The latest darling of the gadget-crazy crowd, the iPhone, was hacked into by researchers from a company called ISE.
http://www.securityevaluators.com/iphone/
The video clearly demonstrates how the iPhone was hijacked, and their site also lists how to avoid this security breach (and how one could fall into the trap set by the hackers).
It's a question of trust -- the SSID picked up by the iPhone, if it happens to be trusted previously, is automatically used. When that happens, you are essentially going through the hacker's network, and he could easily replace a rogue webpage for the one that's being requested. This rogue page would have the necessary code to extract information from the device. Simple - but very dangerous.
As more and more companies take to giving their execs and even lower-level personnel access to such devices, they multiply their risks exponentially. We all know how Paris Hilton's phone got hijacked -- and so many details came out that must have embarrassed her. Now imagine this happening to a high-profile, high-security firm (God forbid - the DHS!) or large law firms. So many secrets...
I'd recommend that users be trained in depth about the security vulnerabilities of such gadgets -- forget the convenience for a second -- before they are permitted to operate one. All devices must have password protection at boot-up, and for launching certain applications/documents. Further, they should have a master password in case the user forgets the actual password.
I don't know if the iPhone supports such features, but it'd be worth a look if Apple wants to get big companies to get them for their fawning execs.
My personal opinion - if you MUST use data-sieves like these, do NOT STORE any information that you wouldn't want to see on a public website somewhere. Just store songs and nothing else.
Be sure to delete all IM, conversation logs, documents, personal information that you may have stored 'temporarily' for the sake of 'convenience.'
Be safe!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment