iPhone Jailbreak Modified Into CC Sniffing Malware

chicksdaddy writes "In a presentation at the ToorCon Hacking Conference in San Diego on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs, demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware that can monitor voice and video activity or intercept sensitive data, such as credit card magnetic stripe data from an iPhone-based transaction."

Yay!

[Eddi3]

Viruses for the iphone!

Re:Yay!

[sockman]

There's an app for that.

Re:Yay!

It's a trojan, not a virus. The iPhone can't get infected by simply browsing to a website. You have to manually install it.

In my book, it's just another tool for Apple's marketing department: don't use jailbreaking tools, they're trojans that will steal your personal information!

Re:Yay!

>>> The iPhone can't get infected by simply browsing to a website.

Well, there was a jailbreak to do just that before :)

It may be patched, but I'm sure we'll see the likes of it or something similar again...

Re:Yay!

[Jaime2]

Two past jailbreaks worked with a website based infection. The vulnerability behind the second one has been around since day one, but was never discovered by Apple (at least never fixed by Apple) or publicly disclosed by the jailbreak community. Who's to say that there isn't another one or that the hole that was around for years wasn't actually used for evil?

As a technical note the recent hole was a vulnerability in the PDF viewer and only required the user to view an infected PDF.

On another note, you didn't have to jailbreak to be vulnerable. Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions. So, jailbreakers are actually safer. To this day, if you have an old enough iPhone that is not jailbroken, you are julnerable to a website based attack.

Re:Yay!

And even better, there are some 6 million non-upgradable first-generation iPhones that are now a botnet waiting to happen.

We don't expect new features for such old phones, but we do expect you to not stop putting out security fixes after barely three years. Hell, even Microsoft is more serious about security. Fuck you, Steve.

Re:How much was he paid

[jo_ham]

Good God. Is the level of Apple hate so high that this has to be twisted into some sort of conspiracy about Apple?

Of all places, slashdot should be the sort of place that understands the nature of security exploits - which is exactly what the jailbreak takes advantage of. Colour me *utterly unsurprised* that the same exploit (and any tools created to make use of it) can be changed to do things that you really don't want.

Apple has nothing to do with this (apart from shipping software with a security flaw, but they are not unique in that respect).

Re:This is trolling of the worst sort

[IB4Student]

A lot of people who have Apple things think that they can go to whatever websites they want and download whatever the hell they want because they "can't get viruses". One of my friends on facebook got clickjacked and posted some .ru site, and a lot of people commented saying to not click on it because it is a virus, and then some guy said "lol i clicked on it anyway becuase i'm on a mac so i can't get a virus". -_- But, yeah, I think that we should all work together as a family to help people not get infected and we shouldn't hate people just because they use Apple products 3

Fluff piece.

[Bill_the_Engineer]

The researcher took the obvious step of adding malware code to a jail break program. While the article reports that the Jailbreak app will lead the way for more malware, it also stated this which contradicts:

The program is harmless and the vulnerabilities in question were patched by Apple in early August. However, Monti warns that more and more high value applications on the iPhone will increase the attractiveness of the platform for malicious parties, including banking and e-commerce.

Emphasis mine.

Also the "more and more high value" application line warrants a "no shit sherlock". Willie Sutton robbed banks because that was where the money was.

Basically this just shows that you need to know the risks before you jailbreak your phone. This is true for any phone OS, since jailbreak is a political term for rooting. Check the source (as in where you downloaded) and compare the binary with a known reliable hash (eg. MD5, etc). When you leave the comforts of the installed ROM, you need to be more vigilant about your security.

Re:Fluff piece.

Notice that the remote hole in iOS up to 4.0.1 can be exploited by any site. You do not have to accept the exploit, it can simply install itself in secret. So anyone on firmware lower than 4.0.2 should either upgrade their iOS, or stop using the internet, or jailbreak, after which they can install the unofficial patch from Cydia. For original iPhone users only the latter two options are available.

Re:How much was he paid

[Yvan256]

I bet that most people using JailbreakMe or other variants don't realize they could be installing malware. They just want to install non-approved software or in most cases pirated software and heard about jailbreaking.

I've actually had someone reply to me that "there's no mention of anything else than jailbreaking on the webpage of the hack, and I'm not important enough for people to spy on me anyway". Most people don't understand technology and will believe what they are told, good or bad.

Just because Slashdot readers understand technology doesn't mean regular users do. Just two days ago I was discussing with someone in his 70's how "the blue E" wasn't the internet and how Wikipedia wasn't an competitor to Google Chrome.

Hell, the OLF (Office de la langue française) wants people to say "Sites internet" instead of "Sites Web" because web is an english word, even though internet is the network itself and isn't limited to the Web. If even official channels are messing up terms, how is the general public supposed to clearly understand the concepts? It's no wonder we still have people who think the "blue E" is the internet itself.

Re:BCC

[Yvan256]

I don't trust the BBC. They got flying circuses and time-traveling phone booths over there...

Oh, you said BCC, sorry. Carry on.

It's not about hatred.

I don't think it's about people like the GP "hating" Apple. It's more like a complete lack of trust in Apple.

