Although this program is something people would seek out, the weaknesses that its authors discovered could easily be used for malice, security experts say.
There is an irony in the controversy: The site distributing the program offers a fix for the problem, but to get the fix, a user has to first install the program in question. So a user must defy Apple’s restrictions to get the protection until Apple comes up with a fix of its own.
Charlie Miller, a prominent hacker of Apple products, said it likely took months to develop the program to break Apple’s restrictions, but a criminal might need only a day or two to modify it for nefarious purposes.
Apple Inc. spokeswoman Bethan Lloyd said Thursday the company is “aware of this reported issue and developing a fix.” She would not say when the update will be available.
One reason for gadget owners to take heart: Attacks on smartphones and other Internet gadgets are still relatively rare. One reason is PC-based attacks are still highly lucrative.
Still, vulnerabilities such as the ones Apple is confronting show that consumers should take care of securing their mobile devices as they would their home computer.
“These things are computers — they’re just small, portable computers that happen to have a phone tacked onto them,” said Marc Fossi, manager of research and development for Symantec Security Response. “You’ve got to treat them more like a computer than a phone. You have to be aware of what’s going on with these devices.”