Feeds

iPhone hackers disclose vulns and hunt for clues

Closing in on their Holy Grail

Choosing a cloud hosting partner with confidence

The game is on for hackers trying to spot security vulnerabilities in Apple's iPhone and already they're scoring points. Less than 72 hours after the iPhone's introduction, researchers have reported at least one flaw that could allow an attacker some level of control over the device, while other hackers have uncovered passwords hiding in Apple software that could prove key in gaining root access, they said.

The most serious flaw, reported by Errata Security, resides in the iPhone's Safari browser. By effecting a buffer overflow in the application, an attacker can take control of the browser and run code on the device, said Robert Graham, CEO of Errata.

"The scenario that seems most attractive is to have the phone dial 900 numbers," Graham said, noting an age-old attack that allows criminals with ties to fee-based phone services to profit each time an infected computer dial the number.

It's one of the same Safari flaws Errata researchers documented earlier this month, just hours after Apple released a beta version of the app for Windows users. Apple moved quickly to fix several, but not all, of the bugs.

Errata also reported a bug that resides in the iPhone's Bluetooth features. By exposing them to a fuzzer, it seems, it's easy to make the entire device lock up in a very predictable manner.

Apple representatives didn't respond to a request for comment.

Since Friday's release of the iPhone, hackers have raced to spot bugs in the device or get it to behave in ways its designers didn't intend. Researchers have yet to unlock the phone so it can be used on networks other than AT&T's or get it to run Linux, but they say they're making progress.

They've also assembled a Wiki designed to foster the sharing of information relating to topics such as breaking the activation, unlocking the phone so it can run on multiple networks and allowing the running of third party applications.

Among the advances made to date, hackers have discovered the password the iPhone requires to give an application root access is, amazingly, "dottie" (minus the quotation marks). A second password for mobile access is "alpine."

The passwords were remarkably easy to learn. Researchers posting in a forum on Hackintosh first downloaded the file that iTunes accesses when a user wants to restore the iPhone software. A simple run with John the Ripper, a popular password cracking program, on one of the files contained in the download and the passwords became public knowledge.

"As of yet, those passwords do not have a specific use, but that's not to say that within the next 20 minutes somebody finds a service on port 123 and we can log into it," said Kevin Finisterre, an independent security researcher who has been trying to learn as much as he can about the iPhone.

While no one has yet been able to obtain root access to the iPhone - which amounts to the Holy Grail to those hacking the device - Finisterre says he has reason to believe that's only a matter of time. That's because he has been examining information in files that are created each time the device crashes. Each one has listed the effective user for an application as root.

Hackers are publicly aspiring to plenty of other tricks, including breaking digital rights management functionality in the iPhone. Just because it hasn't happened yet, doesn't mean it never will.

"I don't think enough researchers like myself have the iPhone in their hands," said Finisterre, who isn't willing to shell out the $500 to obtain a device. "Once folks like us get a hold of the thing, I think you're going to see quite a bit of stuff go on." ®

Beginner's guide to SSL certificates

More from The Register

next story
Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
The Fourth Amendment... and it IS better
Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says
Google said to debut next big slab, Android L ahead of Apple event
Microsoft to enter the STRUGGLE of the HUMAN WRIST
It's not just a thumb war, it's total digit war
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
A drone of one's own: Reg buyers' guide for UAV fanciers
Hardware: Check. Software: Huh? Licence: Licence...?
The Apple launch AS IT HAPPENED: Totally SERIOUS coverage, not for haters
Fandroids, Windows Phone fringe-oids – you wouldn't understand
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.