Hackers Find Remote iPhone Crack 114
Al writes "Two researchers have found a way to run unauthorized code on an iPhone remotely. This is different than 'jailbreaking,' which requires physical access to the device. Normally applications have to be signed cryptographically by Apple in order to run. But Charles Miller of Independent Security Evaluators and Vincenzo Iozzo from the University of Milan found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable. The trick is significant, say Miller and Iozzo, because it provides a way to do something on a device after making use of a remote exploit. Details will be presented next month at the Black Hat Conference in Las Vegas." The attack was developed on version 2.0 of the iPhone software, and the researchers don't know if it will work when 3.0 is released.
Re:Misleading Title/Summary (Score:2, Informative)
Well, you're also being a bit misleading. The exploit is to remotely cause unauthorized code to run. What is most misleading about this is that it requires the phone to be jailbroken. It won't work on an OOTB iPhone.
Re:Phone Viruses (Score:4, Informative)
What "lot" of iPhones are you talking about? Here in Germany, the iPhone is one of the rarest phones on the market. Because it's double the price of the best Nokia, and has only half the features. And I bet this will be the case for most of the world.
If you want to get a virus going, make it run on Symbian. Or with some luck, you can use J2ME, which pretty much every phone supports, but which is a bit hard to get to do something useful (because of the additional VM/Sandbox).
Re:Misleading Title/Summary (Score:2, Informative)
FTFA:
But Miller found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a nonexecutable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable.
The code does not need to be installed, merely downloaded and loaded into memory. The article does not say whether or not they found a remote exploit to make the data executable. Perhaps it is presumed that one will be found.
Re:Phone Viruses (Score:4, Informative)
If you want to get a virus going, make it run on Symbian.
On ancient Symbian versions, perhaps. After S60v3 they added that darn platform security that won’t even let you execute your own code, let alone third-party viruses.
Pirates periodically find cracks, but they tend to be model- and firmware version- specific.
Re:Dumbing down the text... (Score:3, Informative)
Very well said...that's one of the self-delusions of many in the geek community that really irritates me (that we're smarter ergo better than everyone else). It seems a lot of this goes along with the rise of geek chic.
In highschool and the like, I always felt sorriest for the dumb geeks / dumb nerds...they had it worst of all IMHO. And yes I agree, there are absolutely dumb geeks
Re:Phone Viruses (Score:3, Informative)
...application development is much more stringent
Not only is it more stringent, but a helluva lot more frustrating in my opinion, because of XCode, IB, and Objective-C. Anyone have any insight into why they chose that language??