Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


iPhone Turned into Pocket-Sized Hacking Platform



 By: Lisa Vaas
2007-10-02
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. iPhone Turned into Pocket-Sized Hacking Platform
  2. ' iPhone Turned into Pocket'

Rate This Article:
Poor Best
iPhone Turned into Pocket-Sized Hacking Platform
( Page 1 of 2 )

All iPhone applications run with full root privileges and any application vulnerability means winner takes all.

The iPhone has been turned into a "pocket-sized … network-enabled root shell," said H.D. Moore, thanks to the well-known security researcher having published shell code for the smart phone and instructions on how to use it as a portable hacking platform.

Because of his work, Moores highly popular Metasploit Framework penetration-testing tool can now be used to easily write point-and-click exploits targeting iPhone application vulnerabilities—exploits that will give an attacker complete control of the device, given that all of the phones applications run with root access.

Moore on Sept. 25 published details of his recent work on the iPhone.

Resource Library:
Besides publishing shell code, Moore revealed multiple security chasms on Apples device: The first and most shocking is that each and every process running on the iPhone—from the mobile version of Apples Safari browser to its mail client and even the phones calculator—all run with full root privileges. What that means: A security vulnerability in any iPhone application can lead to complete system takeover.

"A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list and phone hardware. Couple this with always-on Internet access over EDGE and you have a perfect spying device," Moore said.

Others agree. "The shellcode combined with the number of bugs present in the iPhone finally make mobile attacks a real threat," wrote Errata Chief Technology Officer David Maynor in a blog posting.

Charlie Miller—a researcher with Baltimore-based Independent Security Evaluators, and one of a trio who were first to unveil security issues with the iPhone and release iPhone "vibrate" shellcode at Black Hat 2007—told eWEEK in an interview that he wishes hed been able to use Metasploit when he was writing exploits for the gadget back in July.

"It will certainly make life easier" for others who write exploit code for the iPhone, he said. "Metasploit is the go-to point-and-click [pen-testing] interface. Its really designed to help you write exploits and deploy [them] in ways anyone can use. Jailbreak [another development tool] was available [at the time Miller was writing exploits]. But now [Moore] has Metasploit where you can right away build payloads that run as executables on the iPhone."

As it is, within three days of the smartphones July launch hackers cracked the iPhones firmware, finding not only that the phone runs on a Unix-like operating system but going so far as to extract the master root and other system passwords.

Click here to read more about security issues with the iPhone.

Moore waited until the iPhone price dropped and until the toolchain tool for iPhone application development was released before he bought an iPhone to pick apart.

He first installed AppTapp, an iPhone package manager that downloads applications over Wi-Fi or EDGE. With the installer, he added OpenSSH—an open-source shell program that provides encrypted communication using the SSH protocol—and a VT-100 Terminal to the phone, and voila (after a "few headaches," he said), he had shell access.

Moore says he can now generate working iPhone shellcode with a version of Metasploit 3.

Once he had shell access, he found not only that all applications run with root access, but an assortment of other things potentially interesting to malware writers or to any of the many people who love to hack iPhones.

