better," said Miller.
The claim comes more than three weeks after Apple and AT&T Inc. (T.N: Quote, Profile, Research) started selling Apple's first cell phone, which includes a music and video player as well as a Web browser.
As many as 700,000 iPhones were sold on the first weekend after the June 29 launch, according to analyst estimates.
Days after launch, a well-known hacker Jon Johansen, claimed to have overcome restrictions on the iPhone, allowing highly technical users to bypass AT&T's network to use the phone's Internet and music features.
While cell phones have not historically been as vulnerable to attack as desktop computers, some experts worry that phones take on greater risks as they add more computer-like features.
Miller said he had not looked into security on other mobile phones to see how they compare to the iPhone, but said the more complex a system is, the greater the likelihood is that it will have problems.
source: reuters.com