RSSPossible iPhone Security Hole to be Demonstrated in Las Vegas
By Scott M. Fulton, III | Published July 23, 2007, 7:34 PM
Three researchers using a handful of tools mostly developed by others over the few weeks since the product's introduction, claim they have successfully cracked the Apple iPhone. In a white paper released today, the group claims it can obtain clandestine, wireless access to any and all files, including personally identifiable information, stored on an iPhone, and it plans to demonstrate how this is done at the BlackHat security conference in Las Vegas next week.
In their white paper, Charlie Miller and two colleagues with the group Independent Security Evaluators give credit to Apple for paying some attention to security architecture, and for reducing the phone's attack surface by refusing to open its operating system to third-party applications.
But from there, things fall apart. While in one sense, the attack surface is reduced, they claim, the possibilities for exploits become more focused.
"Unfortunately, once an iPhone application is breached by an attacker, very little prevents an attacker from obtaining complete control of the system," the group writes. "All the processes which handle network data run with the effective user id of 0, i.e. the superuser. This means that a compromise of any application gives the ability to run code in the context of that application which has the highest possible privilege level."
Attacks may have been made easier, the group continues, by Apple's neglecting to employ address space randomization. As a result, malicious code can place calls to existing procedures based on their memory addresses, which are always the same.
The white paper refrains from giving an exact description of the exploit. However, a YouTube video posted to the group's Web site purports to show an iPhone launching a malicious Web page in Safari, pretending to be a bookmarked page. To the user, it merely appears to hang and then crash the browser. But a log file that appears in the video to have been transmitted through the phone appears to contain personally identifiable data.
According to the group, one possible vector of exploit concerns how the iPhone determines its access points. "Because the iPhone learns access points by name (SSID)," the group writes, "if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any Web page browsed by the user by replacing the requested page with a page containing the exploit."
Charlie Miller will represent the group, it says, during a demonstration session at the BlackHat security conference in Las Vegas on August 2.
I dare any hacker out there to find security holes or hack my technologically impaired nokia. And guess what, it didn't cost anywhere near $600:-) LOL
Score: 0
OMFG, you guys hacked a cell phone, you must be really cool and hardcore. HAHAH LAME!
Score: 0
yea keep downplaying apple shortcomings. sure its not important to you but if the phone had the capabilities of other devices in the price range ($300 cheaper) then there could be corporate email stored on the device or personal documents... stuff that you could be effortlessly accessed with this hack
Score: 0
Everything gets hacked...everything. It's good that the vulnerabilities are being exposed, as they should be with all hardware and software. Now, Apple needs to respond by plugging the holes.
I'm sure Verizon is hoping this will decrease sales. Not likely.
Score: 0
The iPhone's Mac OS X operating system doesn't use address space randomization like Vista does? Is this also true of the desktop version of Mac OS X? I would have thought Apple would of thought of this since they're so concerned about security.
Score: 0
read this on cnet, glad betanews expanded on it and did some research. It's very hard to be a top player in the technology field, I'm glad that everyones "vulnerabilities" are being exposed.
Score: 0
Here's your $600 to good use.
Score: 0
Maybe this will push Apple along with a firmware update.
Score: 0
Odd must be some kind of mistake only Microsoft is alowed to ahve security breaches...
Score: 0
Wait...I thought that only MS products are vulnerable to security breaches?!
Score: 0
Don't worry. It has to happen in a complete perfect environment and is impossible for these reasons:
1. Macs and therefor everything Macintosh/Apple are infallible
2. Macs are far superior to anything else ever made by man
3. Microsoft/Windows SUX
... that pretty much sums up the comments you'll receive to the contrary. I thought I'd beat all the Mac enthusiasts to the punch.
Don't worry guys, I took care of it for you!
Score: 0
You forgot 1 point.
Steve Jobs = God.
MUST WARSHIP!!!!!!!!!!!!
Score: 0
That is what some here would want you to believe.
Score: 0
New video game, coming to stores near you. Steve Jobs leading the takeover of the universe from his interplanetary star cruiser, the MUST WARSHIP!!!!!!!!!!
Score: 0
A star cruiser with a Reality Distortion Field for primary shielding and a FUD generator as backup shielding! Totally unstoppable!
Score: 0
That's Metaphysical Reality Distortion field with Self-Regenerating FUD and Polarized Opinion Hull Plating.
And an Active Denial redundant defense system!
I hear flame retardant uniforms are an extra.
Score: 0