Major iPhone Security Risk Found

In the strangest twist of hacking news, you might want to be wary about e-mails with attachments, as it’s been discovered that a new hack can literally tap into your router through your iPhone.

According to Information Week, security researcher Bogdan Calin identified the cross-site request forgery (CSRF) and decided to let people know about the dangers of not changing the default username and password for your router, saying…

Thanks to the exploit, an attacker could change the router’s DNS settings to point to an attacker-controlled server, enabling them to run a clickjacking scam — redirecting users’ search requests to sites of the attackers’ own choosing — as well as to eavesdrop on all Internet traffic flowing to or from the router.

If this sounds bad, it actually gets worse. The hack attacks can come in the form of relatively simple image attachments that look like the background of your e-mail client. This means that once you open the e-mail you could be subject for a hack attack. Calin further explains…

“Any router that accepts configuration changes from GET parameters and doesn’t protect against CSRF should be vulnerable to this simple attack,” … “I can also confirm that this attack works on iPhone, iPad and Mac’s default mail client,”

Make sure to change your router’s username and password to anything other than the default factory settings and be wary of malicious looking e-mails you get from people you don’t know.