apple news/media reports

07/06/2007, 11:10am, EDT

Friday, July 6th

Hackers expose iPhone threats, secrets

Although the iPhone has only been available for a week, some groups have already managed to expose potentially serious vulnerabilities, reports say. The consulting company Errata Security notes that the version of Safari on the phone is succeptible to a buffer overflow attack, which could allow a remote user to take control and run code. A similar bug was discovered in the desktop Safari earlier this month, but a potential exploit for the iPhone would call 1-900 numbers until the malware reponsible was somehow stopped or removed.

Errata has also discovered that by exposing the Bluetooth receiver to a "fuzzer" -- a stream of random data -- it is possible to cause the whole phone to lock up. This can be undone by manually rebooting the device.

Further efforts, this time by members of the Hackint0sh user forum, have revealed passwords used to gain access to key components. Applications require the word "dottie" to gain root access, while gaining mobile access can be done with "alpine." These were discovered by running the popular John the Ripper cracking program.

The passwords are not immediately useful however, as people have not actually managed root access. "As of yet," comments security researcher Kevin Finisterre, "those passwords do not have a specific use, but that's not to say that within the next 20 minutes somebody finds a service on port 123 and we can log into it."

Finisterre does believe though that it is just a matter of time before a root hack is discovered, and that elements such as DRM guards may be overcome as well. "I don't think enough researchers like myself have the iPhone in their hands," he says. "Once folks like us get a hold of the thing, I think you're going to see quite a bit of stuff go on."


Filed under: Apple

, , 16comments, del.icio.us, slashdot, digg, buzz


16 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
Crash code
0
07/06, 11:29am, EDT
I never understood the reason a hacker would go through all the trouble of breaking into my iPhone just to make me reboot it. Likewise the 'huge security threat' imposed by someone being able to crash my browser. I have found ways to timeout or lockup a browser, but see no reason why anyone would want to do so.

Being able to make 1-900 calls on my iPhone would be an issue, I wonder if I can block 1-900 services from my AT & T account. I have never called a 1-900 number and never will so I have no problem doing so.
Fresh-Faced Recruit
Joined Jul 2004
User is offline
Bluetooth
0
07/06, 11:33am, EDT
I also do not use the bluetooth, so I am safe from that hack anyway.
Fresh-Faced Recruit
Joined Jul 2004
User is offline
if you can not be hacked…
0
07/06, 11:39am, EDT
you simply do not exist. :-)
Fresh-Faced Recruit
Joined May 2005
User is offline
Re: bluetooth
0
07/06, 11:51am, EDT
Can you turn bluetooth off on the iPhone?
Fresh-Faced Recruit
Joined Aug 2001
User is offline
re: bluetooth
0
07/06, 11:57am, EDT
"Can you turn bluetooth off on the iPhone?"

Yep - Settings > General > Bluetooth
don't know about AT&T
0
07/06, 12:15pm, EDT
I don't know about AT&T, but here in the U.K., some cell phone providers block premium rate numbers unless you specifically request that they be unblocked, which would seem to be quite a good way of protecting users from abuse.
Fresh-Faced Recruit
Joined Mar 2004
User is offline
please.
0
07/06, 12:23pm, EDT
errata supposes this can be done thru safari. it hasn't been. As for KF, he's just garnering publicity. MOAB was a non-starter and things were fixed as fast as he could find them.

Fresh-Faced Recruit
Joined Oct 1999
User is offline
900 Numbers
0
07/06, 12:25pm, EDT
You cannot call a 900 number for an AT&T wireless number. Also, numbers with 976 prefix are blocked by AT&T.
Safari can't make calls
0
07/06, 12:38pm, EDT
Safari can't even make phone calls... the best they could do is bring up the dialer.

Nobody knows how to even program on the thing, so anything in the overflow would be useless.

This is very broad, theoretical stuff. I wish folks (including editors of news sites, hint hint) would realize that, and label a security threat only when it is indeed that.

clevelandadv: They were using 1-900 numbers as an example of what could be done. Any number could be called. That is, of course, on the assumption they can actually find a way to make calls via a buffer overflow - which is very unlikely they will ever do.
Fresh-Faced Recruit
Joined Aug 2005
User is offline
Re: Passwords
0
07/06, 1:11pm, EDT
Who said those are actually the passwords in use? Supposedly they were pulled from an /etc/passwd file. Funny thing is though, OS X uses NetInfo for passwords, not /etc/passwd. So uh, whatever is in the file is just b.s.
Fresh-Faced Recruit
Joined Jul 2006
User is offline
additional comments:..1..2..Next
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com
Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.