Slashdot Mirror
iPhone Jailbreak Modified Into CC Sniffing Malware
chicksdaddy writes "In a presentation at the ToorCon Hacking Conference in San Diego on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs, demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware that can monitor voice and video activity or intercept sensitive data, such as credit card magnetic stripe data from an iPhone-based transaction."
Viruses for the iphone!
Good God. Is the level of Apple hate so high that this has to be twisted into some sort of conspiracy about Apple?
Of all places, slashdot should be the sort of place that understands the nature of security exploits - which is exactly what the jailbreak takes advantage of. Colour me *utterly unsurprised* that the same exploit (and any tools created to make use of it) can be changed to do things that you really don't want.
Apple has nothing to do with this (apart from shipping software with a security flaw, but they are not unique in that respect).
Yes, and Adobe Photoshop could be modified to become a program that indoctrinates me in Marxist philosophy. What's the point? That a user installing an application needs to trust its source? This has been true ever since there has been third party software.
Shame on Slashdot for pushing this.
That's why I always use BCC, much safer...
The researcher took the obvious step of adding malware code to a jail break program. While the article reports that the Jailbreak app will lead the way for more malware, it also stated this which contradicts:
Emphasis mine.
Also the "more and more high value" application line warrants a "no shit sherlock". Willie Sutton robbed banks because that was where the money was.
Basically this just shows that you need to know the risks before you jailbreak your phone. This is true for any phone OS, since jailbreak is a political term for rooting. Check the source (as in where you downloaded) and compare the binary with a known reliable hash (eg. MD5, etc). When you leave the comforts of the installed ROM, you need to be more vigilant about your security.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
With all due respect to anyone who has any type of idevice, no-duhh! Jailbreaking is literally breaking a part of the software, the part that currently helps protect your idevice from being open to the malware/viruses that lurk on the net.Apple is going to have to really work on creating some AV and Firewall protection soon. That being said I personally am somewhat for jailbreaking, but I dont have my ipad jailbroken myself. I have no reason to jailbreak, I dont need multitasking, and although I would love to have root access so that I can use my ipad as a external drive (or connect to one), it is not something I really need. I think that the main reason most people jailbreak an ipod/ipad is to install pirated apps. The Iphone owners on the otherhand, I encourage every single one to jailbreak, so that they are not locked into any single carrier.
I bet that most people using JailbreakMe or other variants don't realize they could be installing malware. They just want to install non-approved software or in most cases pirated software and heard about jailbreaking.
I've actually had someone reply to me that "there's no mention of anything else than jailbreaking on the webpage of the hack, and I'm not important enough for people to spy on me anyway". Most people don't understand technology and will believe what they are told, good or bad.
Just because Slashdot readers understand technology doesn't mean regular users do. Just two days ago I was discussing with someone in his 70's how "the blue E" wasn't the internet and how Wikipedia wasn't an competitor to Google Chrome.
Hell, the OLF (Office de la langue française) wants people to say "Sites internet" instead of "Sites Web" because web is an english word, even though internet is the network itself and isn't limited to the Web. If even official channels are messing up terms, how is the general public supposed to clearly understand the concepts? It's no wonder we still have people who think the "blue E" is the internet itself.
Of all places, slashdot should be the sort of place that understands the nature of security exploits - which is exactly what the jailbreak takes advantage of. Colour me *utterly unsurprised* that the same exploit (and any tools created to make use of it) can be changed to do things that you really don't want.
Apple has nothing to do with this (apart from shipping software with a security flaw, but they are not unique in that respect).
This very thing (the potential for jailbreaking software installing malware) was predicted by many slashdot posters when news of jailbreaking iPhone via security exploit was originally posted on slashdot.
There are too many Apple things as of late. I get the feeling we aren't getting other news because of them.
Not saying it's good or bad but it's making my feel reader feel like I am following an Apple-only site, which is not the purpose of Slashdot.
I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.
