Exploit turns iPhone into a spy tool

Exploit turns iPhone into a spy tool

Summary: A US security consultant has used the Metasploit tool to demonstrate how a hacker could gain remote access to an iPhone

TOPICS: Security

A US security consultant has used a security-testing tool to crack the iPhone. The exploit allows a hacker to control an iPhone remotely.

Farrow demonstrated how he used HD Moore's Metasploit tool to gain root access to the iPhone and install an application that can record conversations on and near the iPhone, transforming the device into a spy tool. It also allowed him to remotely access recently modified files, locally stored emails and view the iPhone's web-browsing history.

"Using a specially crafted web page utilising an iPhone exploit (now patched) he gained root level shell access to the phone — which means he could do anything that the iPhone is capable of from his laptop," explained Jarno Niemelä, security researcher for the security vendor, F-Secure.

"This exploit actually involved you doing something with the iPhone, or in this case, I do something with the iPhone to get the exploit to work. This is not at all unusual. Most PCs are actually exploited because people visit a website and wind up being exploited," Farrow told US business and technology publication, Fast Company.

According to analysts, Apple's decision to run every application on Safari as root exposes the iPhone to greater risk, and quite possibly repeats a mistake made by Microsoft some years ago.

"It strikes me as strange that Apple took the shift and moved to Unix as their operating system, but don't seem to have learnt the lesson that you don't run everything as root. This was the same lesson which Microsoft had so many issues with when they intertwined Internet Explorer with the Windows operating system, and it's something which they are now digging themselves out of," security analyst, James Turner, Intelligent Business Research Services, told ZDNet Australia.

"I think the inference we can make is that Apple decided that the risk of running applications as root was worth it. There used to be a saying that Windows 95 was Apple 84. Now it seems that Apple want the iPhone to follow a similar path to Internet Explorer. Sure, Apple will get market share, but at what cost to their reputation for security?" he added.

However penetration testers say that Apple's operating platforms are in general still more secure than those of its competitors, and this instance simply highlights the problem of running a desktop operating system on a phone.

"This vulnerability isn't particularly special as it's just exploiting a vulnerability in Safari. Now it is patched, users will get their phones updated by iTunes when they next sync," said Chris Gatford, security expert from penetration testing company, Pure Hacking.

"I think Apple's operating system on the whole is far more reliable and secure than the other competitors and I am sure some of these kinks will be eventually ironed out," he said.

Read this


Gphone vs iPhone: The security debate

Google's recent announcement of Android has sparked a debate over whether the mobile Linux platform will prove more secure than Apple's proprietary iPhone...

Read more

The potential threat to iPhone users however is not isolated to Apple's phone, explained Farrow.

"This is a problem for any smartphone, for any widely distributed computing device, which will eventually be attacked and exploited," he said.

Although malware threats to mobile-phone operating systems are uncommon today, security companies have been keeping a close eye on the sector. According to F-Secure, there are currently 373 known pieces of malware for all mobile-phone operating platforms, 364 of which work only for the dominant smartphone operating system, Symbian, which is used in Nokia's phones.

Future threats for mobile-phone operating systems, according to F-Secure, include rootkits, self-propagating worms, mobile-phone botnets and large-scale profit-oriented malware organisations.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Rubbish

    Leave it to ZDNet to publish another anti-Apple article about a complete non-issue. This is a security issue that has ALREADY BEEN FIXED by Apple Computer. In other words, THERE IS NO NEWS HERE.

    And, to say that Apple "on the whole is far more reliable and secure than the other competitors" is the understatement of the year. Just as one example, there are ZERO viruses for the Mac compared to over 120,000 viruses on the PC.

    Ridiculous, ZDNet. You should be ashamed of yourself, as always.
  • Not Rubbish - A new game

    True that the exploit is patched as part of the 1.1.2 firmware update. However, the exploit in question is the same exploit that currently makes the most popular and simplest 'jailbreak' possible. Many people are avoiding updating so they can continue to run their third party applications or operate on other networks. All these people have been and continue to be at risk.

    The decision to run everything as root I am assuming was a temporary expedient and will change at some time in the future, probably about the time the SDK is released - at least as a iPhone owner I hope so! This is a terrible idea on a unix system, and gives away the major advantage security-wise that using unix/os-x has over symbian or microsoft-mobile or others (except linux, but most of these repeat the error). And any real claim to superiority.

    Given this decision, Apple had little choice but to 'close' the phone to development until they introduced a proper privilege framework. You can bet that non-contracted third-party developers will not be given root privileges.

    Every note relating to Apple flaws is not an attack on Apple. It is true that a lot of the comment is driven by people that have been waiting for Apple to fail for 22 years (30 in some cases), and since Apple not only refuses to do so, but often lead the parade, this is a frustrating situation for these folks, many of whom have substantial egg facials (e.g. Michael Dell). But Apple responds to good critical observations and these find their way into products. Somebody has to produce this criticism.