| Recent
Articles |
Google Plans More Gphones By Year's End
Google claims we can expect to see at least 18 phones with the Android operating system by year's end, possibly 20. Which phone carriers they will be on has yet to be determined, according to the New York Times.
Mobile Tech Is Bringing Cooking To The Future
The Cellphone is hardly a toy in the kitchen according to the NY Times. One high-tech cooking tool, however, has transformed the kitchen lives of many Americans: the cellphone. It has become the kitchen tool of...
Diablo III Developers Leave To Form iPhone Startup
Booyah is a group of former Blizzard game developers who've gotten
together to create a game — or some kind of game-like software — for
the iPhone. They're at...
The iPhone Is All About Functionality
I said that a few weeks ago: iPhone is all about the apps and I'm more convinced of that than ever. As I was scanning the Wall Street Journal on my iPhone, I got to thinking about some of the other apps I have...
|
|
06.17.09
Running Unsigned iPhone Apps Without Jailbreaking
 By Dan Morrill
Too bad that the IPhone 3.0 OS is coming out in the next month or so, but some intrepid researchers have figured out a way to get unsigned code to run in memory for people using IPhone 2.0 software. This opens the door to unsigned third party apps running on your IPhone without the need to jailbreak the thing.
Two security researchers from ISE (Independent Security Evaluators) have cooked up a way to get a chunk of code into the IPhone 2.0 memory block, flip a switch, and make it executable code and then run it. Technology review goes into detail on how the hack works, which will be presented at Black Hat. This should be an interesting talk to learn how to bypass the code signing restrictions. The theoretical on this one is that this might just be a generalized way of bypassing code signing as a security measure across a number of other devices, not just the IPhone.
"If you want to attack iPhones, you have to be able to run code to do whatever it is you want to do," Miller says. "Maybe that is grabbing credentials, maybe it is listening into phone calls, maybe it is turning on the microphone. Who knows? But this all requires that you be able to run code." "Charlie found those particular places where changing permissions is allowed on the factory iPhones," says Sergio Alvarez, a security consultant with Recurity Labs and a fellow iPhone hacker, who is familiar with Miller and Iozzo's research. "[These parts of the phone] make our lives easier and give us more freedom to code generic and reliable second-stage [attacks]." Source: Technology Review
Watch Your Business Grow with
Email Marketing - Free Trial |
What will be interesting to see if the methodology can be extended into other platforms, devices, and systems that rely on signed code to run in memory space. That is what the next step is on this one, if the technique is not apple specific, but can be extended into other systems using the same technique that works on an Apple IPhone. This is going to be something that hackers latch onto after Black Hat, because there is some real potential here to manipulate the data/memory structures that rely on signed code as a way to ensure that malware cannot get a foot hold.
The other interesting bit is will this be fixed in the IPhone 3.0 system. Apple should be watching this one to see if they can replicate and defeat the attack here. But for other vendors, this is also something that they need to take a look at and make sure that if the code is signed, might want to make sure that the data is just data, and that programmatically it cannot be switched from data to executable code.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
|
