Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Find Remote iPhone Crack

Posted by kdawson on from the jailbreaking-via-mortar dept.

Al writes "Two researchers have found a way to run unauthorized code on an iPhone remotely. This is different than 'jailbreaking,' which requires physical access to the device. Normally applications have to be signed cryptographically by Apple in order to run. But Charles Miller of Independent Security Evaluators and Vincenzo Iozzo from the University of Milan found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable. The trick is significant, say Miller and Iozzo, because it provides a way to do something on a device after making use of a remote exploit. Details will be presented next month at the Black Hat Conference in Las Vegas." The attack was developed on version 2.0 of the iPhone software, and the researchers don't know if it will work when 3.0 is released.

114 comments

  1. frost pist by Anonymous Coward · · Score: 4, Funny

    Apple are brown hatters, not black.

    1. Re:frost pist by sopssa · · Score: 0, Redundant

      I, for one, welcome our new iphone botnet overlords!

    2. Re:frost pist by DigitalExtremeMedia · · Score: 1

      Apple are brown hatters, not black.

      Good one. Never heard that before.

      --
      Web Design for Small Business
  2. Is this good news. by jellomizer · · Score: 4, Insightful

    Does that mean if we go to the "wrong" web site we can enable Wi-Fi tethering without have to pay extra?

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Is this good news. by Krneki · · Score: 1, Redundant

      Apple or the carriers charges for Wi-Fi tethering? And you actual bought a device configured that way?

      --
      Love many, trust a few, do harm to none.
    2. Re:Is this good news. by Anonymous Coward · · Score: 3, Insightful

      Only if you want to risk losing your service. Tethering without a tethering plan is a violation of AT&T's terms of use. It seems to me that it would be pretty easy to detect. For instance, they could check your browser agent information when you make HTTP requests. They could also look for connections over known ports that would imply you're not on a phone (such as a WoW connection). It seems there are several ways AT&T could spot that you're using a tethered connection without paying for it. So even if you can enable it, it would probably be best not to unless you're interested in potentially losing your phone service.

    3. Re:Is this good news. by Dare+nMc · · Score: 3, Interesting

      imply you're not on a phone

      exactly, imply. If your allowed to install apps on your phone, everything you point out is possibly a new app that AT&T doesn't know about, and would be a pain if AT&T's permission were required to install/run each new type of app. Granted, for the I-Phone crowd, requiring permission to install/use a app isn't uncharted territory. but for the rest of the smart phones, this wouldn't be very nice.

    4. Re:Is this good news. by Anonymous Coward · · Score: 0

      :| OMG, does it really work like that!? instead of allowing the customer to by a SIM card to use however he/she wants (i.e., pay to use almost any of the services that the provider has to offer), they cut it down!? I'm giving out a thumbs down for AT&T or the US mobile telephone service, but I found this kind of restrictions very weird... In every country inside the EU you can buy a SIM card woth â5 ou â10 and use it for what you want, as long as you top it up!

    5. Re:Is this good news. by qopax · · Score: 1

      or, you know, you could have some balls and use the bandwidth you pay for $30 a month in any way you want until they tell you otherwise

      --
      I pwn this comment. "The Fine Print" says so.
    6. Re:Is this good news. by Anonymous Coward · · Score: 0

      They all charge extra for tethering. Idiot!

    7. Re:Is this good news. by Anonymous Coward · · Score: 0

      Apple or the carriers charges for Wi-Fi tethering? And you actual bought a device configured that way?

      You must not be from the USA.

      Point #1 is, this is an iPhone article, and teathering is an AT&T issue, both of those companies are American. Not being involved or related to either, this article is clearly not directed at you.

      Point #2, you say that as if there was any choice. If you actually lived here, you might have some right to make a snide comment, but lacking that you do not.

      Point #3, the full American population can not move to your country just to get better and more advanced cellular network technology. There is no room to relocate an entire country, so that is not an option.

      Point #4, the fact the American government gave a monopoly to the wireless carriers means there is absolutely NOTHING the American public can do about this issue. So you should watch where you are placing blame. This is the peoples fault no more than it is personally your fault.

      If the basic assumption of you not being American is incorrect, then your comment is clearly not based on reality in any shape or form, and you are trolling...

    8. Re:Is this good news. by Krneki · · Score: 1

      Wi-Fi tethering needs some explanation. Is this 3G/GPRS tethering or Wi-Fi connection to your router so you can use VOIP on your mobile phone?

      --
      Love many, trust a few, do harm to none.
    9. Re:Is this good news. by Krneki · · Score: 1

      Not in my country. You pay for mobile connection, what you do is up to you.

