Or, Why this Iphone web attack really really matters.
So there's another jailbreakable vulnerability on the Iphone.
Much hilarity and glee ensues - who wouldn't want to go into Apples stores and jailbreak their own demo models?
This all gets a lot less funny when you consider some of the fundamental flaws in wireless networks (most recently hilighted by Renderman and I at The Last Hope, slides here. Short version: Airpwn isn't dead, and hijacking HTTP traffic can be extremely nasty.
What do we get when we combine Metasploit, MSF-Airpwn, a browser/content vulnerability, and a browser environment running as root?
The best case scenario is drive-by jailbreaking. "You're welcome, Iphone users. Here's cydia."
The worst case? I don't know. Maybe MSF-Ipwn? (msf/data/ipwn/ipwn in the MSF tree). Arbitrary spyware or adware on the phone that can't be killed by normal user access? Tracking software?
What do we need to do this? Any device capable of running MSF, MSF-Airpwn,
and which has inject-capable drivers. Like say
N900?. My smartphone beat up your smartphone on the playground.
All from browsing with an insecure device in public.