[ISN] Weaponizing Apple's iPod Touch

From: InfoSec News <alerts_at_private>
Date: Thu, 6 Aug 2009 01:31:46 -0500 (CDT)
http://darkreading.com/security/attacks/showArticle.jhtml?articleID=219100135

By Kelly Jackson Higgins
DarkReading
Aug 05, 2009

It fits behind a coffee machine, inside a desk drawer, or in your 
pocket, and it doesn't arouse suspicion if you walk into a bank or 
office tapping away on it -- and that's why a security expert has turned 
an iPod Touch into a full-blown hacking tool.

Thomas Wilhelm, associate professor of information system security at 
Colorado Technical University, showed attendees at last week's Defcon17 
conference in Las Vegas how Apple's seemingly benign iPod Touch can be 
converted into a portable and stealthy penetration testing or attack 
tool. He outfitted the iPhone cousin with the popular Metasploit 
software for exploiting vulnerabilities, as well as password-cracking 
and Web app hacking applications he was able to easily download onto the 
device.

"Because of its size and ability to connect back to a more robust attack 
platform, the iPod Touch can go anywhere and get us [penetration 
testers] into areas where we couldn't before," Wilhelm says. "If I 
walked into a bank with a laptop, people would be suspicious. If I were 
to walk in with something like an iPhone, people would accept it. I 
could hack for hours in a bank or coffee shop, and no one would 
[suspect]," he says.

But like any security tool, this handy and stealthy iPod Touch hacking 
tool cuts both ways. "I know [the iPod Touch] has been abused, and I 
know it will be," he says. "But network administrators need to know what 
the potential threats are."

[...]


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org 
Received on Wed Aug 05 2009 - 23:31:46 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 05 2009 - 23:41:32 PDT