iPhone Turned into Pocket

By Lisa Vaas  |  Posted 2007-10-02 Print this article Print

-Sized Hacking Platform"> One such observation: The iPhone has a potential security pitfall in that its MobileMail application supports Microsoft Office document formats by using the OfficeImporter framework when converting files into viewable form. "This looks like a great target for file-format fuzzing and some late-night reverse engineering," Moore said.

Another potential way for attackers to get into the phone is through the mDNSResponder service, which runs by default, Moore said. The mDNSResponder, used by iTunes for music sharing, is part of the Bonjour application suite, which provides automatic and transparent configuration of network devices.
When the iPhone first syncs with iTunes, its host name is changed, Moore said. The default hostname becomes "Users iPhone," with the Mac OS X user account name filling in for "User." If the iPhone is connected to a Wi-Fi network, the mDNS service exposes the iPhone owners user name.
That particular security exposure hasnt yet responded to Moores probes, he said, making active discovery "less likely." Moore has also been playing with the "vibrate" shellcode released by Miller at Black Hat 2007. By the time the security show rolled around, Independent Security Evaluators had already revealed, shortly after the smart phones release, that Apples popular multifunctional device could be exploited for data theft or snooping purposes. At the time, Miller, Jake Honoroff and Joshua Mason created an exploit for the iPhones Safari Web browser wherein they used an unmodified device to surf to a maliciously crafted drive-by download site. The site downloaded exploit code that forced the iPhone to make an outbound connection to a server controlled by the security firm. The researchers showed that a compromised device then could be forced to send out personal data, including SMS text messages, contact information, call history, voice mail information, passwords, e-mail messages and browsing history. Miller told eWEEK that with Moores Metasploit work, the time needed to write iPhone exploits has substantially shrunk. "One thing interesting about the work H.D.s done, if you look at the time frame, is it took us two days to find a vulnerability and write something to where we knew it was legitimate. [It took] seven or eight days after that to having a working exploit. If we had what H.D. has done, it would have taken maybe a day or less. Having this available now will cut what we did from two weeks to two days. Now that the iPhone has been out for months, is the desire to hack it still at a fever pitch? Miller said that given how much personal information an attacker can shake out of the device, "It probably is something people should worry about." "[Like H.D. said in his blog,] Its always on, its always on the Internet, and you can get a lot of personal information. Its a viable target," Miller said. So now its time for real fun. "Its going to be such good times," one blogger wrote after Moore published his findings. "…we have the accessibility/vector. What we need are market saturation (some predict 14M sold by end of 2008,) a mesh networking application (or something to cross-connect the myriad of networking options) and an attractive application to encourage the owners to share amongst each other (say, some funky music sharing application or social networking tie-in, or instant messaging.) Thatll lay the ground work for some very effective malware." For his part, Moore said in his posting that hes added support for iPhone executables to the msfpayload command, allowing users to generate stand-alone bind/reverse shell executables using a syntax supplied in his posting. Next up is an XOR encoder, and then all hell should break loose. "Once the XOR encoder is done, the only step left is to find the bugs and write the exploits :-)," Moore wrote. By the time this article posted, Apple had not responded to a request for comment. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel