OS fingerprinting Apple's iPhone 2.0 software - a "trivial joke"

OS fingerprinting Apple's iPhone 2.0 software - a "trivial joke"

Summary: Just like every decent web service out there wanting to identify the iPhone's mobile Safari browser in order to serve custom applications, in this very same way malicious attackers would like to remotely identify iPhone devices through a basic pen-testing practice known as OS detection or OS fingerprinting. It seems that the difficulty level of identifying an iPhone device using nmap's criteria is a "trivial joke", namely, it's too easy to accomplish :"So, nmap 4.

SHARE:
4

Just like every decent web service out there wanting to identify the iPhone's mobile Safari browser in order to serveiPhone Nmap Results custom applications, in this very same way malicious attackers would like to remotely identify iPhone devices through a basic pen-testing practice known as OS detection or OS fingerprinting. It seems that the difficulty level of identifying an iPhone device using nmap's criteria is a "trivial joke", namely, it's too easy to accomplish :

"So, nmap 4.60 is accurately identifying the iPhone 2.0 software as an “Apple iPhone mobile phone or iPod Touch audio player”. And that’s by using its single open TCP port — 62078. First, it’s reporting my last reboot as being Fri Oct 27 22:04:38 2006, which is highly incorrect. Even more interestingly, nmap is claiming that the sequence number prediction on the open port is weak (a trivial joke, as it were). That’s kind of 80’sish, so I didn’t believe it until I confirmed this via multiple connections to the port. Yep, definitely some weak ISN sauce. I’ll have to research what that service is later. Anyway, here’s the scan result."

With mobile phone providers dedicating special and sometimes too obvious netblocks for mobile users, default iPhone passwords assisting automated attacks through OpenSSH installed, next to the increasing number of customers jailbreaking and taking advantage of (insecure and misconfigured) third-party applications including those who would take advantage of tethering their iPhone's 3G connectivity for their laptops, the possibilities for building hit lists to use in remote code execution attacks through already identified devices is easier than it should be.

Topics: Security, iPhone, Mobility

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Hunh???

    That last paragraph is unintelligible Dancho!
    psquare11
  • RE: OS fingerprinting Apple's iPhone 2.0 software - a

    Apple has always had this "can't touch this" attitude towards
    it's OS X operating system. It is almost like Apple thinks it's
    immune to any malware problems. I think what's even worse
    is its attitude about patching these problems. Seems they
    take care of them whenever they get time. Its almost a worse
    problem then Microsoft faced with Windows 98 and XP.
    Apple's increase in product exposure and user's believing
    that Apple's are truly safe is going to bite them at some
    point.
    jscott418-22447200638980614791982928182376
  • RE: OS fingerprinting Apple's iPhone 2.0 software - a

    This article is totally inaccurate. The "trivial joke" synopsis by Nmap has nothing to do with the difficulty by which the OS can be fingerprinted. Pay attention to the NMap section heading,.. it says TCPsequence. Anyone that has worked in IT long enough to have intimate knowledge of the TCP protocol knows that this means that it is fairly easy to predict the TCP sequence numbers. Thereby giving you a small edge in the process of highjacking a TCP session. Most operating systems when scanned say the same thing and if you are protected by a stateful firewall than there is no need to worry. This is why people should not write technical articles unless they are 100% educated on the subject.
    tipsetd
  • Don't Jailbreak. No problem. You jailbreak you take the risk! (NT)

    NT
    No More Microsoft Software Ever!