Sunday, August 22, 2010

My smart phone can beat up your smart phone

Or, Why this Iphone web attack really really matters.

So there's another jailbreakable vulnerability on the Iphone.

Much hilarity and glee ensues - who wouldn't want to go into Apples stores and jailbreak their own demo models?

This all gets a lot less funny when you consider some of the fundamental flaws in wireless networks (most recently hilighted by Renderman and I at The Last Hope, slides here.  Short version:  Airpwn isn't dead, and hijacking HTTP traffic can be extremely nasty.

What do we get when we combine Metasploit, MSF-Airpwn, a browser/content vulnerability, and a browser environment running as root?

The best case scenario is drive-by jailbreaking.  "You're welcome, Iphone users.  Here's cydia."

The worst case?  I don't know.  Maybe MSF-Ipwn?  (msf/data/ipwn/ipwn in the MSF tree).  Arbitrary spyware or adware on the phone that can't be killed by normal user access?  Tracking software?

What do we need to do this?  Any device capable of running MSF, MSF-Airpwn,
and which has inject-capable drivers.  Like say href="">the Nokia
N900?.  My smartphone beat up your smartphone on the playground.

All from browsing with an insecure device in public.

1 comment:

  1. I've read online that Safari in iPhone is vulnerable to web attacks. It states that it "allow malicious websites to masquerade as trusted pages maintained by banks or other entities." I hope that Apple will do something about this security issue.

    polycom ip 550