Experts discover major security flaw in Apple's iPhone

Security experts from Independent Security Evaluators (ISE), a company that hacks into clients' devices for testing their safety, claim that they have found a flaw in Apple Inc.’s iPhone that lets hackers take control over company’s much-hyped mobile phone.

According to ISE security researchers, Apple's hugely popular iPhone can be breached by using a Wi-Fi connection, enabling hackers to take command of the devices and steal stored information.

Experts from the computer security firm, which tests its clients' computer security by hacking it, said hackers could take control of the device if its owner visits a doctored Web site or Internet hotspot. They said by luring a user to access a web site that contains a trick code they were able to breach security of the Apple iPhone, using a connection to a Wi-Fi network.

According to the computer experts group, the web page could contain malicious code that can access personal data stored on the iPhone, and hackers remotely could tell the phone to send files via the wi-fi connection.

Founded by Johns Hopkins University professor Avi Rubin, the Baltimore-based security research firm includes several security analysts, of whom some are Ph.D. in Computer Science and in Math, while some possess Masters Degree in computer science and security informatics.

ISE security analysts have warned the Cupertino, CA-based Apple of the vulnerability that affects the company’s latest gadget. However, they say the security flaw is only theoretical for now. As yet there are no reports of criminals actually taking advantage of the security glitch to remotely take control of iPhones.

Charlie Miller, principal security analyst at ISE, and also a former employee of the National Security Agency, admitted that efforts by iPod/Mac maker to make the iPhone a secure environment are, though, significantly impressive, but said "once you did manage to find a hole, you were in complete control."

Miller said by visiting a site designed by him via the iPhone he was able to hack into the multifunctional iPhone. This bogus site injected a malicious code into the phone after which it promptly started following hacker’s instructions to transmit text message files, telephone contacts and e-mail addresses to the attacking computer, he added.

This is the first flaw reported in Apple's revolutionary iPhone, an all-in-one cell phone/iPod/pocket computer which went on sale on June 29. Priced at $499 for 4-gigabyte model and $599 for an 8-gigabyte model, this much-hyped combination device accumulates three amazing products, a revolutionary mobile phone, a widescreen iPod with touch controls, and a breakthrough Internet communications device with desktop-class email, web browsing, maps, and searching, into one small and lightweight handheld device.

The company, which discovered the flaw, also has advised a software patch to fix the problem.

Apple spokeswoman Lynn Fox confirmed the company had received the ISE report. She said Apple is looking into ISE's report, but declined to say if there are plans for a patch.

“Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," she said. “We're looking into the report submitted by I.S.E. and always welcome feedback on how to improve our security."