Page 2: iPhone Turned into Pocket-Sized Hacking Platform





  Reader Comments: iPhone Turned into Pocket-Sized Hacking Platform
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}is8vDz]5vI%5m[KU-EB!);}ybfृ|T{ޖ˖0$B"އ$i9crsk|jx΢>w}![f0TEK ]Ϥ^=Am۟@t 5v9:r z=>>;|9|@D%j'A]k|c{F}_2z5o0 fE1;FIGs!&2{8K;;$?*B]2HXߦuɷ~{Xe;7 !)*X^P~FD;5~r #k||=x?:a/M˟!ڮq 8]b'*#O^3lְB1BE/t#wJ;v9"QcO$աUqLJ^tf>D>8z v v=rJ53ҧ =K;O=k\w=jP?b@2hưaIpo! d4V# 5#Ϟ~b[>4tqr_սYoסn܎=wd&A0[b#6fJۆؼ?0}$"9ˡ,ft 2n dþ=RUP)kJv,^[,Te,oӟoz_{JY4E].;gW9(֝[p nKVj0n{'q@α{A~A~7" DT)Jj\(MDCajLq5 uz P%oFV4E; KHR gS$!XI#F/XTU!wlji_Wם^'gם)7bٚXC ji@e$X]FHwAբu|qӹluoz{MZϝvI;i O׵Vk pO{:$~~z>5401\]Z-$53IULxy$Y)r"8_CJ ݖeL_ȻX_KŗG)H73ǚ-#4ɔcPu t:9CsfZ[cW MXRƒ) t$ϹuWϝ5>Hr Ca)#p?%Wi8@r5YSl \捇4x O2X U >hI,E[!fTLK$o# ef"`Q%  '|#8Jn.b? [ʚ&gǰfeٜ%YWaLo\zfuEzW^?]{68^%glh|X.B2iK1QWG5MGRŦcWJPX=*‹JMU~ _q-~~b2B cgLt tA`::)~ҧ#|>5և$!|emxq=Z.3+ЍEXn`Nt&Ha㻣^h>[W <{ }C 0ԟsZ LP"wC h&r=kIׇ.[?? ; G`r]ɝ5y0f+wCPb(զπCρY\7 >)@}>g )nвc@@,Â?9fh<琉{ODOAЌ7_A}x@F6}~te M l$T)f DfO ~5lwnr ,_zv?GsZZ)/Cp>!_Nw\Գ&VAB glCC{ޡ[Y3T)w^IY䞅T_9YX XM`~w ,Rd0q6NI SXh8E/C4jM;24D֒f{ց$lJҴ.Z*![r5}a׼6F]RZRKPDlPc/X +ezd(e2LF%jIo2@n=ȢmD jrA5 Kۊ٨ߪ%M*GV+Wbzg2 g%AqsGNݔ6 [IF|x |ꝸ3@kQDz3ODnlp6H!%6D;~'V ، M UPby q ڠ@XĞ=:P]%8Y/-*{5eWlJsWk4FuM8@oʵLtzh< VȲO[:٤ bZk;kP %1csMD@knV2 &Gmܑk}6fuE׏$cifSKr sM~N!VӐPQ@1"^Ou/5Ga/AOYϩ섐kJc\Sњy]֩;lRz||tݱM% Ul RN}(Xk±&>,<<+i0ҁ 0 ~"=l Hs}"T0|*UTˈ`mS@@kSU Փ.E^~~ V%Ŵ谢zԘ{}Qː 0gxyd.>3IR-ftheU-UjRAgD+ϏxWE"IϨP:(TX7gmE{^ac7U[o&F)-ғe4 B|>675/­JAѷ p]oJ@?(nsU-yFS =JTȍ#}<9~܄yeb@mby@?}誦C}2YhSYpg#HٚIκV}|,On?{Z ]O UlY GqOX7n3 XV;I9hYb29Ki>C?9dN@u3 U s4NPƫ5߅r4hZM4'iwr£: ߀&\qcca} 2"G=n ~/I6kj fS))r*H+ů 3ˁ; _.lLg4>ʀkG2gdQ HVz\ 4g2<L.Mo 4y @QFkoZ,+eyHS/ JU-A^Mo6=HT\SGV:4{Ic#&a\khkc_uO( Eōj4 Jx7 \v[-& vaN0qR3ڛ5^,@M|KZOkP]8TV<^ۋ953ק~@Lf@= P3^IW:Λkjv<ۏn'vemBX׵I7$#ְJ7eVV5XI˴I> O0tG.ˤCGTTFogGDoS[Uts:C\Դ"Hw ضRsG%}D.,ӄ1zAbQ=Y @rvjT Gr2RDBZNBql'߾l[D ‚'T'.n\&#I Eq8x 26/ȟ-1Ή{O?JLп" }M ޟpفd#{?J䏽n:!)hl{ٗN/xyNӽ<$ "h#r|^'d0| srn^6bL`jX&IEqD#Sk!x0M !4ryQG$M "a.A-H7ܾJ9$4QJh"g8Q;6?m[=PRvPR)&bv(I;ɰ ݖ:p<5G 2)!M\'02L P,O&y=%lQ1 i(KBih%lbTHJoOwռ6<1ޥ]晿BǝƗHã,P-I+LB$/EiA0;'PR#A[xqPH T䵤 Zz*$;ÓqbLyx*= $LrHj-_랟FUkĶSqiפybAc$H~ `@wGL|5zǿ§ ' r;kgϜtG/zF]Yfg_ 'c Ǿ~/ݻ~Zw[q*A=wC @ƣb`@Ɍ7COf=K=#tzo=ȥֻq?*~gw.z@z@pw6{Zg%QJW=qM@jjir\<~^YZ䑼DqD%t`o 14m*z7=}z9{fvÏ5"i ј@.mvc鼳2> AYCVrl8w@rs&c#Pfp~n ֘@lll4Rbh,p9٦pr[0\9f>m` \qĨ`bx?r`f[w|!rxV>q=~Q}Po6\rNu㱯)&Ixlzv-k\,>gɇ5~cگ8x;*e^xd ؅"1  0|吴\u' vg=z%dϒ¼cyJWj? tIrd7 ei-D? :K2l`zw[& M\`[*n5g3$8PZ c"P>Щ=`[Q*O?