Beware the iPhone provisioning file hack!
Friday, February 5, 2010 4:20
If you’re going about your day thinking your iPhone is as secure as any other smartphone out there, you obviously don’t know about a newly unearthed security flaw that could give hackers control over your Apple (NSDQ: AAPL) iPhone. Turns out, a method for installing new configuration settings on your iPhone could potentially allow hackers to mess around with your WiFi settings and lock you out of email, Safari or other iPhone apps. Hackers have figured out a way to create iPhone configuration provisioning files to look like they’re coming from a legit Apple source, allowing them to trick people into installing some “update” and hand over control of their iPhone to hackers.
The thing is, Apple probably never intended for their configuration provisioning system to be used to hack an iPhone. The purpose of the system is mainly to allow enterprise fleets to quickly configure each iPhone with settings that adhere to some corporate security policy. The method has been exploited by iPhone modders to quickly enable internet tethering on the iPhone, though, so it’s not too surprising that the provisioning file has been hijacked by hackers.
The hack currently making its way around the web is a configuration file that claims to be “verified” as coming from “Apple Computer.” That’s bad news because, well, because who wouldn’t trust an update digitally signed by Apple? Once a user is tricked into installing the file, they essentially hand over control of major iPhone features to the hacker. That allows a hacker to peek inside your data traffic to learn bank account numbers, passwords, and the like. Also, it’s really hard to clean an affected iPhone of the hack without doing a full restore.
Whatever Apple plans to do about the problem, we have one piece of advice that should keep you safe. Do not install anything on your iPhone that you haven’t explicitly requested. Especially if it looks like the image above and to the left.
[Via: MobileCrunch]
Related News from IntoMobile:
- Will the Apple iPhone be a prime target for hackers?
- Hacker cracks latest iPhone OS, Apple starts looking for iPhone security manager
- If you can hack an iPhone, you can win ,000!
- Apple says iPhone jailbreak supports terrorists and drug dealers
- Apple iPhone v1.1.1 Jailbreak solution may be released later today!
Share this:
Similar Posts:
- Bluetooth vulnerability found in HTC Windows Mobile smartphones!
- iPhone Dev Team brings iPhone data tethering back to life with redsn0w 0.9.3
- iPhone SMS text message bug puts all iPhones at risk
- RIM to Bring GPS-Based Security to BlackBerry OS?
- GV Mobile resurrected as jailbreak app!
