RSS RSS Twitter Twitter
apple news/media reports

09/28/2007, 10:45am, EDT

Friday, September 28th

Website details iPhone root exploit

A recent weblog post, made by one of the participants of the Metasploit hacking project, details how an iPhone might be turned into a mobile hacking tool complete with root access. The post author notes that every process on an iPhone is run as root, including Mail and Safari, and that even a single flaw in one of them can lead to an iPhone being completely exploitable. This bears resemblance to the webpage exploit fixed by Apple in the v1.0.1 firmware, but notably, a general vulnerability appears to remain with the v1.0.2 firmware. There is no word yet on whether this has been solved in the new v1.1.1 release.

One hacked iPhone can in theory be made to target another, forcing it to take photos, share contact lists, or even dial phonecalls without the owner's consent, a particular problem since "always-on" EDGE access means this can be done any time an iPhone is not powered down. Compounding the danger is that mDNSResponder, also known as Bonjour, ZeroConf and Rendezvous, runs by default. The service broadcasts a user's hostname over Wi-Fi, giving hackers a target; it is noted however that active discovery of hostnames may not be easy.

The weblog poster observes that some modifications allow the installation of the Metasploit Framework, which in turn can be made to load iPhone executables. This however does not constitute an exploit by itself, since it is left up to other coders to determine the minute details of breaking into other phones.


Filed under: Apple

, , 3comments, del.icio.us, slashdot, digg, buzz , Twitter



3 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
Well...
0
09/28, 11:59am, EDT
First of all, it's stuff like this why Apple keeps tightening security on iPhone, and why they close exploitable hole after exploitable hole -- the hacking community that lives under the delusion that Apple deliberately goes after their hacks labors in a delusion. It's about security, not the ability to snap pictures dressed as a pirate.

That being said, if I understand this weblog entry from yet another self-proclaimed security 'expert' right, it's all hypothetical musings -- i.e. "if a potential exploit on an older version of the iPhone's firmware had security flaws, and if it were to be exploited, and if a piece of software exploited existed to do so, and if somone were inclined to do so.... then, *maybe* an iPhone could be exploited"

That's a lot of 'ifs'. I guess the usual grab for attention, while talking out of their asses...
Fresh-Faced Recruit
Joined Jan 2005
User is offline
Re: well
0
09/29, 3:18pm, EDT
First of all, it's stuff like this why Apple keeps tightening security on iPhone, and why they close exploitable hole after exploitable hole -- the hacking community that lives under the delusion that Apple deliberately goes after their hacks labors in a delusion. It's about security, not the ability to snap pictures dressed as a pirate.

Blocking 'hacks' on the phone has nothing to do with security. As can be seen, there's still loads of potentials for problems. The biggest problem is actually that it IS a closed platform, which limits the amount of time/effort spent by security people to see how secure it is, but it doesn't stop those who'd want to hack it.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
Closed isn't a problem
0
10/01, 6:36am, EDT
You are speaking like if the fact of being closed platform has something to do with security in general. Wake up! Many of Mac OS X exploits both patched and unpatched have been discovered in open source parts of the system, like Java. Look at other open source platforms - aren't they ridden with exploits too? Going open source is not a solution for security problems.

Also, before panic started i would like to point out that there's a big difference between a potential exploit and a real exploit out in the wild. It is the presence of the latter that indicates the fact of some company being lax on security. If potential exploits patched quickly enough then there never be real ones.
Fresh-Faced Recruit
Joined Jan 2006
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

Internet Marketing School - 100% Online: Master SEO, SEM, E Commerce, Media & More with a U of San Francisco Certificate.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.