Website details iPhone root exploit
updated 10:45 am EDT, Fri September 28, 2007
iPhone root exploit
A recent weblog post, made by one of the participants of the Metasploit hacking project, details how an iPhone might be turned into a mobile hacking tool complete with root access. The post author notes that every process on an iPhone is run as root, including Mail and Safari, and that even a single flaw in one of them can lead to an iPhone being completely exploitable. This bears resemblance to the webpage exploit fixed by Apple in the v1.0.1 firmware, but notably, a general vulnerability appears to remain with the v1.0.2 firmware. There is no word yet on whether this has been solved in the new v1.1.1 release.
One hacked iPhone can in theory be made to target another, forcing it to take photos, share contact lists, or even dial phonecalls without the owner's consent, a particular problem since "always-on" EDGE access means this can be done any time an iPhone is not powered down. Compounding the danger is that mDNSResponder, also known as Bonjour, ZeroConf and Rendezvous, runs by default. The service broadcasts a user's hostname over Wi-Fi, giving hackers a target; it is noted however that active discovery of hostnames may not be easy.
The weblog poster observes that some modifications allow the installation of the Metasploit Framework, which in turn can be made to load iPhone executables. This however does not constitute an exploit by itself, since it is left up to other coders to determine the minute details of breaking into other phones.
Fresh-Faced Recruit
Joined: Jan 2005
Well...
First of all, it's stuff like this why Apple keeps tightening security on iPhone, and why they close exploitable hole after exploitable hole -- the hacking community that lives under the delusion that Apple deliberately goes after their hacks labors in a delusion. It's about security, not the ability to snap pictures dressed as a pirate.
That being said, if I understand this weblog entry from yet another self-proclaimed security 'expert' right, it's all hypothetical musings -- i.e. "if a potential exploit on an older version of the iPhone's firmware had security flaws, and if it were to be exploited, and if a piece of software exploited existed to do so, and if somone were inclined to do so.... then, *maybe* an iPhone could be exploited"
That's a lot of 'ifs'. I guess the usual grab for attention, while talking out of their asses...