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance. In fact, with .NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

Of course, then there are the numerous incidents with perfectly legitimate applications being rejected from the app store without any valid reason. The whole review process itself and the conditions associated with it are quite terrible. The whole process is about treating developers like shit.

So it's easy to see how people may distrust Apple so much that they might even believe Apple is involved in shady practices designed to make Apple's claims stronger. If this is indeed the case, I would like to see more evidence to support the allegations made by people like the GP, but at least try to see where people like the GP are coming from.

Re:It's not about hatred.

[RazorSharp]

These days, Apple is doing things that even Microsoft never stooped to doing.

I've seen many comments similar to this one recently and I just don't understand it. Look at how MS funneled money into SCO to attack Linux, how they strong-armed Novell into a "licensing agreement," how they pressured governments into making OOXML a standard, or intentionally selling defective XB360s. Those are things that Apple never stooped to doing, and that's just recent history. Halloween document anyone?

Apple retaining tight control over the Mac platform isn't stooping to anything. It's what they've always done and will continue to do, much to their users' delight. Why should Apple change their business model to appease geeks who won't buy their products anyway? It doesn't matter what Apple does, people who hate Apple will never buy their products. Why should they change because of disdain from non-customers?

Microsoft has, throughout the years, continuously engaged in unethical business methods. I challenge you to cite one case of Apple doing anything unethical that Microsoft "never stooped to doing." There is no moral imperative that requires software to be open and free. I can think of many economic and technical arguments for open and free, but no moral ones. It's morally wrong to sell a product you know won't last more than six months with just average usage because you're ripping people off (don't give me that warranty crap -- it was extended because the math declared it necessary). It's morally wrong to extort people (Novell, SCO). It's morally wrong (at least in most cases) to lie (everything associated with OOXML was a pack of lies). To the best of my knowledge Apple doesn't exploit, extort, or engage in dishonest business practices. And even if an instance or two can be found, it hasn't been their business model since the company was founded. So how exactly are they stooping below MS?

Re:It's not about hatred.

[vadim_t]

I've seen many comments similar to this one recently and I just don't understand it. Look at how MS funneled money into SCO to attack Linux, how they strong-armed Novell into a "licensing agreement," how they pressured governments into making OOXML a standard, or intentionally selling defective XB360s. Those are things that Apple never stooped to doing, and that's just recent history. Halloween document anyone?

The GP's statement is correct though. Apple does annoying things MS doesn't. But both companies annoy me, and I avoid dealing with them, just for different reasons. Just that Apple doesn't fund SCO, or that MS doesn't control their hardware with an iron fist doesn't make either company automatically awesome in my eyes.

Apple retaining tight control over the Mac platform isn't stooping to anything. It's what they've always done and will continue to do, much to their users' delight. Why should Apple change their business model to appease geeks who won't buy their products anyway?

So that we buy their products, of course.

It doesn't matter what Apple does, people who hate Apple will never buy their products.

That's a mistake. I don't dislike Apple because it's Apple. I dislike Apple because of what Apple currently does. If they change what they do, I might change my mind. It's simple.

I change my mind on companies. Years back, in my mind, "Blizzard" equated with "awesome". These days it equates with "no way I'm paying". It could change back if they started making stuff I'd be willing to buy again.

Why should they change because of disdain from non-customers?

Because this non-customer could be a customer if they made something I like.

Re:It's not about hatred.

[bonch]

See, this is the kind of post I was talking about. There are an awful lot of mysterious anonymous posters now who criticize Apple and try to rally the hardcore nerds against them. The goal with your post is to make everyone see them as Microsoft. Just look at the absurdities in your post:

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance.

They most certainly have. For other languages, they embrace, extend, and extinguish them, like what they tried to do with Java. Apple is the one submitting their language changes for standardization and working on a free, BSD-licensed compiler suite, for crying out loud.

In fact, with .NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

What does that matter if the target is .NET, which is tied to Microsoft platforms? The only alternative you have is Mono, and that's always going to lag behind Microsoft's implementation, not to mention the political hysteria surrounding it due to fears of lawsuits and other nonsense.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

Now we're citing mysterious "rumors about hidden APIs." Here's reality. Apple uses private frameworks and is public about this to its developers. It uses a private framework until it's functional enough to be made public, and in the next version it becomes a public framework. A recent example off the top of my head is CoreText, which was used internally in Tiger but made public in Leopard. Other examples would be controls like the HUD windows used in iLife or the source list mode of NSOutlineView, used in iTunes and the Finder. Objective-C is full of metadata; you can class dump the run-time information of a Cocoa app and see all the classes and methods they use, so it's not like there's some big secret Apple is keeping from you.

Besides that, there are always going to be APIs a system provider uses that you can't. They're the ones providing the platform; of course they're going to have greater privileges and stricter control over third-party use, for the sake of the platform. The CoreGraphics API for rotating a window as a 3D cube that's used in the OS X installation process isn't public because they don't want everybody making their annoying windows rotate like cubes. There's always going to be a level of control over these things.

