[Infowarrior] - Metasploit Creator Distributes Exploits for iPhone

Richard Forno rforno at infowarrior.org
Wed Oct 17 12:11:16 UTC 2007 

Metasploit Creator Distributes Exploits for iPhone
By Kim Zetter EmailOctober 17, 2007 | 4:00:00 AM

http://blog.wired.com/27bstroke6/2007/10/metasploit-crea.html

HD Moore, one of the developers of the Metasploit pen-testing (and hacking)
tool, has posted exploits and detailed instructions on how to attack an
iPhone. The information takes hackers -- and the FBI and NSA -- one step
closer to being able to remotely and surreptitiously take control of an
iPhone and turn it into a surveillance device.

The exploits take advantage of a vulnerability in the TIFF image-rendering
library that's used by the phone's browser, mail and iTunes software. It's
the same vulnerability that allows Apple customers to unlock and customize
their iPhones. But Moore's exploits will allow hackers to do much more.

Last month he added capability to the Metasploit tool that would give a
hacker remote shell access to an iPhone in order to deliver any arbitrary
malicious code to it. All attackers needed to do was write malicious payload
code.

This week Moore posted some payload exploits and provided detailed
instructions for writing more of them. Attackers could conceivably write
code to hi-jack the contacts in an iPhone address book, access the list of
received and sent calls and messages, turn the phone into a listening
device, track the user's location or instruct the phone to snap photos of
the user's surroundings -- including any companions who may be in sight of
the camera lens.

Moore says the iPhone is more vulnerable than other phones because, as he
noted on his blog, it's designed so that every application on the phone, if
hacked, gives an intruder root access to the entire phone.

    MobileSafari, MobileMail, even the Calculator, all run with full root
privileges. Any security flaw in any iPhone application can lead to a
complete system compromise. A rootkit takes on a whole new meaning when the
attacker has access to the camera, microphone, contact list, and phone
hardware. Couple this with "always-on" internet access over EDGE and you
have a perfect spying device.

Moore told ComputerWorld that iPhones won't be any safer if Apple plugs the
security hole, which it's expected to do in the next version of its iPhone
firmware. Attackers will still be able to hack the phone.

    "All they'll need to do is back port the firmware to an earlier version
that's vulnerable," said Moore. "Apple has to leave a way to restore an
iPhone back [to previous versions of the firmware]."

    The same technique was used to hack the Sony PSP after Sony issued an
update that patched the TIFF vulnerability on that video game player.

Moore and fellow researcher Kevin Finisterre go into detail about writing
exploits for the iPhone here, here and here.

http://blog.wired.com/27bstroke6/2007/10/metasploit-crea.html

More information about the Infowarrior mailing list