Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Find Remote iPhone Crack

Posted by kdawson on from the jailbreaking-via-mortar dept.

Al writes "Two researchers have found a way to run unauthorized code on an iPhone remotely. This is different than 'jailbreaking,' which requires physical access to the device. Normally applications have to be signed cryptographically by Apple in order to run. But Charles Miller of Independent Security Evaluators and Vincenzo Iozzo from the University of Milan found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable. The trick is significant, say Miller and Iozzo, because it provides a way to do something on a device after making use of a remote exploit. Details will be presented next month at the Black Hat Conference in Las Vegas." The attack was developed on version 2.0 of the iPhone software, and the researchers don't know if it will work when 3.0 is released.

31 of 114 comments (clear)

  1. frost pist by Anonymous Coward · · Score: 4, Funny

    Apple are brown hatters, not black.

  2. Is this good news. by jellomizer · · Score: 4, Insightful

    Does that mean if we go to the "wrong" web site we can enable Wi-Fi tethering without have to pay extra?

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Is this good news. by Anonymous Coward · · Score: 3, Insightful

      Only if you want to risk losing your service. Tethering without a tethering plan is a violation of AT&T's terms of use. It seems to me that it would be pretty easy to detect. For instance, they could check your browser agent information when you make HTTP requests. They could also look for connections over known ports that would imply you're not on a phone (such as a WoW connection). It seems there are several ways AT&T could spot that you're using a tethered connection without paying for it. So even if you can enable it, it would probably be best not to unless you're interested in potentially losing your phone service.

    2. Re:Is this good news. by Dare+nMc · · Score: 3, Interesting

      imply you're not on a phone

      exactly, imply. If your allowed to install apps on your phone, everything you point out is possibly a new app that AT&T doesn't know about, and would be a pain if AT&T's permission were required to install/run each new type of app. Granted, for the I-Phone crowd, requiring permission to install/use a app isn't uncharted territory. but for the rest of the smart phones, this wouldn't be very nice.

  3. Misleading Title/Summary by forand · · Score: 5, Insightful

    The title and summary are very misleading. The exploit is to run unauthorized code. They have not presented an injection path. While this is not good it is not as bad as having a "Remote iPhone Crack."

    1. Re:Misleading Title/Summary by morgan_greywolf · · Score: 2, Informative

      Well, you're also being a bit misleading. The exploit is to remotely cause unauthorized code to run. What is most misleading about this is that it requires the phone to be jailbroken. It won't work on an OOTB iPhone.

      --
      My blog
    2. Re:Misleading Title/Summary by morgan_greywolf · · Score: 2, Informative

      FTFA:

      But Miller found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a nonexecutable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable.

      The code does not need to be installed, merely downloaded and loaded into memory. The article does not say whether or not they found a remote exploit to make the data executable. Perhaps it is presumed that one will be found.

      --
      My blog
  4. Re:Dumbing down the text... by jellomizer · · Score: 2, Insightful

    Well half of the geeks have below average intelligence. Just because you think tech stuff and science is neat it doesn't mean you are any smarter then the rest of the population.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. Phone Viruses by Logical+Zebra · · Score: 4, Interesting

    To this date, I cannot think of any cell phone viruses that have existed and spread. I would assume that is because pretty much every cell phone is different, and writing a virus for one specific phone would be a waste of time, since it would represent only a fraction of a percent of the user base. (Usually, when you write a virus, you want it to spread as far and wide as possible, right?) However, with the popularity of the iPhone, I could see a malicious person writing a virus that would infect all of the Apple phones out there, since there are a lot of iPhones on the networks.

    Could this crack be used for that? If so, are we going to see an antivirus program on the next iteration of the iPhone?

    --
    I have a bad feeling about this...
    1. Re:Phone Viruses by Anonymous Coward · · Score: 3, Insightful

      Might this be the dawn of the first "apple virus" that all Mac users claim will never happen? :-)

    2. Re:Phone Viruses by think_nix · · Score: 4, Funny

      To this date, I cannot think of any cell phone viruses that have existed and spread.

      Windows Mobile ?

    3. Re:Phone Viruses by Hurricane78 · · Score: 3, Informative

      What "lot" of iPhones are you talking about? Here in Germany, the iPhone is one of the rarest phones on the market. Because it's double the price of the best Nokia, and has only half the features. And I bet this will be the case for most of the world.

