Re: How to hijack 'every iPhone in the world'

[Dragos Ruiu <dr () kyx net>]

But as C. Miller covered in his EUSecWest presentation "Owning your  
Grandmother's iPhone" exploitation in a non-jailbroken environment is  
substantially more complex. A lot of the tools from jail-breaking that  
are leveraged to get command exec are just not there on the stock phone.

cheers,
--dr

On 31-Jul-09, at 8:12 AM, Juha-Matti Laurio wrote:

> Details are being covered at
> http://www.theregister.co.uk/2009/07/31/smart_phone_hijacking/
>
> "....
> The bug resides in CommCenter, a service that's responsible for  
> handling SMS, wireless and other functions in the iPhone.
> By default, it runs as root and isn't limited by an application  
> sandbox. That makes it an ideal vector for taking control of the  
> device.
> What's more, the messages are delivered automatically and often  
> aren't easy for users to block.
> ...."
>
> Juha-Matti
>
> der Mouse [mouse () rodents-montreal org] kirjoitti:
> > > "On Thursday, two researchers plan to reveal an unpatched iPhone bug
> > > that could virally infect phones via SMS.  [...]
> >
> > Any betting Apple manages to get them gagged before they can  
> > present? :(
> >
> > /~\ The ASCII                                  Mouse
> > \ / Ribbon Campaign
> > X  Against HTML              mouse () rodents-montreal org
> > / \ Email!        7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.