How to capture iPhone SMS tokens: video

Summary:Pure Hacking chief technology officer Ty Miller has posted a demonstration video of how an attack can steal SMS-based two-factor authentication tokens from Apple iPhones, and possibly Android devices.

Pure Hacking chief technology officer Ty Miller has posted a demonstration video showing how SMS-based two-factor authentication tokens can be stolen from Apple iPhones and possibly Android devices.

The demonstration can be launched after a jailbroken iPhone is compromised by a number of non-specific attack vectors initiated by users opening malicious websites or email attachments.

Once an attacker has compromised the phone, they can view SMS tokens, popular as a means of authentication by Australian banks, stored in a SQLite3 database on the phone.

The demonstration also shows how usernames and passwords stored in the phones' auto-complete feature can be stolen.

A separate attack on a jailbroken iPhone by a researcher from Sense of Security demonstrated that a modded iPhone can create a bridge between the public internet and a "secure" internal network.

Topics: Apple, Banking, iPhone, Mobility, Security


Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.