ۧiET_p%'5XOH|,Ilvũe= C98NTR1i"dIcHHni….RMJ y^dn}[ \)wIJ9`[Ǽ㓸<C0˺M``g8YX(/0ɁVhRbrb~v_tx9Mz7<͐RO @OxQZySG\Jn$v_R@ Tt|V#TLj,U !嬟Mx 4eKg_d:tz-u$~\*jX_r.eӑ0)"ΫلXFS2Y+<vllUmUwOJj}[h/N'!wRԓ>96+|I,2'`H&\c-z woc;OERȧtQ 1~^ gEk*1 9,`sK{=qmS &TjGjX*BE]LZ i0a-cK0Jň_<|x -_J@r|Htŗ4L?HnK-ϵL!ė;B+Rh5)Hm!L% waR@ 0Lj:&ޗQ2Kj\ɠD K.KM#! ,y>Q!S|M,iZ攥8">A)z: -gt蹕N]OVjj5Kz9@+Z#OZAFD3m ."`vcMٖ+)b{ԟ):y/^t$*iZReF84&KpyWި8}R"n8hV XN~ZO 'yyyyUV﹎;Etţ1.aEw5;}c'_M{=mFY=[ΏsiH]K61 tz Sm3bh/2ʵ-"ku'o@y-v芷f%q%x ([Rb5󔇴-}Plwgkh-,|d m?J^{#ttdcS-g| 5D$HRob%re@ \uzxs-ۓZ`:=$ 8G8#Pl>aq1G=bymEdl|5 bK|UkH:c̕Sk(O0WA8>ENXProIWLn;*#+) ]z?LpߏJ,@au1`KB׊0dl SIm-jFm``I7e:h csoܑ;~-Te4@970fo&hI5;>$M*>Է{i$y:^O~uG~~~q/hZ+޶4N5/{:8Eڳ-bCpNB0D!W~+Gfn?hێmͯ^;@-I`=S-]Q9|}@b❷ HCh #qa7v}{=3CWJQ\7x # (EI , 7}3򂨉gGT4v|k{TT0ϸ u>eJxCi $񛄿ʓG zHj|m/%,#D8v9Q_-&ɮ), :3 PDܗnǾ.2"<2.߂$ >;ԩl`zb)[q?6-|\co^7R4W9dzВRzJx-MܱKVA]U]~W׆۸2jctSnzK\BśIN6ŗ@rO|k N}PQ_ P!jΠ6k?0Z_;ʚLHj~ж}A˽?V4B mY[`cXE9>*qdyN;%}V)Kjhk+1}eLɡzlï^Bif-e։5IV()3X5s+x(0L7zib>8\BO~{0Kפ t:ʆk;2)P2>k~~i//m~9c!;Ǘy0B2$oM [-{8S[xz12D1P1c0&kS\}!^jwT608{7~ @(So\kE_A--Ǵhgϡ?6 %f|l9>QiH:[Z-G DŢWbgv@RCB(lÞhF]dѰL68ߋn"&sjx;VQjj~zr_ZRӂ,w)]do=?:g[c{#UA2A5Z'\U BI?Zj>k`csܴ5̈ Zkaf׵Zkus3li<"} ޼vwO%ܬDMd3 ܮrG܀gE8a|fcqU"DwKdn-)RjX|>ITnp=jhDۤHdml^P)ϑVPJj\=w(9 .ؕժTjQܣF +,PP*(Zz/[ʳK1GۀO`ƖC0经UztWc}wAgBwG8X^yWݹHm+nA'Y,=t:wC{E+vl"6\%pKp|{?Oq-g:w:~9~ȋ:Zjb'U +KNhu0̊~%U$x[jhwQf1q8LwtF ^DқQQ̏XJ0[1K}FFV#oEi/co{I c O=rtw\9P{Y87_ 6f^zGZQ!G)}o M-ĸԓFG)׀!gxBWH7˽}H['鍀I]+62sL #>cx'N,u}n윓M﷯{aCt(-$9.`#oa#ag [YxyǜI<Rd wCy–2&.&m`աu/ tS!sSx-r)G}8ϷF}eO)Z1Du2t083w*%2H&cP <"mG=׽nrn-i`IkBx$lx Dzw6")(ĴF#1CLD:5,ǰL#&|E~@Cƣ6:=ccZ|,{{GǙ;fQWs ھvQ2E,D "}fAm??&~e KHB}s ^!8XLi0q>0"(S[]ă0>]QPO:@Vp͒wgy6t0^Q1e& > sXDeb@Ԕ0(V$!Ѕ8i,)@"!9͉k)1ka]?X/6`p3W VjE)OBӁR:C KDU8|.OlY,f/cǯ\iBR. ?$-GF쌆xɾxu0 }a3B's;xĄͫ/{M&OǽUӽ$ o¶V-r5uw[_NW_N;e?~`al\_db(,g6OFYyfvʜTN:c.ͅdUh,Y3U94dG_1}4e8q@׏O|?߀)Qe;̋ QW~4AL 7[vec+t_6xu3_9q 65^ZZǤI GM&7ba>oIk&5+<r<((('MfFyʻH-AQ~'O?NqY_iVF9?t.3ʡ5~e/y|v_d_d^ds E/>/2">G/3?gAYFߠoP~Q{1?s w1]7]? ͐/W@Wq_e sA?=/c=/c}~X_ S}}Y0 (*ɠh& K:ICP.Np3Kq /ޯ?e4@yJ͠2,c2\.2Kܿ2~2A\t[u CFWT=k /dmOu^k8VҮaq_l _xi +{yH2 r hxVydb bye?VPw;]CҤ]j. {%])r-XѧZ}5_99* t!=}}ʳG"\5½p'eybAZ̤-c@#]~L(ٛ.v)n7pK|`­tzTxZ ţ;Z8Ɗ ~3b 5y?'OxVf2O>]w_Ҿl3 쓭?u}MoMg:RNw ߽,RKtAc,>(NBhعkjz|fpOo4pὍ97pYفn qNrP*5VZ*{_5" = G1Q5YUdJ*'jeV*V&K=3 .=m^d fM-ϡ'!pC>fJC#DK(x[xϳcE|_,mBfP6սD<'u~m