      --
      Love many, trust a few, do harm to none.
    10. Re:Is this good news. by jellomizer · · Score: 1

      Well the current tethering option for the iPhone 3.0 is via bluetooth or connect to your computer via USB. however each iPhone and iPod touch has a normal Wi-Fi support I think it is G so you could take your Edge/G3 network connection and broadcast it so your laptop and any other device that uses Wi-Fi connection can pick it up.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    11. Re:Is this good news. by Krneki · · Score: 1

      Are you sure the IPhone can act as a Wi-Fi access point?

      --
      Love many, trust a few, do harm to none.
    12. Re:Is this good news. by Serious+Callers+Only · · Score: 1

      Are you sure the IPhone can act as a Wi-Fi access point?

      Mac OS X can, so there's no reason an iPhone couldn't. It would use up the battery very quickly though if you're also using the radio for a 3G signal.

    13. Re:Is this good news. by Krneki · · Score: 1

      Most devices can't. This is why I'm asking. Googling a little, revels IPhone can't act as a Wireless access point by default. http://www.podcastalley.com/forum/showthread.php?t=138655 http://www.everythingicafe.com/forum/iphone-modifications/iphone-as-a-wifi-access-point-router-19674.html

      --
      Love many, trust a few, do harm to none.
  3. Misleading Title/Summary by forand · · Score: 5, Insightful

    The title and summary are very misleading. The exploit is to run unauthorized code. They have not presented an injection path. While this is not good it is not as bad as having a "Remote iPhone Crack."

    1. Re:Misleading Title/Summary by morgan_greywolf · · Score: 2, Informative

      Well, you're also being a bit misleading. The exploit is to remotely cause unauthorized code to run. What is most misleading about this is that it requires the phone to be jailbroken. It won't work on an OOTB iPhone.

      --
      My blog
    2. Re:Misleading Title/Summary by forand · · Score: 1

      I would disagree with your statement that "The exploit is to remotely cause unauthorized code to run," since they provide no way to obtain remote access. That is the exploit is, as I state above, to run unauthorized code. As it stands you have both install that code and have physical access to the device to run the code.

    3. Re:Misleading Title/Summary by morgan_greywolf · · Score: 2, Informative

      FTFA:

      But Miller found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a nonexecutable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable.

      The code does not need to be installed, merely downloaded and loaded into memory. The article does not say whether or not they found a remote exploit to make the data executable. Perhaps it is presumed that one will be found.

      --
      My blog
    4. Re:Misleading Title/Summary by Anonymous Coward · · Score: 0

      I am sooo tired of kdawson sensationalizing summaries so far as to actually be factually incorrect.

      can someone get rid of this clown?

      i know i can omit stories written by him, but slashdot would be a better place if they replaced him with someone who has some brains / integrity.

    5. Re:Misleading Title/Summary by Trailrunner7 · · Score: 1

      Exactly. And this was on 2.0, and 3.0 is out already. Nothing to see here.

  4. Re:Dumbing down the text... by jellomizer · · Score: 2, Insightful

    Well half of the geeks have below average intelligence. Just because you think tech stuff and science is neat it doesn't mean you are any smarter then the rest of the population.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. Phone Viruses by Logical+Zebra · · Score: 4, Interesting

    To this date, I cannot think of any cell phone viruses that have existed and spread. I would assume that is because pretty much every cell phone is different, and writing a virus for one specific phone would be a waste of time, since it would represent only a fraction of a percent of the user base. (Usually, when you write a virus, you want it to spread as far and wide as possible, right?) However, with the popularity of the iPhone, I could see a malicious person writing a virus that would infect all of the Apple phones out there, since there are a lot of iPhones on the networks.

    Could this crack be used for that? If so, are we going to see an antivirus program on the next iteration of the iPhone?

    --
    I have a bad feeling about this...
    1. Re:Phone Viruses by Anonymous Coward · · Score: 3, Insightful

      Might this be the dawn of the first "apple virus" that all Mac users claim will never happen? :-)

    2. Re:Phone Viruses by think_nix · · Score: 4, Funny

      To this date, I cannot think of any cell phone viruses that have existed and spread.

      Windows Mobile ?

    3. Re:Phone Viruses by gclef · · Score: 1

      Oh, they exist. You're right that they're not as widespread as regular ones, since the hardware and software world is much more diverse. But, they are there. For example, there was a talk at blackhat 2007 about them (slides). One interesting side part of that talk for me was the question of how to research a cell phone virus without risking infecting the production network. (The answer: one hell of a Farraday cage around the lab.)

