iPhone: Beware the wi-fi security threat

An Australian security expert has warned that enterprises will face new wi-fi security threats thanks to the rise of Apple's iPhone.

Speaking at the IDC SecurityVision conference in Sydney on Thursday, Chris Gatford, senior security consultant for Pure Hacking, told delegates that the arrival of the iPhone in Australia and gradual adoption by business will "elevate risk to a level never seen before".

He said: "We're going to find a lot of executives using the iPhone's push email to combine their personal and business messages... combined with the ever-increasing use [on the iPhone] of web 2.0 applications, there are a lot of vulnerabilities."

"Like it or not, there's about to be a whole lot more risks for a lot of organisations," he added.

Gatford identified wi-fi as being a technology ripe to hack the iPhone, and said its exploitation for malicious purposes would only continue to grow: "Wi-fi spots aren't encrypted ... nor is a great amount of the information you receive from web 2.0 applications."

The Pure Hacking consultant demonstrated how a point-and-click attack can be used to gain access to a victim's Gmail account over a hotspot, using a tool to "sniff out" unencrypted information stored in cookies, and then using a separate tool to dig out the required information to enter someone's personal account without a password.

He noted: "Loads of applications are vulnerable to this kind of attack, Gmail is just one of them."

Original article: iPhones: The Wi-Fi threat to business security from ZDNet Australia