iPhone Vulnerable to Security Certificate Flaw Attacks

Apple's iPhone looks to be susceptible to potential phishing attacks thanks to a flaw in the way the combination iPod and smartphone handles authentication certificates.

The flaw, outlined at the Cryptopath Web site, details the process where someone could create their own authentication certificate that poses as an authentic Apple certificate and change root-level settings on the iPhone and iPod touch.

Apple uses authentication certificates to tell the iPhone and iPod touch when legitimate system changes are being issued. By tricking users into thinking they are installing a legitimate update, the malicious certification file can be used to allow settings changes, potentially rerouting all of the victim's online data activity through the attacker's servers.

Testing has shown that it isn't difficult for someone to obtain temporary certificates from VeriSign that can be used to exploit the flaw. Once installed on a victim's iPhone or iPod touch, the attacker can potentially siphon off user data, but can't remotely install or run applications.

VeriSign routinely issues unverified temporary certificates so users can test how their full verification system works, and those certificates include warnings that they shouldn't be trusted. The certificate verification system in the iPhone and iPod touch, however, apparently doesn't check for VeriSign's built-in warnings before accepting an authentication certificate.

It doesn't appear that anyone is actively exploiting this flaw, but the steps necessary to create a bogus authentication certificate that the iPhone accepts as legit are available online and easy to follow. Once created, however, it's up to the attacker to find ways to trick users into installing the certificate.

To avoid getting stung by this potential security flaw, iPhone and iPod touch owners should follow the usual safe practices of avoiding Web sites they don't trust and staying away from hacks from untrusted sources.