The game is on for hackers trying to spot security vulnerabilities in Apple’s iPhone and already they’re scoring points. Less than 72 hours after the iPhone’s introduction, researchers have reported at least one flaw that could allow an attacker some level of control over the device, while other hackers have uncovered passwords hiding in Apple software that could prove key in gaining root access, they said.
The most serious flaw, reported by Errata Security, resides in the iPhone’s Safari browser. By effecting a buffer overflow in the application, an attacker can take control of the browser and run code on the device, said Robert Graham, CEO of Errata.
“The scenario that seems most attractive is to have the phone dial 900 numbers,” Graham said, noting an age-old attack that allows criminals with ties to fee-based phone services to profit each time an infected computer dial the number.
Among the advances made to date, hackers have discovered the password the iPhone requires to give an application root access is, amazingly, “dottie” (minus the quotation marks). A second password for mobile access is “alpine.”