The advent of smartphones has helped to propel Internet use across the globe. In countries in the developing world, most users access the Internet exclusively via cellphones. However, these smartphones bring forth a host of new opportunities for cyber criminals to exploit.
The iPhone, Apple’s smartphone, has a number of vulnerabilities that can be exploited remotely. Of particular concern is the way it handles digital certificates (which verify user legitimacy), which could allow a hacker to develop a “trusted certificate” and use it to convince users to download malware on the iPhone.
The attack could possible allow an attacker to change some of the settings, forcing the iPhone user’s traffic through a particular server and conducting man-in-the-middle SSL traffic, according to a post by Dennis Fisher of the Kaspersky Lab.
The vulnerability was first revealed by an anonymous blog post, found here.
Charlie Miller, a security researcher with Independent Security Evaluators, said:
“It definitely works. I downloaded the file and ran it and it worked. The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it’s been verified.”
While the hacker would not be able to run code on the iPhone, they would be able to conduct any number of other actions.
“You can make any part of the phone not work,” Miller said. “You definitely don’t get to run code, but there’s lots of nasty things you can do. You can make applications not work, make it so that you can’t remove this config file. At the very least, you can make someone’s day miserable.”