Slashdot Mirror

← Back to Stories (view on slashdot.org)

New iPhone Attack Kills Apps, Reroutes Web Traffic

Posted by kdawson on from the dead-cert dept.

Trailrunner7 sends in a threatpost.com article on exploiting flaws in the way the iPhone handles digital certificates. "[Several flaws] could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker is able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chooses, and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from that phone. ... Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. 'It definitely works. I downloaded the file and ran it and it worked,' Miller said. 'The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it's been verified.'"

10 of 125 comments (clear)

  1. Heh by Pojut · · Score: 4, Funny

    ::cue "see, Apple isn't perfect" comments::

    See? Apple isn't perfect!

    --
    Living With a Nerd
    1. Re:Heh by jjoelc · · Score: 5, Funny

      Easy, just go to "jailbreaking for dummies dot com" enter you credit card, social security, and bank information. Then download the "MakeYourPhoneCooler.vbs" file to your PC. it will present you with complete directions to download and install the software to your iPhone. FREE WITH EVERY PURCHASE! Banned by Apple! STRIP Poker game!

    2. Re:Heh by Dishevel · · Score: 4, Funny

      Oh nos! You have to fool someone? Now it will never work.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    3. Re:Heh by Anonymous Coward · · Score: 1, Funny

      Linux and MacOS are indeed invulnerable.

      See? Now you have.

  2. Thank Ghod I run Windows by Anonymous Coward · · Score: 5, Funny

    Oh my! These repeated iPhone & Mac attacks are making me happy I run MS-Windows on my *(@&!)Sw2
    ***NO CARRIER***

  3. IMPOSSIBLE by Some.Net(Guy) · · Score: 1, Funny

    Cmon, everyone knows that Apple products are impervious to viruses. ....bahahahahaha

  4. Don't worry by CSHARP123 · · Score: 3, Funny

    Nortan Anti-Virus software is now available for iPhone too. I was wondering when it will become available. Thanks now my iPhone works the same way as PC with Windows :)

    1. Re:Don't worry by Anonymous Coward · · Score: 1, Funny

      Nortan Anti-Virus software is now available for iPhone too.

      Buying knock offs again, eh?

    2. Re:Don't worry by silent_artichoke · · Score: 2, Funny

      Indeed. Symantec hired Chuck Norris to compile Norton. He glared at the code and it compiled itself out of fear. Chuck Norris can also overflow any buffer.

  5. Thank goodness... by metamatic · · Score: 3, Funny

    ...the iPhone controls what software you're allowed to run, to keep it secure. Otherwise it would suffer from exploits like this one.

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak