User Login

Help Community Login:

Your iPhone's dirty little security secret

1 reply [Last post]
Niebr's picture
From:
Pittsburgh, Pennsylvania
Niebr
Banned Member (Way To Go!)
Joined: 03/17/2009
Posts: 212
Drops: 305
Mood: Content
Groups: Geekdrop Cafe

Property of Computer World and its writers.

We've heard much about how our PCs and laptops can be compromised through MalwareMalwarebytes Anti-virus / Anti-malware and insecure wireless access points and often comfort ourselves with the knowledge that our smart phones are safe from such things. But the smarter these phones become, the more susceptible they become to those same dangers, and more. That was the warning at ShmooCon 2010 this morning from Trevor Hawthorn, founder and managing principal at Stratum Security. See also: 3 Simple Steps to Hack a Smartphone (Includes Video) "The old smart phone wisdom in terms of security best practices was that you simply needed to wipe the devices of all your data before selling them on eBay," he said. "Today, you can use them to access the company VPN and Outlook, so the dangers are much more in line with those of PCs and laptops." Hawthorn discussed security holes (since fixed) found in AT&T's network, which Apple's iPhone uses, and how an epidemic of "jailbreaking" is disabling critical security controls on the device. Jailbreaking is a process iPhone and iPod Touch users can exploit to run whatever code they want on the device, whether it's authorized by Apple or not. Jailbreaking the phone allows you to download a variety of apps you couldn't get in the Apple App Store. For those who hate Apple's heavy hand and welcome any method to thumb a nose at the company's decrees, jailbreaking is very attractive. But there's a problem, Hawthorn said. A big one. "Jailbreaking wipes away 80% of the iPhone's security controls," he said. "Since nearly 7% of all iPhones are jailbroken," the bad guys have plenty of targets to choose from. And target they have. Exhibit A is the iKee worm. According to an earlier analysis from security vendor Sophos, Apple iPhone owners in Australia were infected by a worm that changed their wallpaper to an image of 1980s pop crooner Rick Astley. "The worm, which could have spread to other countries although we have no confirmed reports outside Australia, is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH," Sophos Senior security Consultant Graham Cluley wrote. "Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again On each installation, the worm - written by a hacker calling themselves "ikex" - changes the lock background wallpaper to an image of Rick Astley with the message: 'iKee is never going to give you up.'" This may seem harmless, but Hawthorn noted that such MalwareMalwarebytes Anti-virus / Anti-malware is easily adapted to do more insidious damage, like stealing sensitive data. Also worrisome is that the bad guys can use the advanced map and GPS software on these devices to see exactly where a person is and where they are going. From there, the cyber threat becomes a physical one. [Related ShmooCon story: Inside FarmVille's Sinister Underbelly] One way the bad guys can target the phone user is through a game called " Underworld: SweetDeal," a free location-based iPhone multi-player online game about trading controlled substances in the real world. Hawthorn noted how players can use Google Maps to locate where other players are physically. He found players in some interesting places through the course of his research. He was able to track one player to a parking lot outside the headquarters of NSA. Another player was tracked to a parking lot outside CIA headquarters. "You can check a person's movements because the game checks in on your device's location regularly," he said. His advice in this dangerous new world? For one thing, be careful with games like these and understand that you're opening yourself up to danger, including physical abduction.

As for the jailbreak threat, the solution is a lot more simple. Just don't do it, he said.

I Averaged: 0 | 0 votes


Read More ...





Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
p to the izzle's picture
From:
Louisville, KY
p to the izzle
Joined the Dark SidePremium Member (Silver)I use FirefoxI use Google ChromeI use Internet ExplorerI use SafariI'm Here To Help, & Have Proven It!Linux UserMac UserWindows UserSTaRDoGG <3's you ;)
Relationship Status:
Single & Looking
Joined: 07/17/2009
Posts: 281
Drops: 296
Groups: Geekdrop Cafe
Re: Your iPhone's dirty little security secret

http://www.redmondpie.com/how-to-secure-your-jailbroken-iphone-from-ssh-hack-9140084/
Or just don't use SSH. I found it unreliable at best. I use iPhone Browser and connect via usb. I don't even have SSH installed. This article covers some old stuff. There was a new security issue out since then.
http://www.iphonehacks.com/2010/02/security-flaw-in-iphones-digital-certificate-authentication-system-revealed.html
As smartphones get more popular they will be targeted just like computers with MalwareMalwarebytes Anti-virus / Anti-malware and viruses. Since Apple has some impressive numbers it's safe to say iPhone will be targeted more in the future. But just like our computers you can protect your iPhone fairly easily. Change your root password, don't use ssh, don't leave bluetooth on (unless hidden) when not using it. Jailbreaking is only about as dangerous as the user allows.



Who's New

Redneck's picture
juanpabarri's picture
henta2002's picture
Vanillachinchilla's picture
versioniii's picture
xgensolutions's picture
OkwuteAgu's picture
CB_Latin's picture
GrimRapper's picture
glrobins's picture
hady's picture
Jessica Davis's picture
CRowmAN's picture
redd993's picture
Austeen Legitt's picture
facebook codes exploits tips tricks Phrozen Crew
All contents ©Copyright GeekDrop™ 2009-2020
TOS | Privacy Policy