1 / 15

Hacking The iPhone

This lab delves into iPhone security, exposing vulnerabilities like buffer overflow, default user settings, and root access, suggesting precautions and defenses for enhanced protection. Explore system exploits and potential defenses in the ever-evolving mobile device landscape.

osma
Download Presentation

Hacking The iPhone

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking The iPhone Group 17 Shelby Allen Richard Denney

  2. Outline • Introduction • Lab goals • Procedure • Results • Conclusions • Defenses • References

  3. Introduction • Proliferation of mobile devices • Popularity of iPhone • Soon-to-be released SDK

  4. Lab Goals • Show that the iPhone, and by extension all future mobile devices, are locked away computers and so they should be given the same security precautions as a computer.

  5. Procedure • Buffer overflow • Copy and edit disk image • Install SSH • Copy files

  6. Results • Installer • Community sources • Easy install • Easy update

  7. Results • MobileFinder • Explore file system • Fully functional

  8. Results • MobileFinder • Explore file system • Fully functional

  9. Results • Term-vt100 • Terminal that won’t go away • Partial functionality • expandable

  10. Results • Sysinfo • Task Manager equiv. • Can kill processes • All processes ran as root

  11. Conclusions • A computer in a mobile device’s body • The default user is the only user – root • Serious vulnerabilities • Default user name and password • All programs ran as root • A vulnerability in any program compromises the entire system • Buffer overflow

  12. Defenses • Change user name and password • Download newest firmware • Same practices as a computer • Lobby for better security

  13. Lab Structure • Student will: • Jailbreak iPod Touch • Load custom applications • Explore architecture • Evaluate device security

  14. References • For more information on iPod/iPhone hacking, visit: • Instruction guide to hacking iPod Touch • http://forums.macrumors.com/showthread.php?p=4308881&nojs=1 • Installer.app Homepage • http://iphone.nullriver.com/beta/ • Ipod Touch hacking wiki • http://www.touchdev.net/wiki/Main_Page • Iphone security evaluation by consulting firm • http://www.securityevaluators.com/iphone/

  15. Questions?

More Related