Your iPhone, iPad and iPod touch devices are all wide open to hackers
Summary: Yesterday's release of a web-based jailbreak for the iPhone, iPad and iPod touch highlighted just how wide open to hackers the iOS platform is.
Yesterday's release of a web-based jailbreak for the iPhone, iPad and iPod touch highlighted just how wide open to hackers the iOS platform is.
Gizmodo lays it out:
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions... anything can be done.
[poll id="545"]
Literally anything. The JailbreakMe 2.0 jailbreak highlights just how powerful these kinds of vulnerabilities are. If a PDF can jailbreak your device, it can do pretty much anything it wants.
And the iOS platform is a really juicy target for hackers. There are some 100 million iOS devices out there, none of which have any security software installed. Hackers must be licking their lips in anticipation.
Gizmodo does offer a potential workaround for owners of jailbroken devices, but everyone else is on their own.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
And this whole PDF thing - it requires user interaction... now those who lack common sense will inevitably screw things up but by and large jailbreaking is pretty safe if one uses common sense.
On this, you are wrong
[i]And this whole PDF thing - it requires user interaction...[/i]
Read the blog again, the vulnerability requires [b]zero[/b] user interaction once you have been lured to an "infected" page. BTW, you don't even need to be going to "bad" places to find "infected" pages. It isn't uncommon to find "good" pages that are displaying "infected" ads.
[i]The result is that, [b]without any user intervention whatsoever[/b], that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions? anything can be done.[/i] (emphasis mine)
The jailbreaking page was programmed to require user interaction because the devs aren't trying to pwn anyone's iPhone. That was purely out of the goodness of their hearts though. The vulnerability they are exploiting doesn't technically require any user interaction at all.
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
It's okay, iPhone runs OS X...
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
Exactly!
This website and the fanbois have certainly gone along way to shovel out hype about "how ready" the iDevices are for the enterprise.
I'm glad I got caught up in the hysteria and hooked up consumer devices that my end users brought to work...because they thought it was cool, and I was too scared to say no.
Next time one of my end users brings a consumer device to work and wants it hooked up, I won't even think twice about it. If someone says it [i]can[/i] be used at the enterprise, then by God it [i]should[/i] be used!
What's your point Adrian?
"If the issue becomes serious enough..."
It's not serious enough already? If the security lessons of desktops aren't incorporated into a mobile OS at the outset, that's screwing the pooch.
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
nope it called
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
Wow AppArmor!!!!
Both Linux users must be happy.
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
Nothing is sacred
It's only expected
That's like finding gold and expecting it not to be mined.
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers
oh dear...
Are you SURE Apple is using Adobe's PDF reader in iOS?
I would be [b]very[/b] surprised if there was a single stitch of Adobe's code running anywhere in iOS. You do realize that you don't have to use Adobe's code to display PDF files and considering that Apple uses their own code to display PDFs in OS X, it makes sense that they would use that exact same code (or something close to it) to display PDFs in iOS. PDF support isn't an add-on to OS X, it is embedded [b]very[/b] deeply in the OS.
RE: Your iPhone, iPad and iPod touch devices are all wide open to hackers