With iPhone launch, a hacker's to-do list

The hacking community is ready pounce on the iPhone, looking for flaws.

When Apple introduced the latest version of its Safari browser two weeks ago, it took the hacking community just hours to start reporting bugs in the beta code. On Friday, the iPhone is likely to get even closer scrutiny from many of the same security researchers. Here's a list of the top items on the typical iPhone hacker's to-do list.

1) Fuzz the Web browser

Apple has made it clear that if you're an independent software developer that wants to write programs for the iPhone, you're going to have to write Web applications rather than software that runs on the iPhone itself. And as the introduction of the Safari 3.0 beta showed last week, Web browser flaws are easy to find.

Security researcher Tom Ferris says he's paid someone to stand in line for him in order to get an early crack at the iPhone. He believes that the iPhone's Safari browser will be similar to the 3.0 beta. And thanks to the iPhone's Wi-Fi support, he expects to be able to run "fuzzing" software that can bombard the iPhone with data over his local network, looking for errors that will cause it to crash.

Ferris says that Safari's support of the Scalable Vector Graphics (SVG) language and the Portable Document Format may provide other avenues for Web attacks. "I'm ready to go," Ferris said. "I've already found some SVG bugs in OS X."

Hackers like Ferris said they discovered nearly 20 bugs in Safari, just hours after the 3.0 release. How many of those will cause the iPhone browser to crash is unclear, but the bigger question is whether or not they will lead to malicious code that the bad guys can actually run on the iPhone.

2) Find a way to debug

Because it wants non-Apple applications to run through the browser, rather than on the iPhone itself, Apple isn't releasing software development tools for its new phone. From a security perspective, this may actually be good news for iPhone users because without any debugging software to tell them what's really going on inside the computer's memory, it will be hard for hackers to develop malicious exploit code to run on the platform. So most iPhone bugs won't do much more than crash the browser.

Though sophisticated hackers could conceivably develop debugging tools for the iPhone it will take more time for real threats to emerge, said Marc Maiffret, chief technology officer with eEye Digital Security. "What you end up having to do is hardware-based debugging which requires physically taking apart the iPhone and using specialized... equipment," he said. "This raises the bar on being able to successfully execute code and hack an iPhone."

3) Take a close look at iPhone's networking technologies

David Maynor, the chief technology officer of Errata Security, made headlines (and enemies in the Mac community) last year by claiming to have discovered wireless bugs that affected the Macintosh. He says that the iPhone's wireless stack is one of the first things that he will be looking at Friday. "I have yet to meet a driver that hasn't had bugs, " he said.

But Maynor is also interested in taking a look at how the iPhone uses Bluetooth, which has been a common source of security problems in other devices.

Because Apple hasn't previously developed its own mobile phone, there is bound to be lots of new and possibly buggy networking code in the device. "One of the things we'll look at as well is the new code that will have to be developed for a phone platform," said Neel Mehta, a researcher with IBM Corp.'s Internet Security Systems division. "With any piece of new code there's always a risk that there could be vulnerabilities in it."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender’s best-in-class security solutions have been awarded Product of the Year. Get cybersecurity that 500 MILLION users already have and trust!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?