7rn D|&ߢ)tO U/AD[e CAC k`V{Ϲer-#2O,5U,%w|wou_.c˃~@}I_3\#u{Ī]E}Q!rE:^FOZxk*| k!5$ vMrQ>+sonU|>1qN@3b Kǣ,H :BVf;h km8p52s&zU Th4Sϫ1E%[.~;0^R[aʹD.v⚽VAgL3SY,> N_dvO~5B+π 8H2Gd!᳤c"=("Ntx9mKY[zQڗE@1agG;4RVVХI񟄷zH, 7AQ^+yJ>? T@|- %G\6LDR}J0~N:]v0N9DEPީ!/;v2 S*4%SxsEz?X \cwHVx9O1ΪTU|>cx 'w65Tc *ۓ|?Oe Mt8?Bs ܐ}olI COFq:h/Asl+ 6[ +"ۂ JmӴ>u¹"UXJٍ , ~:3_[mrΦ(@PPϖWt:mml/>^|ۺ+AўYnw|h[d%+^FM`Wpۂ{ꐏXiWeRpCV)tO˞5鋰ANx3AEk,^rXٻ"P9N]Rjãō $c-ԭ䅸<P0_~&?c]'nJQXƺi#®u4mveщ&߉n^3QaWO\#{B70* 4.v>ϝn<^eY;PE"1ԛa:(/z0 jq1MkÔ{y0ѕDM1F(ͧ,13,@= փ LW{څGQy6;|,ݐbV"Nd׊rI)9=O9*R&L0MÄr-"5roq=yeיHpKg8 g!0X^Xɩȩ(v}_\%h2b5Š_yfϸȅ^`\YG7^y{b`!˾tڼ9!3L*`gGί>!2D!6xvYpEI{şy˖V)ZNN`)Xfչ uK+_1dF-<#@gkfuU+kD;idMn+:cSEᘸe=)jaKm>8n~;1{6JܖmJPUN9VKI+^iTNƇZʱ wm<lx61"+