A group called Security Evaluators hacked the iPhone with less than two weeks of part-time work, and has notified Apple of its vulnerabilities.
Here’s how easy they say it is to hack the iPhone:
- A hacker takes over a wireless access point. User of iPhone comes into the area controlled by that access point, and comes under the control of the attacker.
- User of iPhone goes to a website with a forum with improper security. Attacker posts a message on the forum that contains malicious code, and user of the iPhone is vulnerable upon accessing that message.
- Attacker sends a link to an iPhone user, and the user goes to the linked page, which contains the malicious code.
Once an iPhone user is under control of the attacker, the attacker essentially has administrative privileges on the victim iPhone. They can read the address book, the call history, the voicemail, and the SMS messages. All information can be transmitted to the attacker. Passwords could also be sent.
Apple is not currently aware of any real-life compromises of iPhones, but the threat still exists.