    4. Re:Phone Viruses by Hurricane78 · · Score: 3, Informative

      What "lot" of iPhones are you talking about? Here in Germany, the iPhone is one of the rarest phones on the market. Because it's double the price of the best Nokia, and has only half the features. And I bet this will be the case for most of the world.

      If you want to get a virus going, make it run on Symbian. Or with some luck, you can use J2ME, which pretty much every phone supports, but which is a bit hard to get to do something useful (because of the additional VM/Sandbox).

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    5. Re:Phone Viruses by Stenchwarrior · · Score: 0

      I can't think of an instance where any iPhone talks to another iPhone. You'd have to write the virus with the ability to route through AT$T's network to other iPhone handsets. If you are going to do that, then you may as well write the code to infiltrate AT$T directly...I would imagine there is much more valuable information in AT$T's database of subscribers than on any given iPhone.

      Maybe a suitable injection method, without having to try and figure out how to hack the carrier, would be to write the malicious code into a seemingly legitimate app and post it on the app store. If the only thing it was doing was sitting there idle and awaiting instructions, would it be that hard to detect? Even if Apple finds the virus I'm sure at least a few people would have gotten a hold of it before it was yanked.

      --
      Loading...
    6. Re:Phone Viruses by Anonymous Coward · · Score: 1, Interesting

      When I was in high school many eons ago. The game we would play is how many viri can you get on 1 floppy. We did this on macs. I had a record of 8 :)

      Are the newer macs more impervious? Perhaps. But I would venture to say MS has a leg up on them here in that they live it and breath it every day. To Apple it is an abstract thing just due to simple market share.

      But a botnet of 300k in remote devices that can CALL people that would be very attractive to a spammer. The payload being a recorded message. The thing calls people at random times and plays the message. Wow...

    7. Re:Phone Viruses by MrCrassic · · Score: 4, Interesting

      I know that you were aiming for a "Funny" moderation, but now that I'm back on Windows Mobile after having tried phones from RIM and Apple, I'm finding that it's actually very, very versatile.

      While Windows Mobile is infamous for little bugs and freezes, it actually makes for a very complete mobile platform. Users can edit their Office documents on it, browse the web with it (even easier in WM6.1), play all sorts of media, and find lots of other uses for it. Furthermore, while iPhone OS is becoming just as versatile, it is nowhere near as customizable right off the bat, and application development is much more stringent.

      Though I won't lie that it's nowhere as pretty and suave as using the iPhone, nor will it ever be (at least not in the immediate future).

    8. Re:Phone Viruses by bleh-of-the-huns · · Score: 1

      Not sure why this was modded funny, since there is a huge winmo population of phones... granted across different manufacturers, but the underlying code is the same.

      Then, in addition to WinMo, there is Symbian, aren't all nokias symbian based.. thats millions of phones...

      --
      I came, I conquered, I coredumped
    9. Re:Phone Viruses by Anonymous Coward · · Score: 0

      Give it up nokia fan boy. There are more engineers writing jailbreak applications for the Iphone, than there are engineers writing anything for symbian. Symbian is a niche os that is on it's way out. If you had to start coding mobile phone apps today would you really consider symbian? It seems like you would target iphone/blackberry/palmpre in that order. Symbian would be tied with Windows Mobile.

    10. Re:Phone Viruses by Carewolf · · Score: 1

      Well, Nokia is the Microsoft of the mobile industry. There was a whole range of SMS viruses for Nokia some five years back, I think they finally started to validate the SMS'es better now.

    11. Re:Phone Viruses by rgviza · · Score: 1

      It might be more prudent to fix the unsigned code execution vulnerability first, but phone antivirus is a good idea and would be innovative.

      --
      Don't kid yourself. It's the size of the regexp AND how you use it that counts.
    12. Re:Phone Viruses by MBGMorden · · Score: 1

      Funny because they were referring to Windows Mobile as the virus, not an OS susceptible to them . . .

      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
    13. Re:Phone Viruses by Anonymous Coward · · Score: 0

      Crazy frog was a bloody annoying virus which went across lots of phones and networks.

      Thankfully its now dead.

    14. Re:Phone Viruses by Krneki · · Score: 3, Insightful

      Isn't this the same for the whole Windows Vs Mac flame war? Design vs functionality, where security is the last concern.

      --
      Love many, trust a few, do harm to none.
    15. Re:Phone Viruses by fulldecent · · Score: 1

      I run the VNC server on my phone (veency) and I constantly get requests to connect while I am on the AT&T network.