      If you want to get a virus going, make it run on Symbian. Or with some luck, you can use J2ME, which pretty much every phone supports, but which is a bit hard to get to do something useful (because of the additional VM/Sandbox).

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    4. Re:Phone Viruses by MrCrassic · · Score: 4, Interesting

      I know that you were aiming for a "Funny" moderation, but now that I'm back on Windows Mobile after having tried phones from RIM and Apple, I'm finding that it's actually very, very versatile.

      While Windows Mobile is infamous for little bugs and freezes, it actually makes for a very complete mobile platform. Users can edit their Office documents on it, browse the web with it (even easier in WM6.1), play all sorts of media, and find lots of other uses for it. Furthermore, while iPhone OS is becoming just as versatile, it is nowhere near as customizable right off the bat, and application development is much more stringent.

      Though I won't lie that it's nowhere as pretty and suave as using the iPhone, nor will it ever be (at least not in the immediate future).

    5. Re:Phone Viruses by Krneki · · Score: 3, Insightful

      Isn't this the same for the whole Windows Vs Mac flame war? Design vs functionality, where security is the last concern.

      --
      Love many, trust a few, do harm to none.
    6. Re:Phone Viruses by peppepz · · Score: 3, Informative

      If you want to get a virus going, make it run on Symbian.

      On ancient Symbian versions, perhaps. After S60v3 they added that darn platform security that won’t even let you execute your own code, let alone third-party viruses.
      Pirates periodically find cracks, but they tend to be model- and firmware version- specific.

    7. Re:Phone Viruses by bytethese · · Score: 2, Interesting

      I can't think of an instance where any iPhone talks to another iPhone.

      What about the new Send and Receive Files app in 3.0?
      http://gizmodo.com/5171796/iphone-30-os-guide-everything-you-need-to-know

      "Send and receive files. A dedicated application to exchange files between iPhones or iPods touch."

      Or the new Peer-to-peer Bluetooth connectivity?

      "A new API will allow for two iPhones to connect directly peer-to-peer via Bluetooth. They will be able to discover each other using Bluetooth, and then start a connection transparently. This opens a lot of possibilities. I doubt they will allow you to pass music, but you would probably be able to pass any other information, as well as directly communicating between applications in the two devices. One example: A pets game that allows two dogs to play with each other. This feature could be combined with push notification, so your iPhone may receive a note from another iPhone, inviting you to play a game one-on-one."

    8. Re:Phone Viruses by takev · · Score: 2, Insightful

      Thing is, non smartphones in Europe have more features than the iPhone. Its just that the interface sucks on most of these phones.
      I am going to get the iPhone because I want a device with a good user interface (currently I don't use the mp3 playback on the my phone, mostly because it requires a dock connector on the headphone), I find that the new iPhone has finally a decent camera in it.

      Although the user interface of the camera on my current phone (sony ericson) is the best, bar none: slide open, press the button on the side slightly to lock focus and lock light (I have my camera settings to semi-auto), aim, press button deeper, put it back in your pocket. This works without unlocking the phone or anything. It even has an actual xenon flash. On an iPhone getting the camera to take an actual picture takes much more time and effort.

      Why doesn't the iPhone have flash, or even second camera (video phone), these are standard features in any phone these days.

    9. Re:Phone Viruses by iron-kurton · · Score: 2, Informative

      ...application development is much more stringent

      Not only is it more stringent, but a helluva lot more frustrating in my opinion, because of XCode, IB, and Objective-C. Anyone have any insight into why they chose that language??

      --
      Change is inevitable, except from a vending machine -- Robert C. Gallagher
  6. Capt Crunch? by Anonymous Coward · · Score: 2, Interesting

    Is there any irony in that some early Apple folks started out phone phreaking?

    1. Re:Capt Crunch? by bsDaemon · · Score: 2, Insightful

      I hate the term "phone phreaking" -- it just fills my mind with images of Woz wiping out the Blue Box to make crank calls which inevitably involve the phrase, "so, what are you wearing?" while doing horrible things to himself without any hot grits in site.....ewww....

