The Realm of the Verbal Processor

iPhone Vulnerabilities

Saw these links today about vulnerabilities in the iPhone that I thought were quite amusing given how much Apple users poke at Microsoft about security. Basic gist is that all of the applications on the iPhone run as root. So any exploit that gives you shell access gives you everything. Apparently Apple didn’t learn from the “everybody is an admin” mistakes that Microsoft made in older OSes. This could be really comical to watch…or scary depending on how many of them make it into the office.

http://www.eweek.com/article2/0,1895,2191373,00.asp

http://www.eweek.com/article2/0,1895,2197476,00.asp

http://blog.metasploit.com/2007/10/cracking-iphone-part-21.html

http://blog.metasploit.com/2007/10/cracking-iphone-part-3.html

A couple of interesting quotes from the first article…

“The iPhone has been turned into a “pocket-sized … network-enabled root shell,” said H.D. Moore, thanks to the well-known security researcher having published shell code for the smart phone and instructions on how to use it as a portable hacking platform.”

“A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list and phone hardware. Couple this with ‘always-on’ Internet access over EDGE and you have a perfect spying device,”

“It’s going to be such good times,” one blogger wrote after Moore published his findings. “…we have the accessibility/vector. What we need are market saturation (some predict 14M sold by end of 2008,) a mesh networking application (or something to cross-connect the myriad of networking options) and an attractive application to encourage the owners to share amongst each other (say, some funky music sharing application or social networking tie-in, or instant messaging.) That’ll lay the ground work for some very effective malware.”

October 18, 2007 - Posted by Jarvis | tech