I don't think it's about people like the GP "hating" Apple. It's more like a complete lack of trust in Apple.
These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance. In fact, with .NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.
Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.
Of course, then there are the numerous incidents with perfectly legitimate applications being rejected from the app store without any valid reason. The whole review process itself and the conditions associated with it are quite terrible. The whole process is about treating developers like shit.
So it's easy to see how people may distrust Apple so much that they might even believe Apple is involved in shady practices designed to make Apple's claims stronger. If this is indeed the case, I would like to see more evidence to support the allegations made by people like the GP, but at least try to see where people like the GP are coming from.
Obviously, if you're going to use pirated or [i]any[/i] other illegal kind of software, you are owned by the malware that comes with it 90%. (That's why I stopped using pirated Windows ten years ago when internet-aware malware became popular -- I didn't want to share my credit card numbers and passwords with the pirates.)
Just like a used car salesman, I guess. He helps by selling you a car that you want, but he also screws you with a POS car that will need more repairs than the cost of the car itself. Unless you're a mechanic, and most people aren't. Just like most people don't understand technology.
Now if you'll excuse me, I have an appointment for my car...
While I strongly suspect that Apple had absolutely nothing to do with it(Steve Jobs probably personally kills someone from PR every time "malware" appears in the same sentence as any Apple product, unless it's a sentence about immunity thereto), it does raise the important notion of the security downsides that also exist in walled garden environments.
The security upsides are obvious. Whitelisting is easier than blacklisting. Enumerating goodness vs. badness, users are idiots who will click anything, etc.
However, this is the downside: Since there are always some applications that fall outside of the whitelist(enumerating goodness is easy, enumerating all goodness is hard, and some people don't want goodness, and some goodness is bad for the vendor's bottom line), there will be a demand for ways to run them. This means that there is a population of users who depend on the existence of security flaws in the system, and have an essentially antagonistic relationship with their own, and a lot of other people's, vendor. In open systems, only malware writers and scum are in this position. Everyone else is either a white hat, disinterested, or just a sheep. In closed systems, some white hats and just sheep are actually on the same side as the malware writers and scum, because both depend on exploits to run the code they want.
A gun isn't malware until you shoot someone. The jailbreak isn't malware, the rootkit based on it is.
Free Martian Whores!
If the platform were open, the hackers would be incentivized to work with Apple to close the holes, rather than save them to jailbreak.
I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.
I believe you are wrong. The mere fact that you are intentionally using ( inherently informed consent), disqualifies jailbreak/rooting as malware.
From wikipedia: "Malware (also: scumware), short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. "
It can be both helpful and malicious at the same time. It's still malware if you intentionally install it for the purpose of the advertised jailbreaking but the software also does malicious things in the background without your knowledge.
I don't get viruses, I'm on a Mac... oh wait...
Dammit!
iToo can get viruses!!!
A gun isn't malware until you shoot someone.
... and depending on who you shoot and in what circumstances, may still not be "malware".
Replace "Apple" with any other technology company name and it basically holds true for them as well.
Sony/PS3
..etc.
MS/Windows
Google/Andriod
Do I need to change my bookmark for slashdot.org to fuddot.org?
The real Sig captains the Northwestern. This one captains
demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware
The authors of JailBreakMe should be scorning this act and sending legal threats (if possible) to the people contorting their Jailbreak software into a malware infection tool.
Apple is going to finally stand up, take notice, and kill the jailbreaking software, to public applause, if malware starts taking advantage of it, it will be more than a theoretical matter of security.
That is, things like this are going to justify adding additional security hardware to the iPhone to even further lock it down and roll out measures to automatically brick jailbroken devices.
If Apple would just sell the thing SIM unlocked and with sideloading of apps, this wouldn't be a problem!
Heaven forbid Apple actually be forced to sell the thing on its merits and not have to resort to anti-competitive nonsense.
