Metasploit 3.7 Hacks Apple iOS

← Back to Stories (view on slashdot.org)

Metasploit 3.7 Hacks Apple iOS

Posted by timothy on Friday May 6, 2011 @07:59PM from the your-choice-of-options dept.

An anonymous reader writes "HD Moore is at it again. This time the famous open source security researcher has set his sights on exploiting Apple iOS. The Metasploit 3.7 release includes 35 new attack modules in total."

31 of 68 comments (clear)

Min score:

Reason:

Sort:

It's time by symbolset · 2011-05-06 20:02 · Score: 3, Insightful

Now that Apple has garnered hacker interest, let's see how they do.

--
Help stamp out iliturcy.
1. Re:It's time by RuiFerreira · 2011-05-06 21:22 · Score: 3
  
  In fact I'm curious about this too. The iphone/itunes link means that you can infect one and get the other as bonus. Additionally phones give more vectors of infection. You carry them around and connect them to several different networks. This has to be appealing for exploiters(tm).
2. Re:It's time by mjwx · 2011-05-07 02:13 · Score: 3, Informative
  
  Because Apple hasn't attracted any interest in the past few years during its moderate rise in popularity?
  There, fixed that for you. Apple's have only gotten out of the 2% of computers in the last 2 or 3 years. Even now they struggle to get 5% worldwide.
  
  Now back onto topic, as a clued in /.er will always point out, malware is a business and business take a long time to react to changes in the marketplace. Malware attacks on phones are new, very new as there was
  A) Never a market for phone malware.
  B) Phones were never powerful enough to be useful.
  C) Too many different types of phones to make any attack worthwhile. Cost would have been way too high to get every single Symbian model out there.
  
  Take note of the last one. IOS drops that cost a lot, making malware on phones economically viable. Further more, IOS has proven itself to be quite vulnerable in the past, you do know that jailbreaking is done by exploiting a vulnerability dont you. Feel free to use the "jailbreak me" PDF vulnerability as an example. The only reason it hasn't been exploited is because there's more profit in Windows malware.
  
  Claiming you are automagically protected when you've never even been attacked is naive at best. It's like Lisa's (Simpson) tiger repelling rock, you cant use the fact that there are no tigers around the rock as proof of it's tiger repelling abilities.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
3. Re:It's time by CharlyFoxtrot · 2011-05-07 07:16 · Score: 1
  
  Apple's have only gotten out of the 2% of computers in the last 2 or 3 years. Even now they struggle to get 5% worldwide.
  This Ars Technica article has Apple at 10% market share in the US, this one has it at 14%. That's a lot of macs. Apple is one of the few companies that have consistently seen their market share grow the last few years in a floundering market.
  Then there's Apple's strength in certain niches, like on college campuses :
  "According to the Office of Information Technology (OIT), 45 percent of computers purchased this year were Macs, more than in any previous year. In 2003, when this year's seniors arrived on campus, just 15 percent of them chose Macs. The next year, a quarter of incoming freshmen did, and the year after that, 38 percent."
  That's a 2006 article and personally I have seen no reversal of that trend, quite the opposite actually. And you'd expect colleges to be hotspots of all kinds of mischief like hacking and exploits.
  
  Take note of the last one. IOS drops that cost a lot, making malware on phones economically viable. Further more, IOS has proven itself to be quite vulnerable in the past, you do know that jailbreaking is done by exploiting a vulnerability dont you. Feel free to use the "jailbreak me" PDF vulnerability as an example. The only reason it hasn't been exploited is because there's more profit in Windows malware.
  iOS has had a few exploits and yet we've had only 1 or 2 actual (and amateurish) attacks out in the wild impacting very few people (only jailbreakers with default passwords.) Only twice has there been a remote exploit and both were promptly patched by Apple, the rest have been pretty complicated hacks that require reinstalling the device or putting it in recovery mode. That's a pretty good security record, as good as any device or OS out there.
  I don't buy your explanation that it's not economically viable. 120 million of these devices have been sold, mostly to reasonably well off people. That's a huge "market" for exploits.
  
  Claiming you are automagically protected when you've never even been attacked is naive at best. It's like Lisa's (Simpson) tiger repelling rock, you cant use the fact that there are no tigers around the rock as proof of it's tiger repelling abilities.
  That's not what I said, no-one claims macs are "magically immune". What I said was that people have been predicting a deluge of viruses and malware for mac for a decade now and it hasn't happened. Sooner or later they might be right, just like the people who say "repent, the end is nigh" might be right someday. In the mean time rehashing old arguments that haven't actually been proven to be true in reality is a waste of time. Reality is the ultimate test of the theory.
  
