There is no vulnerability
They were simply holding it wrong
Dutch hackers have exploited a WebKit bug in mobile web browser Safari to rinse an iPhone 4S of its photos, address book contacts and its browser history. The flaw exists in Apple's iOS 5.1.1 and the latest developer preview of iOS 6, the first public build of which was released last night to fanbois. It should thus affect …
"Email and SMS were not not available because they were sealed off from the hijacked Safari process and separately encrypted."
+
"The CEO of a company should never be doing e-mail or anything of value on an iPhone"
/
" There are a lot of people taking photos on their phones that they shouldn't be taking."
= WTF???
Today somebody hacks the browser and cannot get to the email (but could get to the photos). Maybe tomorrow somebody else hacks the email and cannot get to your bookmarks (but probably still can get your photos). The warning is in general, not as a defense against the specific hack.
Whether the warning is one you should heed, would depend on a proper risk-analysis. "Oh my God, there's an exploit, abandon all hope!" is nearly as silly as "My phone is my castle."
"...the author evidently just took a few completely unrelated sentences and stuck them on the end of the article. It doesn't say anything coherent and there is no explanation..."
Note the by-line.
Par for the course.
Adolescent 'look-at-me-I'm-ever-so-clever' scribbling masquerading as grown-up journalism.
If you're referring to the deleted comment, it was removed for the anonymous abuse. Let's stick to technical discussions.
One thing we forgot to add is that the S III is set to get Android 4.1 Jelly Bean, which has had a lot of NFC fixes and is not the 4.0.4 compromised by the team . Anyway, both hacks are significant in terms of security and skill, and a second story is in the works.
C.
But email addresses reside in the contacts list which was available to the exploit, if I read TFA correctly. Just the addresses of the people that CEOs communicate with in the course of business could facilitate a spear phishing attack, no?
The advice is good, if a bit elliptical: keep your confidential work communications safely on a confidential work communications network.
"MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation."
At least Apple was wise enough to leave NFC out of the iPhone 5...
Seriously, paying with NFC when the hardware you rub your phone against can just take it over then seems to be a very bad idea.
They're all fumbling around, all of them.
Webkit is a very widely used web engine, and turns up in all sorts of places. Of course, they'd all need their own exploit writing for them independently, since this involves constructing executable code which talks to the OS, assuming the exploit is in all versions of it.
Mind you, I'm yet to be convinced that anything more complex than a microwave oven connected to the internet can't be exploited if someone has a reason to spend the time to hack you.