RSS Alerts

Related Links

Related Stories

  • iPhone may be weak link in company information security defences
    Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources.
  • Jericho Forum links with Cloud Security Alliance
    Hard on the heels of unveiling Cloud Cube, its four-dimensional best practice model for cloud computing security in April, security industry association the Jericho Forum has linked with the Cloud Security Alliance (CSA), a not-for-profit vendor group.
  • Mobiles put four out of five commuters at risk of ID theft
    A survey of commuters by data protection company, Credant Technologies, has reported that 80% of mobile phone users store information on their devices that could be used to steal their identities.
  • Cisco moves into security and unified communications
    Cisco continued its diversification away from its mainstream networking roots this week with the release of a range of security, storage and unified communications offerings for small businesses.
  • Security community reacts to iPad
    Apple shipped its much-anticipated iPad over the weekend, and the security community has responded quickly. Not only have antivirus companies targeted it with product, but hackers have already jailbroken the iPad device.

News

The iPod and iPhone could be used for hacking

12 August 2009

Applications on the Apple iTunes website are arguably what makes the iPhone so popular in mobile phone circles, but a growing number of users are unlocking (jailbreaking) their iPhones, for the simple reason that it opens up the mobile to third-party applications. This means the iPod and iPhone could be used for hacking.

According to DarkReading, one of the latest third-party applications for the iPhone - and the iPod Touch - is a custom version of Metasploit software, which could be used to aid hacking.

The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing plus IDS signature development.

Its best-known iteration is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine.

Other important spin-off projects include the Opcode Database and the Shellcode Archive.

Metasploit was originally created in 2003 as a portable network game using the Perl scripting language.

Later, the Metasploit Framework was then completely rewritten in the Ruby programming language, since when it has been a popular utility for security researchers to investigate potential vulnerabilities.

And now it is available for the iPhone and iPod Touch.

Thomas Wilhelm, associate professor of information system security at Colorado Technical University, showed attendees at the recent Defcon security event in Las Vegas, how the Metasploit software can be installed on an Apple iPod Touch.

The software, which unconfirmed reports suggest has now been developed for the iPhone as well, turns the two Apple i-devices into penetration testing units, with the advantage they appear as a legitimate audio player or mobile phone to any onlooker.

DarkReading quoted Wilhelm as saying that, because of its size and ability to connect back to a more robust attack platform, the iPod Touch can go anywhere and get penetration testers into areas where they couldn't go before.

"If I walked into a bank with a laptop, people would be suspicious. If I were to walk in with something like an iPhone, people would accept it. I could hack for hours in a bank or coffee shop, and no one would suspect", he told attendees at Defcon.

 

 

This article is featured in:
Application Security Internet and Network Security Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water