How to capture iPhone SMS tokens: video

Pure Hacking chief technology officer Ty Miller has posted a demonstration video of how an attack can steal SMS-based two-factor authentication tokens from Apple iPhones, and possibly Android devices.

Pure Hacking chief technology officer Ty Miller has posted a demonstration video showing how SMS-based two-factor authentication tokens can be stolen from Apple iPhones and possibly Android devices.

The demonstration can be launched after a jailbroken iPhone is compromised by a number of non-specific attack vectors initiated by users opening malicious websites or email attachments.

Once an attacker has compromised the phone, they can view SMS tokens, popular as a means of authentication by Australian banks, stored in a SQLite3 database on the phone.

The demonstration also shows how usernames and passwords stored in the phones' auto-complete feature can be stolen.

A separate attack on a jailbroken iPhone by a researcher from Sense of Security demonstrated that a modded iPhone can create a bridge between the public internet and a "secure" internal network.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All