http://blog.wired.com/27bstroke6/2007/11/hacked-iphone-n.html By Kim Zetter Wired.com November 16, 2007 Readers of Threat Level will recall a little bit of flack that I and Wired received recently for writing a couple of stories about problems with the iPhone's security. As we pointed out here and here, security researchers took issue with the design of the iPhone, because the phone has all programs running as root and requires no authentication to install applications. The theory is that if any program has a vulnerability -- similar to one that was already discovered in a library used by the iPhone's browser and e-mail programs -- then a hacker could exploit the vulnerability by remotely installing malicious code that takes over the phone. One possible attack I mentioned was to turn the phone into a bugging device. Security researcher Rik Farrow told me that Apple could easily have designed the phone to make this harder to do but likely didn't do so because it would have taken more time and delayed the product launch. Blogger Daniel Dilger used one of the stories as an opportunity to attack me personally as well as another expert I interviewed, saying that I and the researcher didn't know what we were talking about. He also erroneously reported that I'd interviewed only one source for my research -- but that's beside the point. Well Fast Company asked Farrow to try to take over an iPhone using a tool developed by H.D. Moore, the author of the Metasploit tool -- who is also one of the researchers I interviewed for my stories. The result can be seen in a video that Farrow made showing his attack. (See the video after the jump.) [...] __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Nov 18 2007 - 23:33:19 PST