  --
  If all else fails, immortality can always be assured by spectacular error.
4. Re:It's time by Anonymous Coward · 2011-05-07 15:11 · Score: 1
  
  This is off-topic, of course, but I want to chime in. I predict that Apple is about to see a meteoric rise in popularity for their desktop operating system. I have been using Ubuntu since Windows 98 stopped getting security updates, July 2006. In my latest computer upgrade, I decided to try OS X because I have found my iPod and iPad so easy to use (and I wanted to run iTunes). I built a hackintosh with the feeling that I could just install Ubuntu if it didn't work out.
  I hated it. I couldn't get used to anything - the dock, what happens when you minimize, command-tab and command-`, closing windows not actually quitting the application, and on and on. Then I learned the rule when my wife asked me why Word starts quickly sometimes, but other times it's slow to start: just click. Just click. The computer works it out. If you have too many applications running because you have been closing windows without quitting, don't worry about it. Memory's cheap, and the program text can be removed by the VMM anyway. Just click. Can't find the actual files for your photos now that they've been imported into iPhoto? Why do you care, as long as you can see them, print them, mail them, whatever? Just click. Think it's weird to have a single menu bar that's not even on the application window. Stop thinking - just click.
  Now, I love the damned thing. This bloody abomination could really catch on.
Metasploit 3.7 Hacks Apple iOS by Anonymous Coward · 2011-05-06 20:09 · Score: 5, Insightful

No, it doesn't.
It just has something to do after you broke in yourself now.
1. Re:Metasploit 3.7 Hacks Apple iOS by clang_jangle · 2011-05-06 20:47 · Score: 4, Interesting
  
  FTFA:
  
  "The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."
  Correct. Slashvertisements are annoying enough, at least they should be reasonably accurate. This one falls into the "sensationalist blurb" category.
  
  --
  Caveat Utilitor
2. Re:Metasploit 3.7 Hacks Apple iOS by silanea · 2011-05-06 21:33 · Score: 1
  
  Maybe /. should introduce a new channel for those news. They could call it "iDle" then.
  
  --
  Rudolf Hess edited Mein Kampf. He was the very first grammar nazi.
3. Re:Metasploit 3.7 Hacks Apple iOS by pspahn · 2011-05-07 01:29 · Score: 1
  
  I wish I knew what this +5 insightful comment meant.
  
  --
  Someone flopped a steamer in the gene pool.
4. Re:Metasploit 3.7 Hacks Apple iOS by pspahn · 2011-05-07 03:55 · Score: 1
  
  It's the "broke in yourself now" part that I'm having trouble parsing.
  
  --
  Someone flopped a steamer in the gene pool.
5. Re:Metasploit 3.7 Hacks Apple iOS by tlhIngan · 2011-05-07 18:44 · Score: 1
  
  Darn. I thought there were 35 ways to jailbreak the iPhones these days. Perhaps one of them would work on the iPad2 (which is still lacking a jailbreak).
  (Jailbreaking relies on vulnerabilities typically)
6. Re:Metasploit 3.7 Hacks Apple iOS by Gilmoure · 2011-05-09 02:15 · Score: 1
  
  Wait, you're telling me hackers have figured out that, if they have a password to a system, they can do stuff on that system? O. M. G. They're gonna be running nuts over all sorts of computers and systems out there.
  
  --
  I drank what? -- Socrates
Sites, Sights by mikael_j · 2011-05-06 20:11 · Score: 3, Informative

"Set his sites"? really?

--
Greylisting is to SMTP as NAT is to IPv4
1. Re:Sites, Sights by Anonymous Coward · 2011-05-06 21:00 · Score: 5, Insightful
  
  Illiteracy != typo
  Please stop misusing the word typo; it means typographic error, not a sad ignorance of the language you are using to communicate.
2. Re:Sites, Sights by bmo · 2011-05-06 22:31 · Score: 5, Funny
  
  Let's eat, Grandpa!
  Let's eat Grandpa!
  Grammar saves lives.
  --
  BMO
3. Re:Sites, Sights by mdaitc · 2011-05-06 23:37 · Score: 1
  
  If gram-mar (grandma?) were there, she could too!
4. Re:Sites, Sights by countertrolling · 2011-05-07 00:57 · Score: 1
  
  Not ignorance... carelessness.. It's happening all over the place now... I find more errors like this on mainstream news sites every day. Professional writers are getting as sloppy as your average Slashdot poster.
  