      Just to illustrate your point

      --

      -- I was raised on the command line, bitch

    16. Re:Phone Viruses by peppepz · · Score: 3, Informative

      If you want to get a virus going, make it run on Symbian.

      On ancient Symbian versions, perhaps. After S60v3 they added that darn platform security that won’t even let you execute your own code, let alone third-party viruses.
      Pirates periodically find cracks, but they tend to be model- and firmware version- specific.

    17. Re:Phone Viruses by bytethese · · Score: 1

      The lot of 11% of global smart phones, about 4 million devices? http://www.fiercedeveloper.com/story/iphone-captures-11-global-smartphone-os-share-q1/2009-05-25

      Sure it's not the most abundant, but 4 million devices is still a lot of devices...

    18. Re:Phone Viruses by bytethese · · Score: 2, Interesting

      I can't think of an instance where any iPhone talks to another iPhone.

      What about the new Send and Receive Files app in 3.0?
      http://gizmodo.com/5171796/iphone-30-os-guide-everything-you-need-to-know

      "Send and receive files. A dedicated application to exchange files between iPhones or iPods touch."

      Or the new Peer-to-peer Bluetooth connectivity?

      "A new API will allow for two iPhones to connect directly peer-to-peer via Bluetooth. They will be able to discover each other using Bluetooth, and then start a connection transparently. This opens a lot of possibilities. I doubt they will allow you to pass music, but you would probably be able to pass any other information, as well as directly communicating between applications in the two devices. One example: A pets game that allows two dogs to play with each other. This feature could be combined with push notification, so your iPhone may receive a note from another iPhone, inviting you to play a game one-on-one."

    19. Re:Phone Viruses by argiedot · · Score: 1

      Surely you're joking? You could not exchange files between different iPhones before? I'm sure you'd be able to do so using Bluetooth.

    20. Re:Phone Viruses by bleh-of-the-huns · · Score: 1

      Sorry, had not had my caffeine yet, no sense of humour till after.

      --
      I came, I conquered, I coredumped
    21. Re:Phone Viruses by Own3d-You · · Score: 1

      Just this year (Fiscal) they've sold over 8 million... http://en.wikipedia.org/wiki/File:IPhone_sales_per_quarter.svg#Data_and_references

    22. Re:Phone Viruses by bruno.fatia · · Score: 1

      He's just saying that most iPhone sales ought to be in US. Here in Brazil an iPhone costs around 800 US with 1 year contract* so one might say they are not the most popular phone around.

      * Excluding eBay derivatives which import the phone from somewhere else.

    23. Re:Phone Viruses by bytethese · · Score: 1

      Why would I be joking? Previously, no, you could not transfer files on any non jailbroken iPhones. Now you can so in essence, you have a deliver method and would only need to craft a method of execution.

    24. Re:Phone Viruses by takev · · Score: 2, Insightful

      Thing is, non smartphones in Europe have more features than the iPhone. Its just that the interface sucks on most of these phones.
      I am going to get the iPhone because I want a device with a good user interface (currently I don't use the mp3 playback on the my phone, mostly because it requires a dock connector on the headphone), I find that the new iPhone has finally a decent camera in it.

      Although the user interface of the camera on my current phone (sony ericson) is the best, bar none: slide open, press the button on the side slightly to lock focus and lock light (I have my camera settings to semi-auto), aim, press button deeper, put it back in your pocket. This works without unlocking the phone or anything. It even has an actual xenon flash. On an iPhone getting the camera to take an actual picture takes much more time and effort.

      Why doesn't the iPhone have flash, or even second camera (video phone), these are standard features in any phone these days.

    25. Re:Phone Viruses by A1rmanCha1rman · · Score: 1

      "To Apple it is an abstract thing just due to simple market share."

      I see how you sneaked that one in there, a sweeping statement that it is part of a much larger debate about the non-prevalence of viruses on Macs.

      Much as no-one wants a diversion from the main thrust of this topic, you cannot be allowed to sneak away with such a fallacious and ill-considered statement.

      --
      I get up, I get down...
    26. Re:Phone Viruses by iron-kurton · · Score: 2, Informative

      ...application development is much more stringent

      Not only is it more stringent, but a helluva lot more frustrating in my opinion, because of XCode, IB, and Objective-C. Anyone have any insight into why they chose that language??

      --
      Change is inevitable, except from a vending machine -- Robert C. Gallagher
    27. Re:Phone Viruses by Stevecrox · · Score: 1

      Because bluetooth file transfer has been around for years, I remember sending files via bluetooth on my Nokia 7650 (cira 2002). Most basic low end phones provide the ability to transfer files via bluetooth.

