[ISN] Researchers hack toys, attack iPhones at ToorCon

From: InfoSec News <alerts_at_private>
Date: Wed, 27 Oct 2010 03:09:02 -0500 (CDT)
http://news.cnet.com/8301-27080_3-20020547-245.html

By Elinor Mills 
InSecurity Complex
CNet News
October 24, 2010

SAN DIEGO -- From "weaponized" iPhone software to hacked toys and leaked 
cookies, researchers at the ToorCon security conference here this 
weekend showed how easy it can be to poke holes in software and hardware 
with the right tools, know-how, and curiosity.

One researcher demonstrated how to take control of an iPhone using an 
exploit that targets a hole in Safari, which has been patched. The 
iPhone had an app installed that allowed it to process credit card 
numbers, which could then be stolen if this were an attack in the wild.

Eric Monti, a senior security researcher at Trustwave, "weaponized" an 
exploit that was launched as the Jailbreakme.com program this summer, 
designed to allow iPhone owners to use unauthorized apps.

For the demo, he directed the "victim" iPhone to a Web address that 
opened a PDF file that contained the exploit code. Then a rootkit was 
downloaded giving him complete control of the iPhone. Once a rootkit is 
downloaded, an attacker has access to all data, e-mails, voicemails, and 
text messages, as well as the microphone and speaker. "You can easily 
eavesdrop on someone if you're on their iPhone remotely," Monti said.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Wed Oct 27 2010 - 01:09:02 PDT

This archive was generated by hypermail 2.2.0 : Wed Oct 27 2010 - 01:22:35 PDT