  --
  For justice, we must go to Don Corleone
5. Re:Sites, Sights by pspahn · 2011-05-07 03:59 · Score: 1
  
  If there isn't a red squiggly underneath, nothing is wrong.
  
  --
  Someone flopped a steamer in the gene pool.
6. Re:Sites, Sights by cbiltcliffe · 2011-05-07 06:56 · Score: 1
  
  Did you're mom ever tell you knot two luck directly into the son?
  FTFY.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
7. Re:Sites, Sights by cbiltcliffe · 2011-05-07 07:03 · Score: 1
  
  The advent of spelling checker allows semi-retarded people to appear marginally intelligent. Except in cases like these. Without spelling checker, Timothy would be fucking things up every third word.
  Really? That reads like one of those Google search results where some bot on a clickthrough search site fits a common search query into the phrase "Find _____ on eBay!"
  Find start date of WWI on eBay!
  Find natural hair colour Britney Spears on eBay!
  Find Microsoft Exchange vulnerability on eBay!
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
8. Re:Sites, Sights by eriqk · 2011-05-08 07:58 · Score: 1
  
  Did your mom ever tell you not to look directly into the son?
  She did.
  So once when I was six, I did. At first the brightness was overwhelming, but I had seen that before. I kept looking, forcing myself not to blink, and then the brightness began to dissolve. My pupils shrunk to pinholes and everything came into focus and for a moment I understood.
9. Re:Sites, Sights by Gilmoure · 2011-05-09 02:16 · Score: 1
  
  It's that big company that screwed over Ripley?
  
  --
  I drank what? -- Socrates
10. Re:Sites, Sights by cbiltcliffe · 2011-05-09 11:46 · Score: 1
  
  >luck directly into the son.
  You think that "look" and "luck" are homophones? Really?
  You're concerned about "look" and "luck", but not "two" and "to"? Really?
  That being said, look/luck depends where you're from, and hence, what accent you speak with.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
Damn you! DAMN YOU TO HELL! by RichiH · 2011-05-06 20:38 · Score: 2

Damn you for implying that timothy should proof-read submissions! Heretic!
Not an iOS Exploit In And Of Itself by rsmith-mac · 2011-05-06 20:39 · Score: 4, Informative

The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.
"The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."

If I'm reading this right, the "exploit" is that Metasploit can now read unencrypted backups. I'm not sure how this is an exploit (the backup DB format isn't much of a secret), but there you go.
If you want a real exploit, look into the "i0n1c" exploit being used to jailbreak phones on the latest OS.
1. Re:Not an iOS Exploit In And Of Itself by joh · 2011-05-07 00:11 · Score: 2
  
  If you want a real exploit, look into the "i0n1c" exploit being used to jailbreak phones on the latest OS.
  Exactly. It's not that there are no iOS exploits out in the wild. As far as I know there's no remote exploit out there, though. You need physical access to the device or its backup (and then restore from that which requires physical access).
Re:Enough of this Apple stuff already by NatasRevol · 2011-05-07 01:42 · Score: 1

*Knowing full well, you're obviously an Apple hater fanboi, and feeding said troll*

The more closed, the better.
Better check your facts. Here's a site that can help.
http://opensource.apple.com/
Go find any other software company that makes it this easy to find *all* their contributions to open source.

--
There are two types of people in the world: Those who crave closure
Re:'Hack' ? I don't think so.... by WrongSizeGlass · 2011-05-07 03:51 · Score: 1

Since when does the ability to extract an unprotected archive format count as hacking?
Hack, Hackers, Hacking - those words have lost their original meaning (much like Expert has).
HAM?!? by alex67500 · 2011-05-07 07:16 · Score: 1

If I opened my neighbours fridge, I'd start by taking his beers!
Re:Enough of this Apple stuff already by e4g4 · 2011-05-07 11:58 · Score: 1

Also, did you LOOK at that page?

Did you? Click on the links.

--
The secret to creativity is knowing how to hide your sources. - Albert Einstein
Re:Enough of this Apple stuff already by NatasRevol · 2011-05-07 15:58 · Score: 1

You're a fucking moron who can't even click on links.
Here's whats under the iOS 4.0 link:
JavaScriptCore-576 BSD LGPL
WebCore-737.5 BSD LGPL
cctools-782 APSL GPL
gcc-5664 GPL
gdb-1469 GPL
gnumake-126.2 GPL
keymgr-22 GPL
ld64-97.14 APSL
libiconv-26 LGPL
libstdcxx-39 GPL
Yeah, real Apple specific.

--
There are two types of people in the world: Those who crave closure