Friday, October 05, 2007
Apple iPhone: The ultimate hacking device.
Forget about hacking your own iPhone, how about hacking someone elses?!
Apparently every process on the iPhone runs as root giving them full privileges. That means that a vunerability in an application could result in a fully compromised system.
H.D. Moore describes the whole issue very detailed on the Metasploit blog.
A few quotes: "Every process runs as root. MobileSafari, MobileMail, even the Calculator, all run with full root privileges. Any security flaw in any iPhone application can lead to a complete system compromise. A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list, and phone hardware. Couple this with "always-on" internet access over EDGE and you have a perfect spying device."
Lisa Vaas on eWeek.com also discussed the issue:
"The shellcode combined with the number of bugs present in the iPhone finally make mobile attacks a real threat," wrote Errata Chief Technology Officer David Maynor in a blog posting."
Charlie Miller—a researcher with Baltimore-based Independent Security Evaluators, and one of a trio who were first to unveil security issues with the iPhone and release iPhone "vibrate" shellcode at Black Hat 2007—told eWEEK in an interview that he wishes he'd been able to use Metasploit when he was writing exploits for the gadget back in July.
Charlie Miller, Jake Honoroff and Joshua Mason created an exploit for the iPhone's Safari Web browser wherein they used an unmodified device to surf to a maliciously crafted drive-by download site. The site downloaded exploit code that forced the iPhone to make an outbound connection to a server controlled by the security firm. The researchers showed that a compromised device then could be forced to send out personal data, including SMS text messages, contact information, call history, voice mail information, passwords, e-mail messages and browsing history.
No news on whether Apple is aware of these issues and what their actions will be. Maybe they are too busy preventing people from unlocking their iPhones.....