HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Unified Communications / Expert: iPhone 'Perfect Spying Device'
The Innovative CIO:
Stanford Graduate School of Business weeklong immersion program.
Download Brochure.
Expert Calls Apple's iPhone 'Perfect Spying Device'
Expert Calls Apple's iPhone 'Perfect Spying Device'
By Richard Koman / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
OCTOBER
17
2007
Hackers intent on unlocking Apple's iPhone for use with carriers other than AT&T -- and for using third-party applications -- exploited a bug in the device's handling of TIFF images. But that same bug can be used for far more nefarious exploits, renowned hacker HD Moore reported on his Web site, The Metasploit.

Moore posted to the site an exploit that would allow a hacker to insert malicious code onto someone's iPhone to access the device's data. Because the flawed TIFF library is used by the iPhone's Web browser, e-mail program, and iTunes software -- and because all of those programs run as root processes -- one of the iPhone's undocumented "features" is a gaping security hole.

Unlike the unlocking hackers, Moore said, "I wanted an exploit that would write any arbitrary payload" to the phone. "This exploit is rock solid. It's very reliable," he said. "You can send it in an e-mail, you can embed it in a Web page."

Susceptible to Drive-By attacks

Moore's research revealed the true extent of the TIFF bug, Andrew Storms, director of security operations for nCircle, said in an e-mail. If weaponized, Storms explained, the assault will present itself as a drive-by attack in which sites host seemingly innocuous images and other media that actually perform dangerous actions when rendered in a Web browser on the iPhone.

And, Storms said, the TIFF vulnerability and Safari bugs are "just problems which lie at the surface of the iPhone." Storms pointed out that in a BlackHat 2007 talk, Chris Miller at Independent Security Evaluators disclosed that all processes on the iPhone run privileged as root. "This architectural discovery in the iPhone means that any compromise of the device results in providing the attacker with privileged access."

Moore noted the root-process issue on his Web site, writing, "Having a network-enabled root shell in my pocket is great, but being able to pop a root shell on someone else's iPhone is even better." The security implications might be significant. "Any security flaw in any iPhone application can lead to a complete system compromise," Moore wrote.

"A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list, and phone hardware. Couple this with 'always-on' Internet access over EDGE and you have a perfect spying device," he added.

Shunned by the Enterprise

Apple should be thanking researchers like Moore and Miller, Storms said, for helping them make the iPhone more secure. "Apple is in a unique position compared to other smartphone providers," he said, because the company can update the iPhone's firmware with an online-update strategy with which users are comfortable. "Given all the public and privately known vulnerabilities in other smartphones, by the end of this year the iPhone might just end up being the most secure consumer smartphone available."

But Apple must provide centralized tools for managing configuration and compliance of an iPhone. Until then, he said, "it will continue to be shunned by enterprises. No matter how useful or ingenious the device may be, the enterprise simply cannot consume another device where private data could be leaked."

Imagine a corporate CEO or sales director loading all of his or her contacts onto the phone. Or an HR manager loading employee data. "One of these attacks could provide a method to retrieve all the information stored on the iPhone," Storms said. Even worse, imagine that trade secrets or intellectual property are stored on a compromised phone.

A less likely but still conceivable scenario, Storms said, involves an enterprise allowing the iPhone's VPN client access to a private network. "The attacker may be able to use the VPN tunnel to gain access to further resources," Storms said.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Waiting in a monster line is rough on customers. Transactions that involve tedious document scanning? Even scarier. Meet the KODAK ScanMate i1150. A smart, responsive little beast from Kodak Alaris that fits easily on a desk or counter--and has an "overdrive" button that devours stacks of 10 even faster. It can even sense a jam and stop in its tracks. Fiercely reliable. Well behaved. Look closer.
MORE IN UNIFIED COMMUNICATIONS
Product Information and Resources for Technology You Can Use To Boost Your Business
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.