|
Well it wasn’t long before the Apple iPhone became the target of the security community. From the day of release the iPhone was a target for a different type of hacker in the traditional sense of the word. Those hackers where the people looking to unlock the secrets of the iPhone and make it work without the restrictions that Apple and AT&T had placed on it.
However, Apple took away the ball from the kids when they released a OS update to 1.1.1 that undid a lot of the work they had done, it rendered the ‘unlocked’ phones useless until downgraded or reactivated. Meanwhile, parallel to all this work the security community, the other hacker types had been working to unlock the secrets of the the iPhone in another way, to break into it.
It seems they succeeded too, Apple released the 1.1.1 firmware last week to address a number of security issues within the iPhone platform. The security vulnerabilities fixed cover a number of problems, one which seems to be getting the bulk of the press in the Bluetooth implementation on the iPhone, two issues within the Mail client on the device and finally seven issues within the Safari browser used on the iPhone.
Interestingly it seems that on the iPhone everything runs as ‘root’ as discussed by H D Moore here, therefore any security vulnerability in an application will allow the executed shellcode to run as root. H D Moore also updated Metasploit shellcode payloads to function on an iPhone, thus making it just that little bit easier to make something that could execute on the device. This, is nothing new however, at Blackhat Vegas in the summer researchers from Independent Security Evaluators demonstrated iPhone shellcode development and a code execution vulnerability.
Taking this into consideration, where as the Mail and Safari vulnerabilities are all well and good, they all seem to require the user to do something in order to exploit. The Bluetooth vulnerability is some what special, it requires no user interaction.
The issue in question is as a result of an overflow in the Service Discovery Protocol handling within the iPhone. A device could be sent a specially crafted SDP request that could cause arbitrary code execution. How easily weaponised and used for no good really does depend, firstly it depends if a reliable exploit can be developed, secondly on if the update for the firmware is taken up in large enough numbers to render the exploit useless. So the game is afoot.. If you have an iPhone and it isn’t ‘unlocked’ then we’d recommend that you get the update installed. However, if your running an unlocked version of the iPhone and want to keep it that way we’d recommend you consider turning Bluetooth off until someone manages to unlock the secrets of the 1.1.1 firmware. The full details of the Apple update can be found here. |
