Open sesame: JailbreakMe is a website that disables an iPhone’s security protections. Experts warn that the technique could be adapted and used to steal information from a device.
Technology Review
New attacks highlight the growing threat to smart phones.
Over the past few years, researchers have warned that viruses and other security threats could soon start appearing on mobile devices. The buzz at two major hacker conferences suggests that such threats could finally be about to arrive in force. The Black Hat and Defcon conferences, which bring together computer security researchers, consultants, and independent hackers, both took place last week in Las Vegas.
This weekend, a hacker known as "comex" grabbed headlines by launching a website called "JailbreakMe" for breaking the security architecture built into the iPhone. Simply visiting www.jailbreakme.com on an iPhone and clicking a button will disable these security features.
JailbreakMe doesn't appear to be designed to harm an iPhone or the data stored on it. Some users "jailbreak" their iPhones in order to install applications that haven't been approved by Apple, or to run the phones on a network other than Apple's partner, AT&T. But the technique used by JailbreakMe could just as easily be used by malicious hackers or virus writers. It was also just one of many mobile exploits discussed at both Black Hat and Defcon.
According to Dave Marcus, security research and communications manager for the security company McAfee, JailbreakMe relies on two vulnerabilities: one involves the way an iPhone processes PDF files, and another is buried deep in the phone's operating system. Together, these vulnerabilities allow "remote code execution"--making it possible to run programs on the device without going through Apple's App Store or getting permission from the user.
In a post on McAfee's site, Marcus noted that vulnerabilities that work as reliably as those used by JailbreakMe tend to be picked up by other attackers and used for malware and other nefarious purposes. "I hope I am not the only one who is bothered by this because it begs the question, 'What else can this be used for?' " Marcus wrote.
JailbreakMe "shows exactly the threat scenario that mobile phones can face," adds Vincenzo Iozzo, an engineer for Zynamics. Iozzo was part of a team that won an iPhone hacking contest earlier this year at the CanSecWest security conference in Vancouver. He explains that smart phones are often protected by a technology known as "sandboxing," which is supposed to isolate some functionality in the phone from installed software, thus preventing attackers from gaining total control. JailbreakMe bypasses sandboxing, demonstrating a serious threat to the device.
Iozzo presented his own research, conducted with colleagues Tim Kornau and Ralf-Philipp Weinmann, at Black Hat. He showed how attackers can run code even on operating systems designed not to allow unfamiliar code to execute by using a type of code that works at a low level within the operating system. Iozzo says his research could significantly cut down the time it takes to develop an effective attack against a smart phone.
Instead of blocking attacks, a startup distracts attackers with false information.
The technology could be used to make parts that perform better and cost less.
A researcher creates a botnet for your pocket—a likely sign of things to come.
This is scary stuff. If readers are interested, you can encrypt your passwords and personal info in your iOS by using password managers like Strip. You can check it out here: http://getstrip.com/c/forum
Thanks for the heads up yikes. I propose, however, that we create a poison-pill to follow the path taken by the virus back to its original source, whenever that
particular hackers "cybersignature" appears. A beacon will then continue to alert the authorities in whatever country the attack was launched until an arrest is made. It can be designed so that it can't be removed, be virtually undetectable, and installed for free on every server farm which buys into the program. And if the Internet community finally get their priorities right, I'm predicting that it can be up and running in under a year.
The word "technology" can also be used to refer to a collection of techniques. In this context, it is the current state of humanity's knowledge of how to combine resources to produce desired products, to solve problems, fulfill needs, or satisfy wants; it includes technical methods, skills, processes, techniques, tools and raw materials. When combined with another term, such as "medical technology" or "space technology", it refers to the state of the respective field's knowledge and tools. "State-of-the-art technology" refers to the high technology available to humanity in any field.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
luddite
407 Comments
cell mates
Why not put all the miscreants who cause these types of problems in a real jail, then see if they can 'hack' their way out of it.
Reply
rsanchez1
213 Comments
Re: cell mates
You have to find them first, and the only ones you're gonna find are the ones that don't clean up after themselves, the little miscreants that just copy and paste what the brains who make these hacks do.
Reply