Security Firm: iPhone Gets Hacked

The iPhone can easily be accessed, leaving personal information in the open.

July 23, 2007 — -- It seems the so-called "Jesus Phone" is not so perfect.

According to a security consulting firm, the iPhone can easily be taken control of by hackers, leaving your personal information out in the open.

According to the Maryland-based firm Independent Security Evaluators, hackers can take over an iPhone if a user accesses a Web site designed by the hacker.

For example, an attacker can send an iPhone user an e-mail that says, "'Check this link out. It's great,'" Charles Miller, the firm's principal security analyst, told

If the user then clicks on the link to the site, the person controlling the site can access anything on the user's iPhone, including text messages, e-mails, phone numbers and address books. In other words, hackers can access "stuff you don't want people to know about," Miller said.

If hackers connect the server to a computer, as the security firm did, then they can download all of the information.

"People put all sorts of information on it. It's important that they work properly," Miller said of the phone. "That was our main motivation. We want to make sure we can feel safe and comfortable carrying them around."

Potentially, the method can also be used to send text messages and dial calls from the phone, although Miller said that Security Evaluators did not test for this capability specifically.

Public Wi-Fi a Concern

The firm began looking into potential security issues last Monday when the company's founder, Avi Rubin, was showing off his iPhone, Miller said.

"He gave us the proposition," Miller said. "'If you guys think you can do it.' He gave us a week and an iPhone to play with."

When the firm made the discovery last week, it called Apple to warn about the issue.

"They haven't said a whole lot to us," Miller said. "They basically acknowledged that they were looking into it."

Apple told that the company is looking into the firm's report.

"We always welcome feedback on how to improve our security," said Lynn Fox, an Apple spokeswoman.

The security firm also found that the iPhone could also be hacked using a public Wi-Fi connection, for example at an airport or a coffee shop, if the hacker set up an additional wall between users and the connection.

"I can basically sit between you and the real Web server you're talking to," Miller said. If the user connects to any Web page, the hacker can take control of the iPhone and the owner's information.

Although the test was only for the iPhone, Miller said that if future Wi-Fi capable phones have similar flaws, they probably can be accessed in a similar way.