NEWS FROM THE LAB - Wednesday, November 21, 2007

Converting an iPhone into Full-Featured Spy Tool Posted by Jarno @ 14:16 GMT

Back on September 28th, I posted about H.D. Moore adding iPhone support for the Metasploit framework, predicting that iPhone support in Metasploit would make security and attack research much easier.
And boy, talk about getting nice demonstration…

Fast Company hired Rik Farrow, an independent security consultant, to see what can be done with Metasploit and an iPhone.

Rik was able to make a full-featured spy device.

Fast Company's article is here and Rik's video is here.

Using a specially crafted Web page utilizing an iPhone exploit (now patched) he gained root level shell access to the phone — which in layman's English means that he could do anything that the iPhone is capable of from his laptop.

With such access, Rik was able to download the phone's voice mail database file, a local Gmail message database, the browser history, and anything else on the phone. And in addition, he installed software capable of recording all ambient sound within microphone range, and then retrieved that sound file from the phone.

Rik's skills are evident in the video but his demonstration shows that with Metasploit, even those with basic level security skills can set up a Web page that gives them full access to any iPhone that attempts to load the page. And as iPhone is very popular, this brings big security and privacy concerns.

Currently there is no security software available for iPhone. Fortunately iPhone users can protect themselves against attack via this exploit by making sure their iPhone is up to date. And we hope that Apple will promptly fix any future exploits.

However — this might not help those who have unlocked their iPhones and are avoiding Apple's updates.

So if you are using an unlocked iPhone, and haven't patched its vulnerabilities yourself, be careful of what sites you surf or you could get iPwned.