Hackers Find Remote iPhone Crack

Al writes "Two researchers have found a way to run unauthorized code on an iPhone remotely. This is different than 'jailbreaking,' which requires physical access to the device. Normally applications have to be signed cryptographically by Apple in order to run. But Charles Miller of Independent Security Evaluators and Vincenzo Iozzo from the University of Milan found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a non-executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable. The trick is significant, say Miller and Iozzo, because it provides a way to do something on a device after making use of a remote exploit. Details will be presented next month at the Black Hat Conference in Las Vegas." The attack was developed on version 2.0 of the iPhone software, and the researchers don't know if it will work when 3.0 is released.

Phone Viruses

[Logical Zebra]

To this date, I cannot think of any cell phone viruses that have existed and spread. I would assume that is because pretty much every cell phone is different, and writing a virus for one specific phone would be a waste of time, since it would represent only a fraction of a percent of the user base. (Usually, when you write a virus, you want it to spread as far and wide as possible, right?) However, with the popularity of the iPhone, I could see a malicious person writing a virus that would infect all of the Apple phones out there, since there are a lot of iPhones on the networks.

Could this crack be used for that? If so, are we going to see an antivirus program on the next iteration of the iPhone?

Capt Crunch?

[Anonymous Coward]

Is there any irony in that some early Apple folks started out phone phreaking?

Re:This is news?

[Richard_at_work]

Infact, the first widely used jailbreaking technique involved exploiting Safari on the iPhone to crash it and inject code - there was infact a website you could visit to jailbreak your iPhone simply by clicking on a link.

Re:Phone Viruses

[Anonymous Coward]

When I was in high school many eons ago. The game we would play is how many viri can you get on 1 floppy. We did this on macs. I had a record of 8 :)

Are the newer macs more impervious? Perhaps. But I would venture to say MS has a leg up on them here in that they live it and breath it every day. To Apple it is an abstract thing just due to simple market share.

But a botnet of 300k in remote devices that can CALL people that would be very attractive to a spammer. The payload being a recorded message. The thing calls people at random times and plays the message. Wow...

Re:Phone Viruses

[MrCrassic]

I know that you were aiming for a "Funny" moderation, but now that I'm back on Windows Mobile after having tried phones from RIM and Apple, I'm finding that it's actually very, very versatile.

While Windows Mobile is infamous for little bugs and freezes, it actually makes for a very complete mobile platform. Users can edit their Office documents on it, browse the web with it (even easier in WM6.1), play all sorts of media, and find lots of other uses for it. Furthermore, while iPhone OS is becoming just as versatile, it is nowhere near as customizable right off the bat, and application development is much more stringent.

Though I won't lie that it's nowhere as pretty and suave as using the iPhone, nor will it ever be (at least not in the immediate future).

An app that smashes its own stack

[AntiRush]

I haven't done the legwork but it appears that an attack vector exists via the App Store. Applications allow downloading of data files (podcasts, for example).

Simply get your application published and give people some incentive to download it (for free). Once your intended target or target quota has installed download a "media file" that's actually the malicious binary. Then it's just a matter of smashing your own application's stack to run the code.

Re:Is this good news.

[Dare nMc]

imply you're not on a phone

exactly, imply. If your allowed to install apps on your phone, everything you point out is possibly a new app that AT&T doesn't know about, and would be a pain if AT&T's permission were required to install/run each new type of app. Granted, for the I-Phone crowd, requiring permission to install/use a app isn't uncharted territory. but for the rest of the smart phones, this wouldn't be very nice.

Re:Phone Viruses

[bytethese]

I can't think of an instance where any iPhone talks to another iPhone.

What about the new Send and Receive Files app in 3.0?
http://gizmodo.com/5171796/iphone-30-os-guide-everything-you-need-to-know [gizmodo.com]

"Send and receive files. A dedicated application to exchange files between iPhones or iPods touch."

Or the new Peer-to-peer Bluetooth connectivity?

"A new API will allow for two iPhones to connect directly peer-to-peer via Bluetooth. They will be able to discover each other using Bluetooth, and then start a connection transparently. This opens a lot of possibilities. I doubt they will allow you to pass music, but you would probably be able to pass any other information, as well as directly communicating between applications in the two devices. One example: A pets game that allows two dogs to play with each other. This feature could be combined with push notification, so your iPhone may receive a note from another iPhone, inviting you to play a game one-on-one."