      My Phone right now has connected to my PC via bluetooth and is updating the track list over bluetooth. Hence the posters position, its like the iPhone not having MMS capability (I know its getting it), its such a basic feature most people assume it will be built into the phone.

    28. Re:Phone Viruses by cortesoft · · Score: 1

      Here in San Francisco, I am pretty sure everyone and their mother has an iPhone. It feels like a novelty to see another phone.

    29. Re:Phone Viruses by Anonymous Coward · · Score: 0

      Anyone have any insight into why they chose that language??

      NeXTstep was built on top of Obj-C before C++ became ubiquitous (mid-late 1980s). Mac OS X was built on top of the OS technology from Apple's acquisition of NeXT, and iPhone OS is basically OS X with extra (and missing) frameworks.

    30. Re:Phone Viruses by E+IS+mC(Square) · · Score: 1

      Correct. The only fallacious and ill-considered statement allowed on /. is that "OSX is virus and malware proof just because Apple made it fully secure, and not at all because it's marketshare is close to being in single digit."

    31. Re:Phone Viruses by Anonymous Coward · · Score: 0

      I don't see the send&receive files app on my 3.0 dev phone... (7a341)

      and no, there is no method to even access the filesystem on any version of the iphone without jailbreaking.

  6. Re:Dumbing down the text... by Anonymous Coward · · Score: 0, Offtopic

    You're assuming that geeks have equally distributed intelligence (no, not a Beowulf cluster). That's like saying half of Nobel Prize Winners have below average intelligence because "you think tech stuff and science is neat it doesn't mean you are any smarter then the rest of the population."

  7. Re:Dumbing down the text... by zolf13 · · Score: 1, Offtopic

    FTFY:
    Half of the geeks have inteligence below the median inteligence of the geek population.

  8. Capt Crunch? by Anonymous Coward · · Score: 2, Interesting

    Is there any irony in that some early Apple folks started out phone phreaking?

    1. Re:Capt Crunch? by bsDaemon · · Score: 2, Insightful

      I hate the term "phone phreaking" -- it just fills my mind with images of Woz wiping out the Blue Box to make crank calls which inevitably involve the phrase, "so, what are you wearing?" while doing horrible things to himself without any hot grits in site.....ewww....

    2. Re:Capt Crunch? by Anonymous Coward · · Score: 0

      phone phreaking

      That would be phreaking. Phone is where it got its "ph".

  9. Chances by s1lverl0rd · · Score: 1, Insightful

    Well, it's all just chance calculation. Let's say that 1 million iPhones/iPod Touches were sold. Let us then assume that 0.5 percent of the people that buy an iPhone are Evil Haxx0rz and want to hack their new phone. I guess that no more that a half percent of *that* group succeed in finding a way to execute arbitrary code.

    One of the 25 is holding his speech at the Black Hat conference in Las Vegas.

    1. Re:Chances by vadim_t · · Score: 1

      You're not making any sense.

      Somebody wanting to mess with their own phone is not an "Evil Haxx0r". Nor they need this, since they can jailbreak it already.

      What this gives to a real "Evil Haxx0r" is the ability to mess with your phone. And though as you point out the amount of people with the ability to do such things is small, it can also be quite profitable, and programs that make it easy can be made, which will let every script kiddie on the planet exploit your phone with one click.

  10. Re:Dumbing down the text... by BiggerIsBetter · · Score: 0, Offtopic

    Half of the geeks have inteligence below the median inteligence of the geek population.

    Sadly, the distribution of spelling ability is not so evenly spread among the geek population...

    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
  11. This is news? by lseltzer · · Score: 1, Insightful

    TFA makes it sound like there have never been any remotely exploitable vulnerabilities in the iPhone before. There have been dozens of exploitable bugs in Webkit, for example. The fact that no phones were cracked at Pwn2Own didn't prove they weren't crackable.

    1. Re:This is news? by Richard_at_work · · Score: 1, Interesting

      Infact, the first widely used jailbreaking technique involved exploiting Safari on the iPhone to crash it and inject code - there was infact a website you could visit to jailbreak your iPhone simply by clicking on a link.

  12. Re:Dumbing down the text... by jellomizer · · Score: 4, Insightful

    My experience with dealing with geeks seem to show me that the distribution of intelligence is about on par with the rest of the population, in its normal distribution. We like to see our selfs better then everyone else but that really isn't the case.

