Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Mobile Security / Expert: iPhone 'Perfect Spying Device'
Expert Calls Apple's iPhone 'Perfect Spying Device'
Expert Calls Apple's iPhone 'Perfect Spying Device'
By Richard Koman / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Hackers intent on unlocking Apple's iPhone for use with carriers other than AT&T -- and for using third-party applications -- exploited a bug in the device's handling of TIFF images. But that same bug can be used for far more nefarious exploits, renowned hacker HD Moore reported on his Web site, The Metasploit.

Moore posted to the site an exploit that would allow a hacker to insert malicious code onto someone's iPhone to access the device's data. Because the flawed TIFF library is used by the iPhone's Web browser, e-mail program, and iTunes software -- and because all of those programs run as root processes -- one of the iPhone's undocumented "features" is a gaping security hole.

Unlike the unlocking hackers, Moore said, "I wanted an exploit that would write any arbitrary payload" to the phone. "This exploit is rock solid. It's very reliable," he said. "You can send it in an e-mail, you can embed it in a Web page."

Susceptible to Drive-By attacks

Moore's research revealed the true extent of the TIFF bug, Andrew Storms, director of security operations for nCircle, said in an e-mail. If weaponized, Storms explained, the assault will present itself as a drive-by attack in which sites host seemingly innocuous images and other media that actually perform dangerous actions when rendered in a Web browser on the iPhone.

And, Storms said, the TIFF vulnerability and Safari bugs are "just problems which lie at the surface of the iPhone." Storms pointed out that in a BlackHat 2007 talk, Chris Miller at Independent Security Evaluators disclosed that all processes on the iPhone run privileged as root. "This architectural discovery in the iPhone means that any compromise of the device results in providing the attacker with privileged access."

Moore noted the root-process issue on his Web site, writing, "Having a network-enabled root shell in my pocket is great, but being able to pop a root shell on someone else's iPhone is even better." The security implications might be significant. "Any security flaw in any iPhone application can lead to a complete system compromise," Moore wrote.

"A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list, and phone hardware. Couple this with 'always-on' Internet access over EDGE and you have a perfect spying device," he added.

Shunned by the Enterprise

Apple should be thanking researchers like Moore and Miller, Storms said, for helping them make the iPhone more secure. "Apple is in a unique position compared to other smartphone providers," he said, because the company can update the iPhone's firmware with an online-update strategy with which users are comfortable. "Given all the public and privately known vulnerabilities in other smartphones, by the end of this year the iPhone might just end up being the most secure consumer smartphone available."

But Apple must provide centralized tools for managing configuration and compliance of an iPhone. Until then, he said, "it will continue to be shunned by enterprises. No matter how useful or ingenious the device may be, the Relevant Products/Services simply cannot consume another device where private data could be leaked."

Imagine a corporate CEO or sales director loading all of his or her contacts onto the phone. Or an HR manager loading employee data. "One of these attacks could provide a method to retrieve all the information stored on the iPhone," Storms said. Even worse, imagine that trade secrets or intellectual property are stored on a compromised phone.

A less likely but still conceivable scenario, Storms said, involves an enterprise allowing the iPhone's VPN client access to a private network. "The attacker may be able to use the VPN tunnel to gain access to further resources," Storms said.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.