The Recycle Bin

A repository of comments, code, and opinions.

Hacking the iPhone: Throwing caution to the wind

with 2 comments

I am sure everyone is fully aware of the ongoing battle between hackers and Apple engineers over unlocking the new iPhone and iPod Touch.  I don’t plan to take sides on the issue, it is really of little interest to me, but what is grabbed my attention is the complete lack of regard for the users security by both sides.

We are currently on round two of the hack.  The first break in was wiped out by the latest firmware update sent out by Apple.  The latest version utilizes a bug in the way the phone handles TIFF image files.  A specially crafted TIFF file, when supplied to Safari causes a stack based buffer overflow with the possibility of remote code execution.  How is this helpful to iPhone users?  Well, all applications run as root on the iPhone, meaning that once execution has been hijacked, the injected code is running with the highest permissions possible.  By simply browsing to a website and viewing this TIFF file, Safari is giving up complete read/write access to the entire system.  From the website http://toc2rta.com/:

So its offical we have released the tiff exploit code. You can navigate in safari to http://jailbreak.toc2rta.com on your Itouch or Iphone 1.1.1. It will crash your Safari but then you will be able to browse the file system with full read/write access.

Well that’s just grand.

The fact that this exploit has been received so well by users and tech writers alike confounds me.  Why would anyone be celebrating an exploit like this?  Do they not realize that if Niacin and Dre have figured out how to malform the bytes of a TIFF file correctly then someone else probably has too?  Someone who might not be so friendly?  The thought of mobile malware should be troubling to everyone.  Imagine for a minute, a worm that dials 911 on your cell phone on loop, or even one that makes a call to a 900 number when your phone is idle.  There are serious ramifications with a bug like this, and everyone, not just iPhone users, is at risk until Apple fixes this.

Apple claims that they are protecting users by not allowing third party applications to run on the iPhone or releasing an SDK.  Steve Jobs was quoted in a Newsweek interview saying, “Cingular doesn’t want to see their West Coast network go down because some application messed up.”  What he has failed to realize is that his engineers aren’t nearly good enough to keep hackers out of the iPhone (an impossible task).  All this has done is put thousands of people at risk because users are forced to find a way to root their phone so they can run the applications they want.

Just like the previous firmware update, version 1.1.2 will undoubtedly fix this bug in Safari and render the unlocking technique useless.  Faced with the prospect of losing all of their third-party applications, many users will chose not to update their device.  In other words, people will be choosing to run a buggy, exploitable browser in order to use their device the way they want to.  That is a scary thought.  Apple needs to remedy this situation quickly, and do as much as they can to reverse this notion that hacking is good, and updating is bad.  The existence of this exploit should not be celebrated, people should be worried that the security of their phone is so porous.  Hopefully this will all be resolved before a serious outbreak of malicious mobile code hits us all.

Advertisements

Written by Nathan

October 10, 2007 at 10:17 pm

Posted in Uncategorized

Tagged with , ,

2 Responses

Subscribe to comments with RSS.

  1. (1) are you suggesting that apple showed let third party apps run as a way to discourage hacking and encourage updating? if so, doesn’t that mean that malware wouldn’t have to worry about exploiting a bug?

    (2) i wanted to post this to slahdot because i hate digg, but there was no icon. so i had to go to other wbsites and submit the story. but i did do it. and im looking for the rss feed here too.

    douggity

    October 24, 2007 at 2:32 am

  2. something to consider: http://slashdot.org/faq/badges.shtml

    douggity

    October 24, 2007 at 2:49 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: