Now that the euphoria surrounding the launch of Apple Computer’s iPhone has died down, the gizmo’s once again made it to the headlines… and how?
SPI Labs’ security researchers have cautioned iPhone users not to use the ‘Web Dialer’ feature that allows them dial telephone numbers over the Web through iPhone’s Safari browser
Lead researcher with SPI Labs, Billy Hoffman, explained that hackers could exploit a bug in this feature, and trick victims into making phone calls to expensive ‘900’ numbers. Else, hackers could misuse the feature to keep tabs on phone calls made by victims over the Web. Hoffman said in this way, either the iPhone could be stopped from dialing out altogether or made to dial endlessly.
The way the attack works, according to Hoffman, is when hackers either trick iPhone users into visiting a malicious Web site or get a trusted Web site to send dicey information to iPhones using what’s called a cross-scripting attack.
Hoffman warned that every time content getting sent to the iPhone is controlled, the possibility of an attack exists. And that as the vulnerability can be launched primarily from Web sites, anyone with an iPhone is at risk of getting exploited.
SPI Labs said it has contacted Apple, and that the duo are working towards some sort of a solution for this problem.
Meanwhile, a couple of iPhones have reportedly rendered extensive sections of Duke University Campus’ Wi-Fi network dead/useless. With network officials still trying to figure out the reason.
Duke University houses nearly 13,000 students during the course of the year. At last count, about 150 iPhones have been registered at the institution, which boasts dozens of Wi-Fi hotspots across it’s three main campuses.
A harangued network staff did manage to track the problem back to ill-mannered iPhones that were flooding the routers with fake Internet address requests at the rate of nearly 18,000 per second, which is like devouring about 10Mbps of precious bandwidth.
Miller said though they cannot point out to a particular reason for the problem, the needle of suspicion does point to the very aggressive manner in which iPhones deal with dropped Wi-Fi signals.
Either that or the problem could be due to a design flaw, wherein iPhones use the Address Resolution Protocol (ARP) to request the MAC address of the destination node, for which they already have IP addresses. When the iPhone does not get an answer, it just keeps asking…
[Submitted by Imran Asad]