toggle

AAPL Stock: 497.67 ( 0 )

Website details iPhone root exploit

updated 10:45 am EDT, Fri September 28, 2007

iPhone root exploit


A recent weblog post, made by one of the participants of the Metasploit hacking project, details how an iPhone might be turned into a mobile hacking tool complete with root access. The post author notes that every process on an iPhone is run as root, including Mail and Safari, and that even a single flaw in one of them can lead to an iPhone being completely exploitable. This bears resemblance to the webpage exploit fixed by Apple in the v1.0.1 firmware, but notably, a general vulnerability appears to remain with the v1.0.2 firmware. There is no word yet on whether this has been solved in the new v1.1.1 release.

One hacked iPhone can in theory be made to target another, forcing it to take photos, share contact lists, or even dial phonecalls without the owner's consent, a particular problem since "always-on" EDGE access means this can be done any time an iPhone is not powered down. Compounding the danger is that mDNSResponder, also known as Bonjour, ZeroConf and Rendezvous, runs by default. The service broadcasts a user's hostname over Wi-Fi, giving hackers a target; it is noted however that active discovery of hostnames may not be easy.

The weblog poster observes that some modifications allow the installation of the Metasploit Framework, which in turn can be made to load iPhone executables. This however does not constitute an exploit by itself, since it is left up to other coders to determine the minute details of breaking into other phones.


by MacNN Staff

print
email
(3)

TAGS :

 Apple

Related Articles

Recent Articles

toggle

Comments

  1. ZinkDifferent

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    09/28, 11:59am | report spam | Reply |

    Well...

    First of all, it's stuff like this why Apple keeps tightening security on iPhone, and why they close exploitable hole after exploitable hole -- the hacking community that lives under the delusion that Apple deliberately goes after their hacks labors in a delusion. It's about security, not the ability to snap pictures dressed as a pirate.

    That being said, if I understand this weblog entry from yet another self-proclaimed security 'expert' right, it's all hypothetical musings -- i.e. "if a potential exploit on an older version of the iPhone's firmware had security flaws, and if it were to be exploited, and if a piece of software exploited existed to do so, and if somone were inclined to do so.... then, *maybe* an iPhone could be exploited"

    That's a lot of 'ifs'. I guess the usual grab for attention, while talking out of their asses...

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    09/29, 03:18pm | report spam | Reply |

    Re: well

    First of all, it's stuff like this why Apple keeps tightening security on iPhone, and why they close exploitable hole after exploitable hole -- the hacking community that lives under the delusion that Apple deliberately goes after their hacks labors in a delusion. It's about security, not the ability to snap pictures dressed as a pirate.

    Blocking 'hacks' on the phone has nothing to do with security. As can be seen, there's still loads of potentials for problems. The biggest problem is actually that it IS a closed platform, which limits the amount of time/effort spent by security people to see how secure it is, but it doesn't stop those who'd want to hack it.

  1. ViktorCode

    Fresh-Faced Recruit

    Joined: Jan 2006

    0
    10/01, 06:36am | report spam | Reply |

    Closed isn't a problem

    You are speaking like if the fact of being closed platform has something to do with security in general. Wake up! Many of Mac OS X exploits both patched and unpatched have been discovered in open source parts of the system, like Java. Look at other open source platforms - aren't they ridden with exploits too? Going open source is not a solution for security problems.

    Also, before panic started i would like to point out that there's a big difference between a potential exploit and a real exploit out in the wild. It is the presence of the latter that indicates the fact of some company being lax on security. If potential exploits patched quickly enough then there never be real ones.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News