Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity
    • Mobile

    iPhone Turned into Pocket-Sized Hacking Platform

    By
    Lisa Vaas
    -
    October 2, 2007
    Share
    Facebook
    Twitter
    Linkedin

      The iPhone has been turned into a “pocket-sized … network-enabled root shell,” said H.D. Moore, thanks to the well-known security researcher having published shell code for the smart phone and instructions on how to use it as a portable hacking platform.

      Because of his work, Moores highly popular Metasploit Framework penetration-testing tool can now be used to easily write point-and-click exploits targeting iPhone application vulnerabilities—exploits that will give an attacker complete control of the device, given that all of the phones applications run with root access.

      Moore on Sept. 25 published details of his recent work on the iPhone.

      Besides publishing shell code, Moore revealed multiple security chasms on Apples device: The first and most shocking is that each and every process running on the iPhone—from the mobile version of Apples Safari browser to its mail client and even the phones calculator—all run with full root privileges. What that means: A security vulnerability in any iPhone application can lead to complete system takeover.

      “A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list and phone hardware. Couple this with always-on Internet access over EDGE and you have a perfect spying device,” Moore said.

      Others agree. “The shellcode combined with the number of bugs present in the iPhone finally make mobile attacks a real threat,” wrote Errata Chief Technology Officer David Maynor in a blog posting.

      Charlie Miller—a researcher with Baltimore-based Independent Security Evaluators, and one of a trio who were first to unveil security issues with the iPhone and release iPhone “vibrate” shellcode at Black Hat 2007—told eWEEK in an interview that he wishes hed been able to use Metasploit when he was writing exploits for the gadget back in July.

      “It will certainly make life easier” for others who write exploit code for the iPhone, he said. “Metasploit is the go-to point-and-click [pen-testing] interface. Its really designed to help you write exploits and deploy [them] in ways anyone can use. Jailbreak [another development tool] was available [at the time Miller was writing exploits]. But now [Moore] has Metasploit where you can right away build payloads that run as executables on the iPhone.”

      As it is, within three days of the smartphones July launch hackers cracked the iPhones firmware, finding not only that the phone runs on a Unix-like operating system but going so far as to extract the master root and other system passwords.

      Click here to read more about security issues with the iPhone.

      Moore waited until the iPhone price dropped and until the toolchain tool for iPhone application development was released before he bought an iPhone to pick apart.

      He first installed AppTapp, an iPhone package manager that downloads applications over Wi-Fi or EDGE. With the installer, he added OpenSSH—an open-source shell program that provides encrypted communication using the SSH protocol—and a VT-100 Terminal to the phone, and voila (after a “few headaches,” he said), he had shell access.

      Moore says he can now generate working iPhone shellcode with a version of Metasploit 3.

      Once he had shell access, he found not only that all applications run with root access, but an assortment of other things potentially interesting to malware writers or to any of the many people who love to hack iPhones.

      Page 2: iPhone Turned into Pocket-Sized Hacking Platform

      iPhone Turned into Pocket

      -Sized Hacking Platform”>

      One such observation: The iPhone has a potential security pitfall in that its MobileMail application supports Microsoft Office document formats by using the OfficeImporter framework when converting files into viewable form. “This looks like a great target for file-format fuzzing and some late-night reverse engineering,” Moore said.

      Another potential way for attackers to get into the phone is through the mDNSResponder service, which runs by default, Moore said. The mDNSResponder, used by iTunes for music sharing, is part of the Bonjour application suite, which provides automatic and transparent configuration of network devices.

      When the iPhone first syncs with iTunes, its host name is changed, Moore said. The default hostname becomes “Users iPhone,” with the Mac OS X user account name filling in for “User.” If the iPhone is connected to a Wi-Fi network, the mDNS service exposes the iPhone owners user name.

      That particular security exposure hasnt yet responded to Moores probes, he said, making active discovery “less likely.”

      Moore has also been playing with the “vibrate” shellcode released by Miller at Black Hat 2007. By the time the security show rolled around, Independent Security Evaluators had already revealed, shortly after the smart phones release, that Apples popular multifunctional device could be exploited for data theft or snooping purposes.

      At the time, Miller, Jake Honoroff and Joshua Mason created an exploit for the iPhones Safari Web browser wherein they used an unmodified device to surf to a maliciously crafted drive-by download site. The site downloaded exploit code that forced the iPhone to make an outbound connection to a server controlled by the security firm.

      The researchers showed that a compromised device then could be forced to send out personal data, including SMS text messages, contact information, call history, voice mail information, passwords, e-mail messages and browsing history.

      Miller told eWEEK that with Moores Metasploit work, the time needed to write iPhone exploits has substantially shrunk. “One thing interesting about the work H.D.s done, if you look at the time frame, is it took us two days to find a vulnerability and write something to where we knew it was legitimate. [It took] seven or eight days after that to having a working exploit. If we had what H.D. has done, it would have taken maybe a day or less. Having this available now will cut what we did from two weeks to two days.

      Now that the iPhone has been out for months, is the desire to hack it still at a fever pitch? Miller said that given how much personal information an attacker can shake out of the device, “It probably is something people should worry about.”

      “[Like H.D. said in his blog,] Its always on, its always on the Internet, and you can get a lot of personal information. Its a viable target,” Miller said.

      So now its time for real fun.

      “Its going to be such good times,” one blogger wrote after Moore published his findings. “…we have the accessibility/vector. What we need are market saturation (some predict 14M sold by end of 2008,) a mesh networking application (or something to cross-connect the myriad of networking options) and an attractive application to encourage the owners to share amongst each other (say, some funky music sharing application or social networking tie-in, or instant messaging.) Thatll lay the ground work for some very effective malware.”

      For his part, Moore said in his posting that hes added support for iPhone executables to the msfpayload command, allowing users to generate stand-alone bind/reverse shell executables using a syntax supplied in his posting. Next up is an XOR encoder, and then all hell should break loose.

      “Once the XOR encoder is done, the only step left is to find the bugs and write the exploits :-),” Moore wrote.

      By the time this article posted, Apple had not responded to a request for comment.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×