The popularity of the iPhone has hackers targeting the device since the much hyped launch at the end of June. This time, researchers at Independent Security Evaluators (ISE) say they have written two exploits that could allow malicious users to take control of the device and compromise personal data.
Researchers used an iPhone to surf to a malicious HTML document that caused an outbound connection to a server over the embedded Wi-Fi. The compromised iPhone then sent personal data including SMS text messages, contact information, call history, and voice mail information over this connection. A second exploit, using a different script, enabled the researchers to control hardware functions such as vibration, placing phone calls and recording audio.
According to the security researchers, the iPhone software does not utilize adequate security practices, and since all major processes run with administrative privileges, a compromise of any application gives an attacker full access to the device.
"These weaknesses allow for the easy development of stable exploit code once a vulnerability is discovered," the researchers wrote in a whitepaper.
The researchers were unwilling to divulge any more details about the exploits until the Black Hat security conference in Las Vegas in August, but Apple has been given the research findings.