Every major operating system is suseptabile to some kind of bugs or security holes. These issues range from the minor "oops" to the major "turn off your device until there's a fix, or your brain will be fried," holes.
The iPhone operating system isn't immune, and it seems that every other month we are finding out about a new bug or security hole that causes concern amongst users.
Let's take a look back at some of the biggest gaps in iOS security we've seen in the past. Simply hit the jump:
1) Make Calls/View Contacts on Locked Phone – iOS4.1 – This one was the most recent of the security holes found in iOS. It actually happens to be just like one that was discovered a couple of years before. With a locked iPhone on iOS4.1, a user could bypass the security code by using a certain sequence of actions: Hit emergency call, enter a non-emergency number, tap the call button and immediately hit the lock button. It was fairly simple but it allowed anyone with the phone in hand to see your iPhone contact list and their numbers, etc. The good thing is that someone has to actually have access to your phone to do it, the bad part is that if someone steals the phone, or it gets misplaced (this can easily happen), someone can access that information rather quickly. This is the only exploit that currently remains open, but Apple will be releasing the fix with their firmware update in November.
2) The First Locked Phone Security Hole – iPhone OS 2.0.2 – This one was a bit easier to accomplish, and was probably a bit more dangerous than the 4.1 hole. Users simply tapped emergency call then double-tapped the home button. This allowed users full access to email, SMS contacts and the Mobile Safari.
3) PDF Vulnerability – iOS4.0 – This was the exploit that was exposed by JailbreakMe. It was discovered that the iPhone automatically downloads PDF files. The jailbreak code was put in the FlateDecode stream section of the PDF, which let it run to easily jailbreak your device. The issue was fixed rather quickly, and luckily it wasn't used for any malicious purposes. However, the exploit could have easily been used to do damaging things to an iOS device.
4) The SMS Bug – This was by far the most frightening bug on this list. Where the other exploits required certain user actions, or for a person to have physical access to your phone, this exploit worked through SMS messages. Somehow, a series of invisible SMS messages could be sent to a phone, hijacking the device. From there, it was reported that the hacker could control "all the functions of the iPhone" such as email, dialing, the contact list and even sending more text messages that would allow the hacker to hijack even more phones. The researchers were able to prove that the exploit was real by taking over a CNET reporter's iPhone on OS 3.0. The bug was fixed, and luckily, no incidents (that we know of) were ever reported.
5) The Email Leak – This one wasn't so much of a problem with iOS as it was with AT&T. Still, it was done by looking at iPad 3G ICC IDs, and led to the leak of at least 144,000 email accounts, many of which belonged to high-profile people such as the CEO of the New York Times Co. and former White House Chief of Staff Rahm Emanuel. While more of the blame should probably be placed on AT&T, Apple chose to keep quiet about the incident. AT&T offered an apology and fixed the problem.
Time to Worry?
Probably not. As mentioned before, every OS can be exploited by those who want to cause harm to others. Being careful about how you use your device is probably the best precaution one can take. We are sure that with new updates, some issues will be patched and new ones will be opened.
Who knows what's next?