Of course, then there are the numerous incidents with perfectly legitimate applications being rejected from the app store without any valid reason. The whole review process itself and the conditions associated with it are quite terrible. The whole process is about treating developers like shit.

There have been a few cases, and Apple has improved the process since then, but those incidents far and few between and certainly not enough to form the conclusion that the point of the review process is to "treat developers like shit." That's just more of your agenda shining through.

So it's easy to see how people may distrust Apple so much that they might even believe Apple is involved in shady practices designed to make Apple's claims stronger.

No, it's not easy to see that. Claims require evidence. If you're going to automatically assume that Apple is performing dastardly deeds, you should really take a step back and see how you look to other people as a paranoid nut. It doesn't even make logical sense--revealing that an iPhone jailbreak can lead to sniffing malware is bad for Apple because it makes their phone sound dangerous and insecure to the uninformed masses.

Re:It's not about hatred.

[Kilrah_il]

Thanks for the post. I wanted to say something to the same effect, but you beat me to the punch. Anyhow, people here just don't understand that Apple (under Jobs) has always believed in controlling every aspect of its ecosystem (Citation). The only time the MacOS was licensed was when Jobs wasn't in Apple, and that was their worst years.
People love Apple's products because they are easy to use from the get-go and part of that ease of use comes from controlling both the hardware and the software completely (or as much as possible). Yes, we geeks like it less, but we are not the main customers. Catering to us will bring about an OS that may be more powerful, but not as easy to use out of the box - I'm looking at you Linux.
So, yes, some of the people at /. (can I say "the guys" or do we have representatives of the fair sex here also?) don't like Apple for their strong-armed tactics, but these are the same tactics that brought about the products that so many people like. Face it, we are a minority.

Re:How much was he paid

[mcgrew]

A gun isn't malware until you shoot someone. The jailbreak isn't malware, the rootkit based on it is.

If the platform were open...

[saleenS281]

If the platform were open, the hackers would be incentivized to work with Apple to close the holes, rather than save them to jailbreak.

And to think...

If Apple would just sell the thing SIM unlocked and with sideloading of apps, this wouldn't be a problem!

Heaven forbid Apple actually be forced to sell the thing on its merits and not have to resort to anti-competitive nonsense.

Re:This is trolling of the worst sort

[not-my-real-name]

Adobe Photoshop could be modified to become a program that indoctrinates me in Marxist philosophy.

I fooled them. I use GIMP which is put out by the very capitalistic ... Ah, I see how this works now.

Owner's root access = more functional AND secure

[RulerOf]

Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions.

Not only were all jailbroken iOS devices patched (if the patch was installed, that is), but they were patched much faster than "vanilla" devices.

Saurik released the patch within days of jailbreakme's debut. It took Apple almost two weeks. Two weeks during which there were a metric fuckton of jailbroken iPhone 4's on display in just about every Apple store on the planet, which I think is fucking hilarious. I wonder if Jobs had those phones tossed into a pit of fire to keep up the "r00t is bad for you, good for us" charade.

[offtopic]
Anyone else want to see some legislation that prevents companies like Apple from voiding a warranty on Hardware based on the software you run on it? I mean, that would be like refusing the warranty on a laptop with a broken hinge because it had Linux on it... Oh wait a minute...
[/offtopic]

Re:iPhone2G are easy target

[Arthur+Grumbine]

Apple stopped firmware updates for iPhone2G (edge). It is blocked at iOS313, forever.
So, iPhone2G misses a lot of security updates. The old edge iPhone is really full of holes.
And nobody will secure it.
Steve, please, help !!

You appear to have not purchased a new iPhone in over two whole years. I don't know what backwoods, 3rd world nation you come from that you expect the most expensive phone you've ever purchased to last more than two years, but you are obviously not our target demographic. Thank you for your money, and please return to us when you are willing to follow our clearly laid out expectations for making new purchases/upgrades.
Cheers!
Steve J.

Re:Giving Apple an excuse to kill jailbreaking

[ekhben]

I will applaud Apple for closing any hole used to jailbreak without a USB cable involved, whether it gets to malware stage or not.

Apple seem to respond faster to these sorts of vulnerabilities than they do to ones that are only usable if you have physical control over the device, so I don't think there's any cause for concern that Apple will step up their counter-jailbreak programme if theoretical attacks become reality.

Knowing your risks or your audience?

[swb]

I'd wager that for most people, there's no reliable way to "check your source" for most apps offering "something for nothing" (ie, cracks, rooting, jailbreaking, etc). Many are written by anonymous entities and distributed diffusely to avoid the wrath of whoever produces the device they're trying to circumvent. In some instances there's a reliable distributor, but in many cases not.

But I also wonder if going after a jailbeak app as a target they might be going after the right audience -- people willing to take a risk to get more than they paid for (running "unapproved" apps) or to get something for nothing (iPhone without AT&T contract).

Re:The "web browser" jailbreak only worked on iOS

[gl4ss]

jailbreakme works on firmwares up to 4.0.1

so you were wrong in your assumption - that the web browser gets hacked shouldn't grant you full root powers, but it does. and ironically for the older devices you need to jailbreak to close that hole or risk being jailbreaked by random sites you visit.