Slashdot Mirror

← Back to Stories (view on slashdot.org)

New iPhone Attack Kills Apps, Reroutes Web Traffic

Posted by kdawson on from the dead-cert dept.

Trailrunner7 sends in a threatpost.com article on exploiting flaws in the way the iPhone handles digital certificates. "[Several flaws] could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker is able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chooses, and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from that phone. ... Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. 'It definitely works. I downloaded the file and ran it and it worked,' Miller said. 'The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it's been verified.'"

3 of 125 comments (clear)

  1. Re:Heh by ijitjuice · · Score: 3, Interesting

    If you get apps from the app store how would this get installed? If Im about n about this would just pop up on my screen? I guess Im lost as to how it would get on my phone in the first place?

  2. Re:yikes! by Voyager529 · · Score: 5, Interesting

    My guess is that at least a part of the reason is that many of the exploits are used for jailbreaking and unlocking. With Apple trying feverishly to outwit the iPhone Dev Team, many of the vulnerabilities they use get patched (TIFF Exploit?). I'd imagine that this ultimately helps keep the iPhone a more secure platform.

  3. Re:Heh by Oooskar · · Score: 3, Interesting

    As part of the attack, the anonymous researchers obtained a signature certificate from VeriSign for a company named Apple Computer

    You have to fool VeriSign first, just like any other SSL man-in-the-middle attack, so I guess it depends on what you call easy.

    Actually, as stated in the original blog post liked from the article, it was a demo signature certificate for a person named "Apple Computer". Such certificates are offered by VeriSign without validation. The problem is that the iPhone trusts such certificates, and that it doesn't make it clear that it isn't a validated organization name it publishes.