September 26, 2007
New tools help hack into iPhone
HD Moore, one of the developers of the Metasploit hacking software, is supporting the iPhone within the Metasploit framework and providing tools to run 'shellcode' prompts
2 RecommendationsiPhone hackers have some new tools now, thanks to HD Moore, one of the developers of the Metasploit hacking software.
On Tuesday, Moore announced that he was supporting the iPhone within his Metasploit framework and released software that would allow hackers to run "shellcode" command prompts on Apple's mobile device.
By integrating the iPhone into Metasploit, it will now be a little easier for hackers to gain access to someone else's iPhone, but they will also need a few other tools to succeed. First, they will need to create working exploit code, which takes advantage of bugs in Apple's software, to trick the device into running the shellcode. They will also need to create more sophisticated "payload" applications that can do things like remotely connect with the hacker. "It's a first step," Moore said of his hack.
With iPhone prices dropping and noticeable improvements in the quality of iPhone hacking tools, Apple's phone has become a more interesting target of late, Moore said.
And the iPhone has obviously hit a nerve in the security community. Moore said that about a quarter of the attendees at the recent Black Hat conference in Las Vegas had the devices. "It's trendy," he said. "It kind of creeped me out when I saw how many people had iPhones when I went to Vegas."
In fact, hackers have already developed a number of exploits that they claim could be used on the iPhone's Safari browser.
And security researchers have even demonstrated how the iPhone can be compromised. In July, a Baltimore, Maryland, company called Independent Security Evaluators showed how it could run unauthorized software on an iPhone by taking advantage of a Safari bug.
Moore believes that the iPhone's browser and mail client will be the best sources of bugs and he said that because of the components and information stored on the phone, it may end up being a more attractive target than the PC.
For example, the phone could be used to track someone's location based on information from cell phone towers. Throw in the iPhone's microphone, camera, and an Internet connection, and you suddenly have a device that could be used to secretly keep tabs on people, Moore said. "If you look at what you get by exploiting someone's iPhone, you actually get a lot more than you do from someone's PC a lot of the time," he said.
White Paper
D2D Virtual Tape Library Replication Primer
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
White Paper
An Alternative to Virtualization for Datacenter Cost Savings
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
White Paper
Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
White Paper
Bringing the Edge to the Data Center
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
- Windows Phones and Unified Communications | White Paper
- Lower the Cost and Complexity of a Mobile Workforce through Automation | Webcast
- Managing Mobility: Improve Data Security, Compliance and Manageability – IDC Video Podcast | Webcast
- Retooling IT for a Mobile Workforce: The Importance of Automation – IDC Analyst Connection | White Paper
- Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g | Webcast
Sign up to receive Hardware Resource Alerts
Return on Information: Google Enterprise Search pays you back. Get the facts.Analytics: Use your data to drive insights that enable better decisions.See how AT&T can help protect your network. Make IT Work As One at novell.comHP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.HP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.Increase UPS efficiency without sacrificing protectionIn less than 45 minutes, Palisade Systems protects your dataA smarter approach to IT is needed. That smarter approach is IBM CloudBurst.
Complimentary Energy Efficiency Kit - Cut Energy Costs NowRestrict internet access with GFI WebMonitor™. Now 30% Off! www.gfi.com/web-filterToday’s IT means business. New eBook shows you how to align your IT investments.A new level of interoperability. Make IT Work As One at novell.comLimited-time offer: Save up to $100 on Polycom phones. 64-page prescriptive guide to security, compliance, and IT operations.Learn about Foundations of Green IT, from CTO Marty Poniatowski802.11n Drives an Architectural EvolutionSee IBM CloudBurst's self-service user interface in actionVideo: Simplifying the IT environment for better productivity with IBM
