Hackers expose flaw in Apple iPad, iPhone software

BOSTON Wed Jul 6, 2011 6:28pm EDT

A dedicated iPad station is seen in front of an iPhone at the Apple store in New York May 23, 2011. REUTERS/Shannon Stapleton

A dedicated iPad station is seen in front of an iPhone at the Apple store in New York May 23, 2011.

Credit: Reuters/Shannon Stapleton

Related Topics

BOSTON (Reuters) - Hackers have disclosed a bug in software from Apple Inc that security experts said could be exploited by criminals looking to gain remote control over iPhones, iPads and iPod Touch devices.

The security flaw in Apple's iOS operating system came to light on Wednesday as the website www.jailbreakme.com released code that Apple customers can use to modify the iOS operating system through a process known as "jail breaking."

Some Apple customers choose to jail break their devices so they can download and run applications that are not approved by Apple or use iPhone phones on networks of carriers that are not approved by Apple.

Security experts warned that criminal hackers could download that code, reverse engineer it to identify a hole in iOS security and build a piece of malicious software within a few days.

"If you are a malicious attacker, it is fairly doable," said Patrik Runald, a senior researcher with the Internet security firm Websense.

Apple has yet to release an update to iOS that protects customers against malicious software that exploits the flaw.

Apple spokeswoman Trudy Muller said the company was aware of the problem.

"We are developing a fix that will be available to customers in an upcoming software update," Muller said.

Apple has long been vocal against jail breaking, which if done voids the warranty on its devices.

Any security flaw in iOS software -- which runs Apple's iPhone, iPad tablet and iPod Touch -- has the potential to affect millions of devices that are at the core of Apple's business.

Apple has sold 25 million iPads since it launched last year. The company sold over 18 million of its popular iPhones in just the first three months of the year.

Hackers can exploit the iOS vulnerability by creating a malicious PDF document file. It would infect Apple devices when users attempt to open that document, according to Runald.

Once the device is infected, hackers could "do anything they want," Runald said. That includes stealing passwords, documents and emails.

Comex, a 19-year-old hacker from New York State who developed the jail-breaking tool, said that Apple might be able to patch the software before criminal hackers develop software that exploits the bug.

Last time he put out a version of his jailbreaking software, Apple was able to issue a patch before anybody exploited the bug for malicious purposes.

He said that Apple might not be able to move quickly enough this time.

"It's not that hard to reverse engineer," he said via telephone.

(Reporting by Jim Finkle, additional reporting by Poornima Gupta; Editing by Bernard Orr)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (26)
Nasty_Celt wrote:
Without hackers we wouldn’t know about the security flaws in our devices because sure as shi* the companies wouldn’t tell us. Thank You

Jul 06, 2011 7:40pm EDT  --  Report as abuse
JohnFx wrote:
The real issue??? Jailbreaking allows people to use their Apple devices anyway they want to. THAT is what Apple is trying to prevent, so they can retain their control on *your* device that *you* bought.

Why anyone would buy something so crippled is beyond me. No Apple product will ever grace my home until they open their devices to that third party developers and hardware manufacturers can compete.

Jul 06, 2011 8:22pm EDT  --  Report as abuse
scottjahnke wrote:
“Apple has long been vocal against jail breaking”

Hey Apple there is a simply solution for this. If you own an iphone for 2 years allow the person that owns the phone to unlock it and take it to a new carrier as they wish.

Jul 06, 2011 8:30pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.