Robert Hensing's Blog

Software Security . . . and stuff.

Cracking the iPhone (or - those who do not learn from the past, are doomed to repeat it)

Cracking the iPhone (or - those who do not learn from the past, are doomed to repeat it)

  • Comments 3
  • Likes

H.D. is just totally pwning the iPhone.  He's got a two part series that covers using a LibTiff vuln to get shellcode running in say Safari which runs as root.

http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html

http://blog.metasploit.com/2007/10/cracking-iphone-part-2.html

Here's why I find this all very interesting . . . one would think that Apple would have done some pretty extensive file format fuzzing and testing of the most obvious high risk code (I would think any image rendering / video rendering code on the device would be one of the most obvious entry points used by hackers to gain code execution - along with the radio stacks).  One would also think that Apple may have looked at other similar devices and how they've faired in the market over the last few years.  For example - the Sony PSP . . . arguably the most heavily pwned handheld device on the planet - also suffered from a libTIFF vulnerability which was then used by crackers to downgrade the firmware on the devices.  Why *downgrade* the firmware?  Usually this is done to facilitate piracy, playing of older un-supported games, running homebrew OS's and apps etc. etc.  Basically it's usually done to 'free' the device from the 'shackles' of the vendor.  Security vulnerabilities that allow root access to the device facilitate downgrade style attacks.

Here's the Sony PSP LibTIFF advisory: http://secunia.com/advisories/21672/
and here's what it led to: http://www.wikihow.com/Downgrade-a-PSP

Seems Apple is heading in the same direction?

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment