By Elinor Mills
October 24, 2010
SAN DIEGO -- From "weaponized" iPhone software to hacked toys and leaked
cookies, researchers at the ToorCon security conference here this
weekend showed how easy it can be to poke holes in software and hardware
with the right tools, know-how, and curiosity.
One researcher demonstrated how to take control of an iPhone using an
exploit that targets a hole in Safari, which has been patched. The
iPhone had an app installed that allowed it to process credit card
numbers, which could then be stolen if this were an attack in the wild.
Eric Monti, a senior security researcher at Trustwave, "weaponized" an
exploit that was launched as the Jailbreakme.com program this summer,
designed to allow iPhone owners to use unauthorized apps.
For the demo, he directed the "victim" iPhone to a Web address that
opened a PDF file that contained the exploit code. Then a rootkit was
downloaded giving him complete control of the iPhone. Once a rootkit is
downloaded, an attacker has access to all data, e-mails, voicemails, and
text messages, as well as the microphone and speaker. "You can easily
eavesdrop on someone if you're on their iPhone remotely," Monti said.
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.