View
217
Download
0
Embed Size (px)
Citation preview
Hacking The iPhoneGroup 17
Shelby Allen
Richard Denney
Outline Introduction Lab goals Procedure Results Conclusions Defenses References
Introduction Proliferation of mobile devices Popularity of iPhone Soon-to-be released SDK
Lab Goals Show that the iPhone, and by extension all
future mobile devices, are locked away computers and so they should be given the same security precautions as a computer.
Procedure Buffer overflow Copy and edit disk image Install SSH Copy files
Results Installer
Community sources Easy install Easy update
Results MobileFinder
Explore file system Fully functional
Results MobileFinder
Explore file system Fully functional
Results Term-vt100
Terminal that won’t go away
Partial functionality expandable
Results Sysinfo
Task Manager equiv. Can kill processes All processes ran as
root
Conclusions A computer in a mobile device’s body The default user is the only user – root Serious vulnerabilities
Default user name and password All programs ran as root
A vulnerability in any program compromises the entire system
Buffer overflow
Defenses Change user name and password Download newest firmware Same practices as a computer Lobby for better security
Lab Structure Student will:
Jailbreak iPod Touch Load custom applications Explore architecture Evaluate device security
References For more information on iPod/iPhone hacking,
visit: Instruction guide to hacking iPod Touch
http://forums.macrumors.com/showthread.php?p=4308881&nojs=1
Installer.app Homepage http://iphone.nullriver.com/beta/
Ipod Touch hacking wiki http://www.touchdev.net/wiki/Main_Page
Iphone security evaluation by consulting firm http://www.securityevaluators.com/iphone/
Questions?