iPhone hackers disclose vulns and hunt for clues
Closing in on their Holy Grail
The game is on for hackers trying to spot security vulnerabilities in Apple's iPhone and already they're scoring points. Less than 72 hours after the iPhone's introduction, researchers have reported at least one flaw that could allow an attacker some level of control over the device, while other hackers have uncovered passwords hiding in Apple software that could prove key in gaining root access, they said.
The most serious flaw, reported by Errata Security, resides in the iPhone's Safari browser. By effecting a buffer overflow in the application, an attacker can take control of the browser and run code on the device, said Robert Graham, CEO of Errata.
"The scenario that seems most attractive is to have the phone dial 900 numbers," Graham said, noting an age-old attack that allows criminals with ties to fee-based phone services to profit each time an infected computer dial the number.
It's one of the same Safari flaws Errata researchers documented earlier this month, just hours after Apple released a beta version of the app for Windows users. Apple moved quickly to fix several, but not all, of the bugs.
Errata also reported a bug that resides in the iPhone's Bluetooth features. By exposing them to a fuzzer, it seems, it's easy to make the entire device lock up in a very predictable manner.
Apple representatives didn't respond to a request for comment.
Since Friday's release of the iPhone, hackers have raced to spot bugs in the device or get it to behave in ways its designers didn't intend. Researchers have yet to unlock the phone so it can be used on networks other than AT&T's or get it to run Linux, but they say they're making progress.
They've also assembled a Wiki designed to foster the sharing of information relating to topics such as breaking the activation, unlocking the phone so it can run on multiple networks and allowing the running of third party applications.
Among the advances made to date, hackers have discovered the password the iPhone requires to give an application root access is, amazingly, "dottie" (minus the quotation marks). A second password for mobile access is "alpine."
The passwords were remarkably easy to learn. Researchers posting in a forum on Hackintosh first downloaded the file that iTunes accesses when a user wants to restore the iPhone software. A simple run with John the Ripper, a popular password cracking program, on one of the files contained in the download and the passwords became public knowledge.
"As of yet, those passwords do not have a specific use, but that's not to say that within the next 20 minutes somebody finds a service on port 123 and we can log into it," said Kevin Finisterre, an independent security researcher who has been trying to learn as much as he can about the iPhone.
While no one has yet been able to obtain root access to the iPhone - which amounts to the Holy Grail to those hacking the device - Finisterre says he has reason to believe that's only a matter of time. That's because he has been examining information in files that are created each time the device crashes. Each one has listed the effective user for an application as root.
Hackers are publicly aspiring to plenty of other tricks, including breaking digital rights management functionality in the iPhone. Just because it hasn't happened yet, doesn't mean it never will.
"I don't think enough researchers like myself have the iPhone in their hands," said Finisterre, who isn't willing to shell out the $500 to obtain a device. "Once folks like us get a hold of the thing, I think you're going to see quite a bit of stuff go on." ®
COMMENTS
the price of the phone,
Most of the hackers out there are not even rich enough to purchas internet, a lot of them I find stealing a hot spot form some poor unexpecting indivual that had no idea that any one could do that, the price of the phone was a simple way to keep most of the trouble out of the phone. I suggest you go and get a Job and make some hard earn money to plop down on a device like this. Most of the comments I have read, looks like from people that are upset that they price them out of there .50 cent budget, I guess they really did not need to put security soft ware in, the abilty to charge more then the average hacker has was good enough.
We could do this the hard way or the easy way
I'll not argue about not fighting the interface, that's a dumb thing to do. However, when it comes right down to it, Windows has gone over that line and WELL BEYOND dumbing things down. Great, fine, make an interface that allows for efficiency and advanced functionality, I'm all for it, and always have been. But don't dumb it down so bloody much that people don't have any reason, any incentive, to learn at least a little about the equipment they're trying to operate. Can you show me an interface that does this? Because I'll most certainly tell you Windows ain't it. Nor is the interface on most Cellular phones, or most other consumer electronics devices these days. They've almost all been dumbed down to the point people don't need to - and therefore don't bother to - use the brains they were born with.
Yes, I know computers, at least in as much as supporting them and fixing them on a daily basis as my job. I also have plenty of common sense. No, I don't believe in doing everything the hardest way it can be done, and I'm by no means a programmer (I detest coding with a passion), but I've seen the effects of dumbing down interfaces. 15 years ago, people using computers had at least enough knowledge about them to be able to (and know they should, and actually do it) run basic maintenance tasks once in awhile. They knew to write down error messages and give them when they called for help. They knew if they submitted a request for help to their IT dept for instance, to include what they were trying to do, and what happened, whether there were error messages, and if so, what they were. They knew approximately what files were OS related, or at least what areas they were stored in, and to NOT BLOODY GO MESS WITH CRAP THEY KNEW NOTHING ABOUT AND COULD COMPLETELY STUFF THEIR BOX.
Now, this has all gone out the window. As Windows has gone more and more dumbed down, people have gotten more and more lazy and stupid.
People generally don't bother to run any preventative maintenance on their computers. They don't bother to remember or write down error messages, they just click to get them off the screen as quick as they can. The common helpdesk request now reads something like "my computer doesn't work" or "This thing is broken, please fix it now". When you ask them what is wrong, the typical response is "I don't know, it just isn't working" then they lead you on a game of 20 questions where you have to specifically ask for every piece of information - what exactly were you trying to do, what program were you using, what did you type or click on, what happened when you did that, did it give an error, what was the error - oh you didn't bother to read it how lovely of you. People now commonly go screwing around with files and or parts of their computers they have utterly no business doing so, and then get mad when they break it, and by god it's not their fault, it's the computers fault, or it's ITs fault.
Who the bloody hell is the one with no common sense? Not me, it's the users these days, and it's because of dumbed down interfaces.
Go make an interface that allows advanced functionality and efficiency but doesn't dumb everything down and allow people to be morons, and you'll probably get richer than Microsoft, just from all the IT departments in the world who would probably do everything they could do get your interface used in their organization to save them a little sanity.
Zealots?
Um.... this sorta sounds like religious zealots brandishing shiny pointy weapons about to 'go at it' with each other..... *steps slowly away from the field of battle...*
Hmm
" would be careful about saying Apple products are 'more' buggy - expose an alternate modern smartphone to the same levels of hacking and you're sure to come up with comparable results."
Not the case - the speed at which issues are coming to light on iPhone is unprecedented and hilarious - a real venomous charge - partly backlash to the iPhone spin but mostly I think to Apple's attitude (dumb insolence) to security researchers over the various OSX cockups of recent months - several years if you look at samba.
Checkout the iPhone thread on
http://www.hackint0sh.org
CPU
WRT Andy Blackman's earlier tilt at someone blaming Intel:
1. The platform's not really the issue here, anyway - most of the problems seem to be in application-layer security from what I've read.
2. The 'Samsung ARM11' processor is so called because, although manufactured by Samsung, it uses an ARM CPU core licensed from Intel (or possibly Marvell, if it's XScale - see http://en.wikipedia.org/wiki/ARM_architecture)
