iPhone's location finder can be tricked

Security researchers are reporting two purported security issues with the iPhone today.

ETH Zurich reports on a seemingly innocuous flaw wherein the iPhone's quasi-GPS (cell tower and WiFi triangulation) scheme can be fooled into displaying an incorrect location to the user. The system can be tricked by impersonating known locations (falsifying MAC addresses) and jamming actual, local access points. Researchers write: "These actions created the illusion in localized devices that their locations were different from their actual physical locations." In a test case, one of the devices was misleadingly induced to show its position as being in New York City, whereas the correct position was Zurich (Switzerland).

Meanwhile Radware reports on a denial of service (DoS) vulnerability in the MobileSafari browser included with iPhone OS 1.1.4. The vulnerability is triggered when a user opens an HTML page with specific JavaScript code. The likely vectors are spam mail or spam SMS. According to researchers "The user will experience an application level DoS which results in crashing the Safari browser and which could go as far as crashing the entire iPhone appliance." No further details on the flaw are provided.

Feedback? info@iphoneatlas.com.