It had to happen at some point. A group of security experts from a company called Independent Security Evaluators figured out a way to sneak past the iPhone’s defenses and pull off the user’s personal information. To do so, the group set up a web page with malicious code. In the experiment they ran, if someone accesses this page through a Safari browser, the code grabs the person’s text messages, the call log, address book, and voicemail data, then makes it all available to the hacker. But the group added that it could tweak the code to swipe passwords, too—it can essentially pull out anything they want.
Don’t go switching off your iPhone, though. The group has warned Apple already, and suggested a possible fix. There’s also no evidence that anyone has tried this with bad intentions. For those of you who are concerned, Independent Security Evaluators suggest taking the same precautions you would with a laptop. Use only secure WiFi, and don’t visit suspicious Web pages, and don’t click through links in shady emails. Computer scientist Charlie Miller, one of the team members, will be presenting the detailed results of their study at the BlackHat computer security conference in Las Vegas on August 2.—Gregory Mone