Security Researchers Identify Flaw in Apple Mobile Devices

Feb. 11, 2011 - PRLog -- Technological advancements have enabled vendors to develop mobile applications, which have enhanced features and provide greater utility to the end user. However, threats have also evolved concurrently with technological advancements.

Recently, security professional identified a security flaw in iPhone, which allows unauthorized access to passwords stored on a device. Researchers affiliated to Fraunhofer Institute for Secure Information Technology, Germany were able to extract all passwords on an iPhone, which supports Apple iOS operating system device within six minutes. Criminals must have access to a physical phone. They may run a software program to bypass the encryption system of the iPhone and source the passwords from the device. All other devices, which support Apple iOS operating system, are susceptible to the security breach.

The credentials are stored in the iOS Keychain. Researchers exploited the flaw in the key chain to extract data. Criminals may gain access to loads of confidential data such as online banking credentials, e-mail passwords, corporate e-mail passwords and authentication details pertaining to the accessed websites from the device. The extracted information may be used to gain unauthorized access, misrepresentation and illegal funds transfer among others. Once the attackers have access to an e-mail account, they can compromise the user accounts of social media sites such as Facebook, LinKedIN and other online sites. The security flaw poses threat to information security. iPad devices are also vulnerable to such security breach.

Ironically, the revelation comes at a time, when major computer security firms have warned against increased threat to mobile security. Developers must conduct ethical hacking to identify security lapses in the devices. Fortunately, the purpose of the researchers was to highlight the security threats.

Information security professionals must identify new ways to secure iPhone and similar devices. Mobile applications must have in-built security features to defend against breaches. The devices must have stronger encryption systems. Users must use strong passwords. They should also maintain different credentials for accessing different online accounts.  

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).