I'm getting sick and tired of these "blackhat" conferences and their endless phallus measuring contests.
I really am all for free speech but these folks have potentially dangerous information and need to act _responsibly_ with it. Many of us here realized that the web based jailbreak could be refactored into a driveby exploit but we didn't do it -- much less do it and brag about it. This "revelation" doesn't in any way enlighten the community. It's only a "mine is bigger" statement for the self aggrandizing "haxor".
This kind of Dangerous Knowledge is nothing new. What if John (Captain Crunch) Daper had had a conference for phone-freakers and released press statements? No different. If these folks want to have what they think of as "security" conferences then protect the content shared there with an NDA and strict fines for breaking it.
These folks think of themselves as "experts" but they are really nothing more than juvenile delinquents -- regardless of their ages.
Or perhaps they want a SIM unlock, so that they can actually *gasp* use their device!
Planning that European vacation, but don't want to pay AT&T's ridiculous premium for data roaming? AT&T would like to add something like $250 to your bill for this. But if you SIM unlock and get a cheap SIM card, you're in good shape. Enjoy your trip in a somewhat more civilized country where telecoms don't control quite so much of the universe. In Spain I paid 1.20 EUR per day to get unlimited data.
I mentioned this elsewhere--I think the bizarre level of Apple hatred is due to astroturfers with a vested interest in Android. The goal is to make Apple look bad and rally the hardcore geeks against them.
Notice how many anonymous posters there are that criticize Apple in a story. You can already see a few posting to this one. Something fishy is going on.
Slashdot dislikes microsoft's practices -- normal ...
Slashdot dislikes sony's practices -- normal
Slashdot dislikes ea's practices -- normal
Slashdot dislikes blizzard's practices -- normal
Slashdot dislikes riaa's practices -- normal
Slashdot dislikes mpaa's practices -- normal
Slashdot dislikes apple's practices -- OMG SOMETHING FISHY IS GOING ON IT HAS NOTHING TO DO WITH MY OWN BIASED VIEWPOINT OF THE COMPANY
Apple stopped firmware updates for iPhone2G (edge). It is blocked at iOS313, forever.
So, iPhone2G misses a lot of security updates. The old edge iPhone is really full of holes.
And nobody will secure it.
Steve, please, help !!
-- Rastignac was here.
A device that must be broken into in order to gain full control of it will never be as secure as one that is open by default.
Actually, if you shoot someone then the gun is still not malware - it's a murder weapon. You need to get out of the basement more often.
Whenever in an argument, remember this.
Now we are coming to the issue of informed consent. From Wikipedia:
An informed consent can be said to have been given based upon a clear appreciation and understanding of the facts, implications, and future consequences of an action. In order to give informed consent, the individual concerned must have adequate reasoning faculties and be in possession of all relevant facts at the time consent is given.
In medicine, if I tell someone about a surgery and he consents, but later something bad happened that he says he did not appreciate beforehand, it is as if no informed consent was given. I doubt most JailbreakMe users understand the implications of the exploit used (heck, I sure as hell don't), and I am sure the site does not go into too many details to make the users understand. So from a legally binding viewpoint, there is no informed consent - the user has no appreciation and understanding of the facts, implications and future consequences of using the software.
Whenever in an argument, remember this.
Thank you for sharing. We would like to follow up with a rating. Honours
No, you are not.
Malware is MALicious softWARE, not "software the almighty Jobs has not allowed his flock of minions to bless"ware. There is a difference. The jailbreak is inherently nothing more than the user and one hopes, owner, of the device choosing to make use of a software exploit to enable non-manufacturer supplied functionality. No more no less.
What the exploitive code does may or may not be malware. In traditional jail break cases, it's not malware.
haters gunna hate yo
Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions.
Not only were all jailbroken iOS devices patched (if the patch was installed, that is), but they were patched much faster than "vanilla" devices.
Saurik released the patch within days of jailbreakme's debut. It took Apple almost two weeks. Two weeks during which there were a metric fuckton of jailbroken iPhone 4's on display in just about every Apple store on the planet, which I think is fucking hilarious. I wonder if Jobs had those phones tossed into a pit of fire to keep up the "r00t is bad for you, good for us" charade.
[offtopic]
Anyone else want to see some legislation that prevents companies like Apple from voiding a warranty on Hardware based on the software you run on it? I mean, that would be like refusing the warranty on a laptop with a broken hinge because it had Linux on it... Oh wait a minute...
[/offtopic]
Boot Windows, Linux, and ESX over the network for free.
and they say that the iPhone can't do things that Android and WinMo can do!
Because there was no memory protection until iOS 2.0 (when, not by coincidence, Apple introduced the App Store and native third-party applications). With memory protection implemented, browser-based hacks are vastly more difficult. Hacking the web browser only gives you low-level privileges in a well-protected sandbox and very limited access to the filesystem; you still need a root escalation exploit to jailbreak the phone.
All the well-known jailbreak methods for iOS 2 and later depend on getting physical access to the device, so you can tether it and use a key-based exploit to make the iPhone accept a software package that it shouldn't.
I'd wager that for most people, there's no reliable way to "check your source" for most apps offering "something for nothing" (ie, cracks, rooting, jailbreaking, etc). Many are written by anonymous entities and distributed diffusely to avoid the wrath of whoever produces the device they're trying to circumvent. In some instances there's a reliable distributor, but in many cases not.
But I also wonder if going after a jailbeak app as a target they might be going after the right audience -- people willing to take a risk to get more than they paid for (running "unapproved" apps) or to get something for nothing (iPhone without AT&T contract).
jailbreakme works on firmwares up to 4.0.1
so you were wrong in your assumption - that the web browser gets hacked shouldn't grant you full root powers, but it does. and ironically for the older devices you need to jailbreak to close that hole or risk being jailbreaked by random sites you visit.
world was created 5 seconds before this post as it is.
yep. the only reason he did this with an apple device is that it iphones are getting a lot of press and he needed press. because otherwise it's just an obvious excercise about what could be done(using a fairly well known attach and then doing whatever).
world was created 5 seconds before this post as it is.
Wonderful. This is one more thing apple can use to bitch about while ripping on people who jailbreak. What a douche.
Did anyone else notice that the iPhone apparently has a credit card reader in it? Wow, I guess they really are revolutionary devices!
I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.
Yeah, it kinda does, unless you think DeCSS was malware. Unless you think allowing homebrew on the Wii is malware, or full screen from a memory stick on PSP to be malware. See if I use the software for my benefit and I'm not harming anyone else then it isn't malware. It's simply exploiting a fault in the code to wrest control back from the turtle necked one or the kind people of Japan.
I laughed at the weak who considered themselves good because they lacked claws.
Well, a silversmith has his wares, a blacksmith has his wares, and a gunsmith has his wares. I'd say anything used for a nefarious purpose is malware, even a murder weapon.
And I'd love to join those few who have gotten out of the basement, but there's a gravity well that requires BIG rockets to escape. The blue ceiling and fusion lamp/heater are nice, though.
Free Martian Whores!
You're one of the lucky ones, my iPhone4 drops calls notoriously, and God forbid I try to call another iPhone4 user, as the incidence of dropped calls then grows exponentially...
The free case made a difference, but the proximity sensor issue allowing my face to mute the phone, or better yet, pull up the keypad and hit numbers while I'm talking makes this phone, as a phone, a worthless pile of crap.
Now as an awesome pocket computer/ipod it rocks the house, but FFS it's a phone and it should work properly as such, first and foremost, and at least in my personal experience it doesn't. For the record, I was a day 1 adopter of the original iPhone, I skipped the 3g, had the 3gs until somebody lifted it and am now stuck with this pos ip4. I should sell it on cl and get a used 3gs again.
Ocean is land, covered with water.