  7. Re:Dumbing down the text... by jellomizer · · Score: 4, Insightful

    My experience with dealing with geeks seem to show me that the distribution of intelligence is about on par with the rest of the population, in its normal distribution. We like to see our selfs better then everyone else but that really isn't the case.

    I have found that people who are on the manufacturing floor of a factory are just as likely to pick up an abstract explanation as a geek would. Sure geeks have memorized some terms and vocabulary however for the most part their ability to understand is about the same as everyone else.
    Conversely there are a lot of people who know things that it is difficult for me to comprehend who are not geeks about the same amount who are geeks.

    You analogy is off. Because geeks are a sub-culture Nobel Prise Winners are people who won an award for their excellence.
    What does it take to be a geek. Watch a lot of Star Trek, or Sci-Fi, Read Comic Books, Write code (I was able to do then when I was 6 years old) none of this requires a high intelligence, to preform at some level.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  8. Woznia = phreak :: Jobs = control phreak by jonaskoelker · · Score: 2, Funny

    They went from blue boxes to beige boxes to white boxes. Now the white boxes themselves are getting blue-boxed ;-)

    That is, play the right piece of software at 2600 Hz into the iPhone microphone and you can use it to access the whole network instead of Apple and AT&T's walled garden.

    Only this time, the wall is on your phone and not the network.

  9. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  10. Re:iPhone Access Structure is locked down? by OneSmartFellow · · Score: 2

    From the blurb: This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable.

    They have found a bug in the protection mechanism which prevents the type of exploit of which you talk.

  11. An app that smashes its own stack by AntiRush · · Score: 3, Interesting
    I haven't done the legwork but it appears that an attack vector exists via the App Store. Applications allow downloading of data files (podcasts, for example).

    Simply get your application published and give people some incentive to download it (for free). Once your intended target or target quota has installed download a "media file" that's actually the malicious binary. Then it's just a matter of smashing your own application's stack to run the code.

    1. Re:An app that smashes its own stack by MobileTatsu-NJG · · Score: 2, Insightful

      I haven't done the legwork but it appears that an attack vector exists via the App Store. Applications allow downloading of data files (podcasts, for example).

      Simply get your application published and give people some incentive to download it (for free). Once your intended target or target quota has installed download a "media file" that's actually the malicious binary. Then it's just a matter of smashing your own application's stack to run the code.

      The "simply get your application published" bit, though not impossible to avoid, would leavea a trail leading all the way up to you.

      You'd get more satisfaction out of creating a Windows virus.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  12. Re:iPhone Access Structure is locked down? by moon3 · · Score: 2, Insightful

    iPhone Access Structure is locked down

    Sure, and btw, nicely designed Apple tinfoil hat.

  13. Re:Dumbing down the text... by Anonymous Coward · · Score: 2, Funny

    He's saying that geeks are a random sample of the population with regard to intelligence, yes. If you've ever heard an MSCE call himself a geek, you'd agree.

  14. Re:Dumbing down the text... by Moridineas · · Score: 2, Informative

    Very well said...that's one of the self-delusions of many in the geek community that really irritates me (that we're smarter ergo better than everyone else). It seems a lot of this goes along with the rise of geek chic.

    In highschool and the like, I always felt sorriest for the dumb geeks / dumb nerds...they had it worst of all IMHO. And yes I agree, there are absolutely dumb geeks

  15. Re:Dumbing down the text... by Mike+Buddha · · Score: 2, Funny

    Very well said...that's one of the self-delusions of many in the geek community that really irritates me (that we're smarter ergo better than everyone else). It seems a lot of this goes along with the rise of geek chic.

    But isn't the point of choosing to be in any social group an effort to feel better about oneself? Some geeks take the easy way out by making themselves feel taller by shoving people beneath them.

    --
    by Mike Buddha -- Someday the mountain might get him, but the law never will.
  16. Re:Dumbing down the text... by Moridineas · · Score: 2, Insightful

    But isn't the point of choosing to be in any social group an effort to feel better about oneself? Some geeks take the easy way out by making themselves feel taller by shoving people beneath them.

    Yeah, I absolutely agree.

    I have a very vivid memory of being in 7th grade science class and snickering at this kid who could barely read. At the time it was annoying, funny, and felt like a waste of my time to be in this class (which it probably was) ...and my friends and I snickered. I've felt guilty about that for a long time...one of my "wake up" moments in life.