toggle

AAPL Stock: 112.93 ( + 1.15 )

Printed from http://www.macnn.com

Website details iPhone root exploit

updated 10:45 am EDT, Fri September 28, 2007

iPhone root exploit

A recent weblog post, made by one of the participants of the Metasploit hacking project, details how an iPhone might be turned into a mobile hacking tool complete with root access. The post author notes that every process on an iPhone is run as root, including Mail and Safari, and that even a single flaw in one of them can lead to an iPhone being completely exploitable. This bears resemblance to the webpage exploit fixed by Apple in the v1.0.1 firmware, but notably, a general vulnerability appears to remain with the v1.0.2 firmware. There is no word yet on whether this has been solved in the new v1.1.1 release.

One hacked iPhone can in theory be made to target another, forcing it to take photos, share contact lists, or even dial phonecalls without the owner's consent, a particular problem since "always-on" EDGE access means this can be done any time an iPhone is not powered down. Compounding the danger is that mDNSResponder, also known as Bonjour, ZeroConf and Rendezvous, runs by default. The service broadcasts a user's hostname over Wi-Fi, giving hackers a target; it is noted however that active discovery of hostnames may not be easy.

The weblog poster observes that some modifications allow the installation of the Metasploit Framework, which in turn can be made to load iPhone executables. This however does not constitute an exploit by itself, since it is left up to other coders to determine the minute details of breaking into other phones.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. ZinkDifferent

    Joined: Dec 1969

    0

    Well...

    First of all, it's stuff like this why Apple keeps tightening security on iPhone, and why they close exploitable hole after exploitable hole -- the hacking community that lives under the delusion that Apple deliberately goes after their hacks labors in a delusion. It's about security, not the ability to snap pictures dressed as a pirate.

    That being said, if I understand this weblog entry from yet another self-proclaimed security 'expert' right, it's all hypothetical musings -- i.e. "if a potential exploit on an older version of the iPhone's firmware had security flaws, and if it were to be exploited, and if a piece of software exploited existed to do so, and if somone were inclined to do so.... then, *maybe* an iPhone could be exploited"

    That's a lot of 'ifs'. I guess the usual grab for attention, while talking out of their asses...

  1. testudo

    Joined: Dec 1969

    0

    Re: well

    First of all, it's stuff like this why Apple keeps tightening security on iPhone, and why they close exploitable hole after exploitable hole -- the hacking community that lives under the delusion that Apple deliberately goes after their hacks labors in a delusion. It's about security, not the ability to snap pictures dressed as a pirate.

    Blocking 'hacks' on the phone has nothing to do with security. As can be seen, there's still loads of potentials for problems. The biggest problem is actually that it IS a closed platform, which limits the amount of time/effort spent by security people to see how secure it is, but it doesn't stop those who'd want to hack it.

  1. ViktorCode

    Joined: Dec 1969

    0

    Closed isn't a problem

    You are speaking like if the fact of being closed platform has something to do with security in general. Wake up! Many of Mac OS X exploits both patched and unpatched have been discovered in open source parts of the system, like Java. Look at other open source platforms - aren't they ridden with exploits too? Going open source is not a solution for security problems.

    Also, before panic started i would like to point out that there's a big difference between a potential exploit and a real exploit out in the wild. It is the presence of the latter that indicates the fact of some company being lax on security. If potential exploits patched quickly enough then there never be real ones.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented