iPhone Jailbreak Modified Into CC Sniffing Malware

chicksdaddy writes "In a presentation at the ToorCon Hacking Conference in San Diego on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs, demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware that can monitor voice and video activity or intercept sensitive data, such as credit card magnetic stripe data from an iPhone-based transaction."

Re:This is trolling of the worst sort

[Pelonis]

Funny you mention adobe, wasn't one of the jailbreaks through just opening up a PDF file in safari? Adobe, the company that produces security-bug laden memory hogging software

Sick and tired of these "blackhats"

[negatonium]

I'm getting sick and tired of these "blackhat" conferences and their endless phallus measuring contests.

I really am all for free speech but these folks have potentially dangerous information and need to act _responsibly_ with it. Many of us here realized that the web based jailbreak could be refactored into a driveby exploit but we didn't do it -- much less do it and brag about it. This "revelation" doesn't in any way enlighten the community. It's only a "mine is bigger" statement for the self aggrandizing "haxor".

This kind of Dangerous Knowledge is nothing new. What if John (Captain Crunch) Daper had had a conference for phone-freakers and released press statements? No different. If these folks want to have what they think of as "security" conferences then protect the content shared there with an NDA and strict fines for breaking it.

These folks think of themselves as "experts" but they are really nothing more than juvenile delinquents -- regardless of their ages.

Re:More apple news?

[melikamp]

Hey that's fine, let's just turn this into an advantage by taking every opportunity to point out what is wrong with Apple's software environment. I'll start.

The biggest piece of malware running on your iPhone is the OS itself. You cannot remove it, you cannot disable it, you cannot cut out the parts you don't need. iPhone is, at best, a play-toy: nothing serious should be done with that device. Apple can see everything you are doing with your iPhone at will. Apple is literally looking over your shoulder when you bank, browse porn, text your friends, or do anything else. How do I know they do it? Elementary, Watson. Spying is cheap, it is legal, and they have every incentive to do it. If ever shit hits the fan and there is a big news story about Apple spying out and misusing personal data, Apple will just counter with a BS campaign about how they use your personal information to serve your needs better (they don't) and how this incident is a chance mishap (it's not: it is very much an integral part of their marketing strategy). Will they get in trouble? Not really. The worst thing that could happen to them is a slap on the wrist, a la Sony rootkit fiasco, so they'll give away a dozen of free apps to every wronged customer, and, to add insult to injury, the same apps will happily continue to spy on their users.

Re:Yay!

[hairyfeet]

Well I'm not that guy, as I think ACs are the cancer killing /. and making it too much like the chans, but it seems to me the solution would be allowing an "end run" like Apple did with iTunes DRM. What they should do is put a button in the options that says "If you type in your name in this box and pick yes the phone is officially jailbroken. We hold NO responsibility for it any more, you void the warranty, blah blah blah all the legalese" and if the owner follows the instructions he/she has a broken phone and is on their own. This would allow Apple to have a legal way to disolve any responibility for the phone, while allowing the owner to do what they want with the phone. Better than having to have users "hack" their phones and risk Apple iPhone becoming a haven for malware pretending to be jailbreaking tools. Seems like a win/win to me.