A team from Independent Security Evaluators did some security tests on the iPhone and has found a vulnerability in it. The vulnerability enables hackers to retrieve personal information of an unsuspecting victim that is stored in the memory of the phone.
According to the article, those personal informations include “log of SMS messages, the address book, the call history, and the voicemail data”. However, the code used to exploit the iPhone can also be modified to retrieve other sensitive informations like “user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker”.
The hacker strikes by inserting the malicious codes in a web page and lure his victims to it. Such attempts include:
- An attacker controlled wireless access point.
- A misconfigured forum website.
- A link delivered via e-mail or SMS.
The Independent Security Evaluators team advices all iPhone users to follow the steps below to protect themselves from such vulnerabilities:
- Only visit sites you trust.
- Only use WiFi networks you trust.
- Don’t open web links from emails.
If you have an iPhone, make sure you update the software on the next security update.