Exploit turns iPhone into a spy tool

A US security consultant has used the Metasploit tool to demonstrate how a hacker could gain remote access to an iPhone
Written by Liam Tung, Contributing Writer

A US security consultant has used a security-testing tool to crack the iPhone. The exploit allows a hacker to control an iPhone remotely.

Farrow demonstrated how he used HD Moore's Metasploit tool to gain root access to the iPhone and install an application that can record conversations on and near the iPhone, transforming the device into a spy tool. It also allowed him to remotely access recently modified files, locally stored emails and view the iPhone's web-browsing history.

"Using a specially crafted web page utilising an iPhone exploit (now patched) he gained root level shell access to the phone — which means he could do anything that the iPhone is capable of from his laptop," explained Jarno Niemelä, security researcher for the security vendor, F-Secure.

"This exploit actually involved you doing something with the iPhone, or in this case, I do something with the iPhone to get the exploit to work. This is not at all unusual. Most PCs are actually exploited because people visit a website and wind up being exploited," Farrow told US business and technology publication, Fast Company.

According to analysts, Apple's decision to run every application on Safari as root exposes the iPhone to greater risk, and quite possibly repeats a mistake made by Microsoft some years ago.

"It strikes me as strange that Apple took the shift and moved to Unix as their operating system, but don't seem to have learnt the lesson that you don't run everything as root. This was the same lesson which Microsoft had so many issues with when they intertwined Internet Explorer with the Windows operating system, and it's something which they are now digging themselves out of," security analyst, James Turner, Intelligent Business Research Services, told ZDNet Australia.

"I think the inference we can make is that Apple decided that the risk of running applications as root was worth it. There used to be a saying that Windows 95 was Apple 84. Now it seems that Apple want the iPhone to follow a similar path to Internet Explorer. Sure, Apple will get market share, but at what cost to their reputation for security?" he added.

However penetration testers say that Apple's operating platforms are in general still more secure than those of its competitors, and this instance simply highlights the problem of running a desktop operating system on a phone.

"This vulnerability isn't particularly special as it's just exploiting a vulnerability in Safari. Now it is patched, users will get their phones updated by iTunes when they next sync," said Chris Gatford, security expert from penetration testing company, Pure Hacking.

"I think Apple's operating system on the whole is far more reliable and secure than the other competitors and I am sure some of these kinks will be eventually ironed out," he said.

The potential threat to iPhone users however is not isolated to Apple's phone, explained Farrow.

"This is a problem for any smartphone, for any widely distributed computing device, which will eventually be attacked and exploited," he said.

Although malware threats to mobile-phone operating systems are uncommon today, security companies have been keeping a close eye on the sector. According to F-Secure, there are currently 373 known pieces of malware for all mobile-phone operating platforms, 364 of which work only for the dominant smartphone operating system, Symbian, which is used in Nokia's phones.

Future threats for mobile-phone operating systems, according to F-Secure, include rootkits, self-propagating worms, mobile-phone botnets and large-scale profit-oriented malware organisations.

Editorial standards