    I have found that people who are on the manufacturing floor of a factory are just as likely to pick up an abstract explanation as a geek would. Sure geeks have memorized some terms and vocabulary however for the most part their ability to understand is about the same as everyone else.
    Conversely there are a lot of people who know things that it is difficult for me to comprehend who are not geeks about the same amount who are geeks.

    You analogy is off. Because geeks are a sub-culture Nobel Prise Winners are people who won an award for their excellence.
    What does it take to be a geek. Watch a lot of Star Trek, or Sci-Fi, Read Comic Books, Write code (I was able to do then when I was 6 years old) none of this requires a high intelligence, to preform at some level.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  13. Woznia = phreak :: Jobs = control phreak by jonaskoelker · · Score: 2, Funny

    They went from blue boxes to beige boxes to white boxes. Now the white boxes themselves are getting blue-boxed ;-)

    That is, play the right piece of software at 2600 Hz into the iPhone microphone and you can use it to access the whole network instead of Apple and AT&T's walled garden.

    Only this time, the wall is on your phone and not the network.

  14. Good old Presto Changeo! by xanthos · · Score: 1

    As I recall, Microsoft used to have an api call called PrestocChangeo or some such that did this. Probably in Win16. Always thought that changing a chunk of data into executable code was a bad idea. I would have thought such nonsense was a thing of the past but who knows, maybe that same or similar api still exists. (I'm an old guy and I don't get down to the system level calls much anymore, someone younger will need to look.)

    --
    Average Intelligence is a Scary Thing
    1. Re:Good old Presto Changeo! by Anonymous Coward · · Score: 0

      It was PrestoChangoSelector.
      I also remember a HereTharBeTygars function.

  15. Re:Dumbing down the text... by jellomizer · · Score: 1, Funny

    yehe, dem sai dat eyem sisks standird dieaveations twu da leaft

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  16. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  17. iPhone Access Structure is locked down? by DJRumpy · · Score: 0

    Someone correct me if I'm wrong, but doesn't the iphone API specifically prevent 3rd party apps from accessing sensitive areas? For instance non-system apps can't access things like your personal address book. Would those additional controls mitigate the exposure here to the non-sensitive user space?

    Don't get me wrong. Any exposure is bad, but the summary makes this sound like some full blown windows remote code execution issue.

    Are there any iPhone developers who can chime in with some insight?

    1. Re:iPhone Access Structure is locked down? by OneSmartFellow · · Score: 2

      From the blurb: This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable.

      They have found a bug in the protection mechanism which prevents the type of exploit of which you talk.

    2. Re:iPhone Access Structure is locked down? by moon3 · · Score: 2, Insightful

      iPhone Access Structure is locked down

      Sure, and btw, nicely designed Apple tinfoil hat.

    3. Re:iPhone Access Structure is locked down? by DJRumpy · · Score: 0, Troll

      Considering the iPhone OS underpinnings are based on Unix, I don't think the hat would be made out of tin...

    4. Re:iPhone Access Structure is locked down? by Anonymous Coward · · Score: 0

      Not sure why that was modded as a Troll. It certainly isn't ugly or inflammatory in any way.

    5. Re:iPhone Access Structure is locked down? by jeff4747 · · Score: 1

      Would those additional controls mitigate the exposure here to the non-sensitive user space?

      It wouldn't be much of a 'hack' unless it included privilege escalation.

  18. An app that smashes its own stack by AntiRush · · Score: 3, Interesting
    I haven't done the legwork but it appears that an attack vector exists via the App Store. Applications allow downloading of data files (podcasts, for example).

    Simply get your application published and give people some incentive to download it (for free). Once your intended target or target quota has installed download a "media file" that's actually the malicious binary. Then it's just a matter of smashing your own application's stack to run the code.

    1. Re:An app that smashes its own stack by MobileTatsu-NJG · · Score: 2, Insightful

      I haven't done the legwork but it appears that an attack vector exists via the App Store. Applications allow downloading of data files (podcasts, for example).

      Simply get your application published and give people some incentive to download it (for free). Once your intended target or target quota has installed download a "media file" that's actually the malicious binary. Then it's just a matter of smashing your own application's stack to run the code.

      The "simply get your application published" bit, though not impossible to avoid, would leavea a trail leading all the way up to you.

      You'd get more satisfaction out of creating a Windows virus.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  19. "all" Mac users by Anonymous Coward · · Score: 1, Insightful

    Might this be the dawn of the first "apple virus" that all Mac users claim will never happen? :-)

    I know you put the smiley there, but still: who are "all" of these Mac users? I have OS X at home (Unix admin for $WORK), and I partly run OS X because there is currently no malware for it. Just as I prefer Unix for servers as they're a small target as well--in general I avoid Windows whenever I can.

