toggle

AAPL Stock: 101.04 ( + 0.93 )

Printed from http://www.macnn.com

Hackers expose iPhone threats, secrets

updated 11:10 am EDT, Fri July 6, 2007

Hackers expose iPhone

Although the iPhone has only been available for a week, some groups have already managed to expose potentially serious vulnerabilities, reports say. The consulting company Errata Security notes that the version of Safari on the phone is succeptible to a buffer overflow attack, which could allow a remote user to take control and run code. A similar bug was discovered in the desktop Safari earlier this month, but a potential exploit for the iPhone would call 1-900 numbers until the malware reponsible was somehow stopped or removed.

Errata has also discovered that by exposing the Bluetooth receiver to a "fuzzer" -- a stream of random data -- it is possible to cause the whole phone to lock up. This can be undone by manually rebooting the device.

Further efforts, this time by members of the Hackint0sh user forum, have revealed passwords used to gain access to key components. Applications require the word "dottie" to gain root access, while gaining mobile access can be done with "alpine." These were discovered by running the popular John the Ripper cracking program.

The passwords are not immediately useful however, as people have not actually managed root access. "As of yet," comments security researcher Kevin Finisterre, "those passwords do not have a specific use, but that's not to say that within the next 20 minutes somebody finds a service on port 123 and we can log into it."

Finisterre does believe though that it is just a matter of time before a root hack is discovered, and that elements such as DRM guards may be overcome as well. "I don't think enough researchers like myself have the iPhone in their hands," he says. "Once folks like us get a hold of the thing, I think you're going to see quite a bit of stuff go on."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. ClevelandAdv

    Joined: Dec 1969

    0

    Crash code

    I never understood the reason a hacker would go through all the trouble of breaking into my iPhone just to make me reboot it. Likewise the 'huge security threat' imposed by someone being able to crash my browser. I have found ways to timeout or lockup a browser, but see no reason why anyone would want to do so.

    Being able to make 1-900 calls on my iPhone would be an issue, I wonder if I can block 1-900 services from my AT & T account. I have never called a 1-900 number and never will so I have no problem doing so.

  1. ClevelandAdv

    Joined: Dec 1969

    0

    Bluetooth

    I also do not use the bluetooth, so I am safe from that hack anyway.

  1. Ikon

    Joined: Dec 1969

    0

    if you can not be hackedů

    you simply do not exist. :-)

  1. testudo

    Joined: Dec 1969

    +1

    Re: bluetooth

    Can you turn bluetooth off on the iPhone?

  1. Guest

    Joined: Dec 1969

    0

    re: bluetooth

    "Can you turn bluetooth off on the iPhone?"

    Yep - Settings > General > Bluetooth

  1. ajhoughton

    Joined: Dec 1969

    0

    don't know about AT&T

    I don't know about AT&T, but here in the U.K., some cell phone providers block premium rate numbers unless you specifically request that they be unblocked, which would seem to be quite a good way of protecting users from abuse.

  1. jpellino

    Joined: Dec 1969

    0

    please.

    errata supposes this can be done thru safari. it hasn't been. As for KF, he's just garnering publicity. MOAB was a non-starter and things were fixed as fast as he could find them.

  1. Guest

    Joined: Dec 1969

    0

    900 Numbers

    You cannot call a 900 number for an AT&T wireless number. Also, numbers with 976 prefix are blocked by AT&T.

  1. mitchcohen

    Joined: Dec 1969

    0

    Safari can't make calls

    Safari can't even make phone calls... the best they could do is bring up the dialer.

    Nobody knows how to even program on the thing, so anything in the overflow would be useless.

    This is very broad, theoretical stuff. I wish folks (including editors of news sites, hint hint) would realize that, and label a security threat only when it is indeed that.

    clevelandadv: They were using 1-900 numbers as an example of what could be done. Any number could be called. That is, of course, on the assumption they can actually find a way to make calls via a buffer overflow - which is very unlikely they will ever do.

  1. infinsq

    Joined: Dec 1969

    0

    Re: Passwords

    Who said those are actually the passwords in use? Supposedly they were pulled from an /etc/passwd file. Funny thing is though, OS X uses NetInfo for passwords, not /etc/passwd. So uh, whatever is in the file is just b.s.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

toggle

Most Commented