Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Cellphones Crime Handhelds Iphone Security IT

iPhone Jailbreak Modified Into CC Sniffing Malware 120

Posted by timothy
from the sniff-sniff-that's-very-sad dept.
chicksdaddy writes "In a presentation at the ToorCon Hacking Conference in San Diego on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs, demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware that can monitor voice and video activity or intercept sensitive data, such as credit card magnetic stripe data from an iPhone-based transaction."
This discussion has been archived. No new comments can be posted.

iPhone Jailbreak Modified Into CC Sniffing Malware

Comments Filter:
  • Re:Yay! (Score:5, Informative)

    by Anonymous Coward on Sunday October 24, 2010 @12:30PM (#34005022)

    >>> The iPhone can't get infected by simply browsing to a website.

    Well, there was a jailbreak to do just that before :)

    It may be patched, but I'm sure we'll see the likes of it or something similar again...

  • Re:Fluff piece. (Score:4, Informative)

    by Anonymous Coward on Sunday October 24, 2010 @12:39PM (#34005070)

    Notice that the remote hole in iOS up to 4.0.1 can be exploited by any site. You do not have to accept the exploit, it can simply install itself in secret. So anyone on firmware lower than 4.0.2 should either upgrade their iOS, or stop using the internet, or jailbreak, after which they can install the unofficial patch from Cydia. For original iPhone users only the latter two options are available.

  • by saleenS281 (859657) on Sunday October 24, 2010 @01:07PM (#34005234) Homepage
    If the platform were open, the hackers would be incentivized to work with Apple to close the holes, rather than save them to jailbreak.
  • Re:Yay! (Score:5, Informative)

    by Jaime2 (824950) on Sunday October 24, 2010 @02:03PM (#34005594)
    Two past jailbreaks worked with a website based infection. The vulnerability behind the second one has been around since day one, but was never discovered by Apple (at least never fixed by Apple) or publicly disclosed by the jailbreak community. Who's to say that there isn't another one or that the hole that was around for years wasn't actually used for evil?

    As a technical note the recent hole was a vulnerability in the PDF viewer and only required the user to view an infected PDF.

    On another note, you didn't have to jailbreak to be vulnerable. Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions. So, jailbreakers are actually safer. To this day, if you have an old enough iPhone that is not jailbroken, you are julnerable to a website based attack.

You might have mail.