    There actually were viruses for Mac OS in the pre-X (10) days, but no one's bothered to really try since the current Unix-based OS came out.

    Hopefully Apple will put in measures like ASLR, or SELinux-like protections to help improve 'security' of the OS, but right now you're relatively 'safe'. (The two terms are related, but not the same.)

  20. I don't want a walled garden anyhow. by jbn-o · · Score: 1

    Perhaps, but this activity is the kind of thing Apple used as reason to not allow users their software freedom with their own phone. Around the time of the iPhone's introduction Steve Jobs told Newsweek:

    "You don't want your phone to be an open platform," meaning that anyone can write applications for it and potentially gum up the provider's network, says Jobs. "You need it to work when you need it to work. Cingular doesn't want to see their West Coast network go down because some application messed up."

    Leaving one to wonder about that other network called the Internet. Even when viewed only from a security standpoint, this was a tall order to fill. It appears that Apple has failed to fill it.

    --
    Digital Citizen
  21. yeah, sure by catmistake · · Score: 1

    Details of the exploit will be presented next month...

    My remote iPhone exploit is a Canadian supermodel.

    --
    The Admin and the Engineer
  22. Re:BadAnalogyGuy by Anonymous Coward · · Score: 0

    Is he really? I'd like to see some evidence and form my own conclusion.

  23. Re:Dumbing down the text... by filthpickle · · Score: 1

    maybe a little off topic, but spot on.

  24. Re:Dumbing down the text... by Anonymous Coward · · Score: 2, Funny

    He's saying that geeks are a random sample of the population with regard to intelligence, yes. If you've ever heard an MSCE call himself a geek, you'd agree.

  25. Re:Dumbing down the text... by Moridineas · · Score: 2, Informative

    Very well said...that's one of the self-delusions of many in the geek community that really irritates me (that we're smarter ergo better than everyone else). It seems a lot of this goes along with the rise of geek chic.

    In highschool and the like, I always felt sorriest for the dumb geeks / dumb nerds...they had it worst of all IMHO. And yes I agree, there are absolutely dumb geeks

  26. No infection vector? by argent · · Score: 1

    Viruses spread not because a computer can be broken into, but because a computer can be broken into AND because it can broadcast the virus to other computers.

    That's why there were no wild Palm OS viruses even when Palm had 80% of the market for years, because the only way to transfer the infection from one Palm to another was for the owner of the infected Palm and the target to deliberately beam a file from one to another.

    For cellphones, there's even fewer opportunities for infection, because iPhone owners don't routinely beam files to each other. Most phone-to-phone communication is voice or very short text messages.

    What mechanisms are there for an iPhone in my pocket to infect an iPhone in your pocket?

    1. Re:No infection vector? by Anonymous Coward · · Score: 0

      with peer to peer blue tooth for gaming the opportunity get MUCH larger.

    2. Re:No infection vector? by argent · · Score: 1

      You just need to find a buffer overflow in a game that's popular enough that you're likely to actually find enough people playing it, that doesn't crash the game when you run the exploit because people tend to notice when their games crash, and then write a program to find someone playing it that won't flatten the battery by keeping the bluetooth radio continually active...

    3. Re:No infection vector? by slashkitty · · Score: 1

      You're thinking of worms, not viruses. Viruses do not need to be able to 'broadcast' to spread. They spread via contact or in the old days, infected disks.

      --
      -- these are only opinions and they might not be mine.
    4. Re:No infection vector? by argent · · Score: 1

      Active worms or passive viruses, they still need an infection vector. Without traffic between phones to piggyback on, there's no vector, and no propagation of the virus.

  27. Re:Dumbing down the text... by Anonymous Coward · · Score: 0

    oh here we go again. maybe they got an MCSE because they had a hard time getting a job. what you know you can do in your own life is hard to convince a HR manager of on a resume. the MCSE just lets them fill that checkbox. lay off the hate.

  28. Not Safari by yabos · · Score: 1

    Actually it was a libtiff exploit (open source, but old version) that the iPhone used, not a bug in Safari itself.

  29. Re:Dumbing down the text... by Mike+Buddha · · Score: 1

    I have found that people who are on the manufacturing floor of a factory are just as likely to pick up an abstract explanation as a geek would.

    So being a geek is more a function of nerd literacy rather than intelligence? I concur. I would also expand this to personal hygiene (specifically lack thereof) as well.

