If you’re going about your day thinking your iPhone is as secure as any other smartphone out there, you obviously don’t know about a newly unearthed security flaw that could give hackers control over your Apple iPhone. Turns out, a method for installing new configuration settings on your iPhone could potentially allow hackers to mess around with your WiFi settings and lock you out of email, Safari or other iPhone apps. Hackers have figured out a way to create iPhone configuration provisioning files to look like they’re coming from a legit Apple source, allowing them to trick people into installing some “update” and hand over control of their iPhone to hackers.
The thing is, Apple probably never intended for their configuration provisioning system to be used to hack an iPhone. The purpose of the system is mainly to allow enterprise fleets to quickly configure each iPhone with settings that adhere to some corporate security policy. The method has been exploited by iPhone modders to quickly enable internet tethering on the iPhone, though, so it’s not too surprising that the provisioning file has been hijacked by hackers.
The hack currently making its way around the web is a configuration file that claims to be “verified” as coming from “Apple Computer.” That’s bad news because, well, because who wouldn’t trust an update digitally signed by Apple? Once a user is tricked into installing the file, they essentially hand over control of major iPhone features to the hacker. That allows a hacker to peek inside your data traffic to learn bank account numbers, passwords, and the like. Also, it’s really hard to clean an affected iPhone of the hack without doing a full restore.
Whatever Apple plans to do about the problem, we have one piece of advice that should keep you safe. Do not install anything on your iPhone that you haven’t explicitly requested. Especially if it looks like the image above and to the left.
[Via: MobileCrunch]