HD Moore takes iPhone exploits public

HD Moore takes iPhone exploits public
HD Moore takes iPhone exploits public 

By Gregg Keizer
October 16, 2007 

Noted hacker HD Moore has publicly posted exploits that take advantage 
of a vulnerability in Apple's iPhone, the same flaw that's been used by 
others to unlock the smart phone so it will work on non-AT&T networks.

The vulnerability, which is in the TIFF image-rendering library shared 
by the iPhone's Safari browser and its e-mail program, as well as by the 
iTunes software, leaves the iPhone wide open to attack, said Moore, who 
posted a second, and more robust, exploit today after debuting attack 
code yesterday.

"This exploit is rock solid," Moore said in an interview. "It's very 
reliable, as reliable as the WMF [Windows Metafile] exploits in Windows. 
You can send it in an e-mail, you can embed it in a Web page."

Although the vulnerability is the same as the one leveraged by hackers 
such as the iPhone Dev Team to return unlock capabilities to iPhones 
updated to Firmware 1.1.1 last month, Moore said that's the only 
similarity between his work and the activities of unlockers. "I wanted 
an exploit that would write any arbitrary payload" to the iPhone, rather 
than the specialized changes made for an unlocking hack, Moore said.

He claimed success. "The second exploit works on 1.0, 1.0.1, 1.0.2 and 
1.1.1 iPhones," he said, referring to the four versions of the phone's 
firmware released since the device's June debut.

Although he expects Apple to plug the TIFF vulnerability in the next 
iPhone update -- a move that many interested in unlocking the iPhone 
have also predicted and bemoaned -- Moore also said it wouldn't matter. 
Citing the history of the vulnerability, which was also present in the 
Sony PlayStation Portable (PSP), he said attackers will be able to 
exploit the flaw in the future, even if Apple fixes it.

"All they'll need to do is back port the firmware to an earlier version 
that's vulnerable," said Moore. "Apple has to leave a way to restore an 
iPhone back [to previous versions of the firmware]."

The same technique was used to hack the Sony PSP after Sony issued an 
update that patched the TIFF vulnerability on that video game player.

In notes posted to customers of its DeepSight threat management network, 
Symantec Corp. warned iPhone users of Moore's exploits and recommended 
they use caution when browsing the Web, handling unsolicited e-mail and 
dealing with suspicious or unexpected music files.

But Ollie Whitehouse, a software architect with Symantec's security 
response team, downplayed the iPhone's apparent insecurity. "The iPhone 
isn't any different from other mobile platforms," he argued. "It's only 
the interest from the security research community that makes it seem 

Moore disagreed. "I think the iPhone is pretty terrible," he said, 
referring to its level of security. "It's an easy platform to exploit." 
That's true in part, he explained, because exploiting any iPhone 
application gives root access to the entire phone. But other security 
weaknesses abound, including ones in the Safari browser and in the 
underlying operating system -- a scaled-back version of Mac OS X -- that 
runs the device, he added.

Moore has added the exploits to Metasploit, the popular penetration 
framework, a move that in the past has meant in-the-wild attacks are not 
far behind. He predicted that malicious code exploiting the TIFF 
vulnerability would be on the loose "pretty soon."

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - 

Site design & layout copyright © 1986-2015 CodeGods