http://news.cnet.com/8301-27080_3-20020547-245.html By Elinor Mills InSecurity Complex CNet News October 24, 2010 SAN DIEGO -- From "weaponized" iPhone software to hacked toys and leaked cookies, researchers at the ToorCon security conference here this weekend showed how easy it can be to poke holes in software and hardware with the right tools, know-how, and curiosity. One researcher demonstrated how to take control of an iPhone using an exploit that targets a hole in Safari, which has been patched. The iPhone had an app installed that allowed it to process credit card numbers, which could then be stolen if this were an attack in the wild. Eric Monti, a senior security researcher at Trustwave, "weaponized" an exploit that was launched as the Jailbreakme.com program this summer, designed to allow iPhone owners to use unauthorized apps. For the demo, he directed the "victim" iPhone to a Web address that opened a PDF file that contained the exploit code. Then a rootkit was downloaded giving him complete control of the iPhone. Once a rootkit is downloaded, an attacker has access to all data, e-mails, voicemails, and text messages, as well as the microphone and speaker. "You can easily eavesdrop on someone if you're on their iPhone remotely," Monti said. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Wed Oct 27 2010 - 01:09:02 PDT
This archive was generated by hypermail 2.2.0 : Wed Oct 27 2010 - 01:22:35 PDT