(Page 2 of 2)
In 2006, researchers at the University of Toronto and Microsoft confirmed that even short-ranged and short-lived Bluetooth connections between phones could, in theory, be used to spread a wireless worm. "Starting a Bluetooth worm outbreak is relatively easy once a vulnerability is found. An attacker can bring an infected device into a typical urban mall and discover many potential victims," the researchers wrote in a related paper.
The iPhone, and other smart phones, are a more attractive target for hackers because they resemble mini PCs. The devices are always connected to the Internet, run third-party applications, and store information that is potentially valuable to cybercriminals.
Normally, however, exploiting the iPhone is not that easy. The new worm employed a weakness introduced by an application called OpenSSH that can be used to connect to the phone remotely. This application uses the default password "alpine," and the worm used this default password to wriggle between handsets.
"This is trivial--there is no shell code, no buffer overflow, nothing," says Miller. "It took me two weeks to write the [code] for the SMS thing, but I could have written [Ikee.B] in, like, five minutes."
The attacks that have targeted the iPhone in the last month have also focused on jail-broken devices. The modification process to jail break a phone removes the code that prevents users from loading whatever applications they want, but also removes much of the security that prevents malicious code from running on the device. "The iPhone has all these layers of defense, but when you jail break your phone, you break every single one of them," Miller says.
The evolution of such hacking will continue, Miller says, although the current crop of iPhone attack code has a long way to go. The new worm does little to hide its activity, for example. And, by sending data over wireless networks, as well as aggressively attempting to infect other phones, the worm also quickly runs down the compromised phone's battery.
"Because the phone is trying to connect all the time, users that get infected with this thing are going to know," says Sophos' Wisniewski.
Three researchers find a way to trace compromised machines used to attack other computers.
Two researchers open the door to finding a slew of vulnerabilities in the widely-used communications protocol.
A conference presentation would have exposed flaws in some cash machines.
Are you Apple fans going to say that iPhones are being attacked by viruses now becasue it is inherently less secure than other phones, or are you going to finally realize that attackers go after the biggest target? Because you really don't seem to understand that concept in the world of desktop operating systems.
"biggest target" is folklore. attackers go for a easy target. jailbroken iPhone's have a default password, that is - 1234 - This is set by the suspicious jailbreaking application.
If you jailbreak your iPhone using a jailbreaking applications you must change default passwords.
Wrong. The biggest target is not folklore, it is economics. You target the biggest audience to make the most money. Why do you think there is 20 times more software for Windows than for Mac? Becasue Windows is far superior, or becasue Mac users are idiots who don't know how to use software?? No, because it has the largest potential client base. Simple economics.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Netizen
131 Comments
Breaking into jail
Who would have guessed "jail breaking" an iPhone is like breaking into jail not out; kind of like stripping the Kevlar out of a bulletproof vest to make it less cumbersome to wear.
Reply