Possible iPhone Vulnerabilities Identified

Despite its premium price, Apple’s iPhone has been selling like hot cakes last weekend, and and sales are still growing strong. No wonder security researchers are very interested in the smart gadget. Errata Security, a consulting and product testing company that offers expertise in cybersecurity has already spotted a flaw in the iPhone’s Safari browser less than 72 hours after its announcement. More are on the way as of this writing. I’ve compiled a list of possible and/or existing iPhone vulnerabilities based on the reports of different security blogs and news Web sites.

1. “By effecting a buffer overflow in the application (Safari), an attacker can take control of the browser and run code on the device”. -Robert Graham, CEO of Errata Security.
2. “The scenario that seems most attractive is to have the phone dial 900 numbers, an age-old attack that allows criminals with ties to fee-based phone services to profit each time an infected computer dial the number”. -Robert Graham
3. “Our Bluetooth fuzzer¹ locks up the device, so that’s an interesting sign”. -Robert Graham
4. Currently making progress on unlocking the phone so it can be used on networks other than AT&T’s. -Antivirus Tools
5. Working on getting the iPhone to run Linux. -Antivirus Tools
6. Working on the possibility of allowing third party applications to the iPhone. -Antivirus Tools article
7. iPhone root password is alpine and mobile user account password is dottie, although they’re useless at the moment since the iPhone has no terminal yet for remote access. -Hackint0sh forum
8. “One underground site has collected information from the iPhone’s Macintosh OS X Disk Copy Disk image file.” -CNET News
9. Crack open the service activation codes. -CNET News
10. Support use of the iPhone as a modem. -CNET News
11. Breaking iPhone’s digital rights management (DRM) functionality. -Antivirus Tools

¹Fuzzer - A Security fuzzer is a tool used by security professionals (and professional hackers) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injection and Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer. -CGI Security

According to CNET News, the good news is that Apple, not AT&T will be in charge of iPhone security.

Apple has been pretty good about pushing out patches for its other Mac OS X platform products. Updates for the iPhone mobile OS will be pushed through iTunes when ready.

Robert Graham of Errata Security also mentioned in his blog:

We think Apple will win that battle. When we activated the phone, iTunes told us it was going to look for updates on July 5, 2007. That’s a good sign. We’ve reported a vulnerability in another smartphone 6 months ago that still hasn’t gotten patched, mostly because that carrier doesn’t want to. If Apple can push a fix for one of our bugs before this carrier fixes their bug, that might convince Wall Street that their strategy is better.

Nonetheless, which trick would you want to come out in the news first? I hear most of you say #4. Do you agree?

This entry was posted on Wednesday, July 4th, 2007 at 5:25 and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.