To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39245602,00.htm

iPhone: Beware the wi-fi security threat
"Like it or not" the business risk is there

By Marcus Browne

Published: Thursday 12 June 2008

An Australian security expert has warned that enterprises will face new wi-fi security threats thanks to the rise of Apple's iPhone.

Speaking at the IDC SecurityVision conference in Sydney on Thursday, Chris Gatford, senior security consultant for Pure Hacking, told delegates that the arrival of the iPhone in Australia and gradual adoption by business will "elevate risk to a level never seen before".

He said: "We're going to find a lot of executives using the iPhone's push email to combine their personal and business messages... combined with the ever-increasing use [on the iPhone] of web 2.0 applications, there are a lot of vulnerabilities."

"Like it or not, there's about to be a whole lot more risks for a lot of organisations," he added.

Gatford identified wi-fi as being a technology ripe to hack the iPhone, and said its exploitation for malicious purposes would only continue to grow: "Wi-fi spots aren't encrypted ... nor is a great amount of the information you receive from web 2.0 applications."

The Pure Hacking consultant demonstrated how a point-and-click attack can be used to gain access to a victim's Gmail account over a hotspot, using a tool to "sniff out" unencrypted information stored in cookies, and then using a separate tool to dig out the required information to enter someone's personal account without a password.

He noted: "Loads of applications are vulnerable to this kind of attack, Gmail is just one of them."