    --
    by Mike Buddha -- Someday the mountain might get him, but the law never will.
  30. Re:Dumbing down the text... by Mike+Buddha · · Score: 2, Funny

    Very well said...that's one of the self-delusions of many in the geek community that really irritates me (that we're smarter ergo better than everyone else). It seems a lot of this goes along with the rise of geek chic.

    But isn't the point of choosing to be in any social group an effort to feel better about oneself? Some geeks take the easy way out by making themselves feel taller by shoving people beneath them.

    --
    by Mike Buddha -- Someday the mountain might get him, but the law never will.
  31. Re:Dumbing down the text... by Moridineas · · Score: 2, Insightful

    But isn't the point of choosing to be in any social group an effort to feel better about oneself? Some geeks take the easy way out by making themselves feel taller by shoving people beneath them.

    Yeah, I absolutely agree.

    I have a very vivid memory of being in 7th grade science class and snickering at this kid who could barely read. At the time it was annoying, funny, and felt like a waste of my time to be in this class (which it probably was) ...and my friends and I snickered. I've felt guilty about that for a long time...one of my "wake up" moments in life.

  32. Mac User Status: by Anonymous Coward · · Score: 0

    [ ] Not told
    [ ] Pending
    [X] TOLD

  33. Re:Dumbing down the text... by Lokitoth · · Score: 1

    Maybe this is an attempt at a new form of Six-Sigma compliance?

  34. Re:Dumbing down the text... by Anonymous Coward · · Score: 0

    ...none of this requires a high intelligence, to preform at some level.

    I prefer postforming to 'preforming' when I perform, I also want a 'prize' for for all the geeks who don't fall over 'ourselves' to point out other people's shortfalls.

    Sorry, couldn't help it...

  35. Re:Dumbing down the text... by Anonymous Coward · · Score: 0

    Thank you for using 'ergo' -- and correctly! It's a highly underused but useful word. Kudos.

  36. Re:Dumbing down the text... by jabithew · · Score: 1

    It seems a lot of this goes along with the rise of geek chic.

    When did this happen and why wasn't I informed?

    --
    All intents and purposes. Not intensive purposes.
  37. Re:Dear frustrated right wing nutjob by Anonymous Coward · · Score: 0

    LMAO

    I love the smell of panicked right wing nut job in the morning, it smells like victory.

    Every post brings a smile to my face I love watching you idiots thrash around in impotent fury
    making up bizarre and totally false stories to justify your weenie inadequacy.

    Great stuff.

  38. Re:Dear frustrated right wing nutjob by jcr · · Score: 0, Flamebait

    I love the smell of panicked right wing nut job in the morning, it smells like victory.

    If he were a right-winger, wouldn't he be praising Obama for continuing Bush's bad policies?

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  39. Re:Dear Obongo supporters... by jcr · · Score: 1

    when interest rates reach Jimmy Carter levels

    What makes you think that the Fed is suddenly going to give up their inflation policy?

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  40. Re:Dumbing down the text... by Mike+Buddha · · Score: 1

    Don't be too hard on yourself. Children are self-centered, then we grow out of it.

    --
    by Mike Buddha -- Someday the mountain might get him, but the law never will.
  41. Re:Dumbing down the text... by Anonymous Coward · · Score: 0

    (from Merriam-Webster)
    1 : a carnival performer often billed as a wild man whose act usually includes biting the head off a live chicken or snake.
    2 : a person often of an intellectual bent who is disliked
    3 : an enthusiast or expert especially in a technological field or activity

    Unless you're talking about #1, a group with an above average percentage of intellectuals and experts is going to be above the average in intelligence. May I suggest that the people you've met are not necessarily representative of all geeks. I would also venture to guess that it's not so simple to estimate someone's intelligence from casual interaction. You're really taking a lot on faith. There's also the possibility that the average non-geek is a lot dumber than you realize.

    I take it you don't self-identify as a geek, or you see yourself as much smarter than other geeks. Either way, I've seen that before.

  42. Re:Dumbing down the text... by Anonymous Coward · · Score: 0

    So being a geek is more a function of nerd literacy rather than intelligence? I concur. I would also expand this to personal hygiene (specifically lack thereof) as well.

    Great. So, we can claim all the negative stereotypes about us without objections, but despite being a group that reveres intelligence and aspires to academic achievement, we're probably a lot dumber than people think.

    No, it's worse than that. According to you guys, we're dumber than the average, which is ridiculous. Could it be that you are overstating your feelings?