Topic: iPhone Vunerabilities (Read 2417 times)

OldManDeath · « **on:** July 04, 2007, 06:29:07 AM »

Found this over at: Launchr

Quote

Hackers and security researchers have already found a nice collection of vulnerabilities in the iPhone, including an overflow issue in Safari that could allow unsigned code to infect the phone.

The best vulnerabilities, however, are the two passwords found in the firmware that let applications run as root.

Among the advances made to date, hackers have discovered the password the iPhone requires to give an application root access is, amazingly, “dottie” (minus the quotation marks). A second password for mobile access is “alpine.”

The passwords were remarkably easy to learn. Researchers posting in a forum on Hackintosh first downloaded the file that iTunes accesses when a user wants to restore the iPhone software. A simple run with John the Ripper, a popular password cracking program, on one of the files contained in the download and the passwords became public knowledge.

xpgeek · « **Reply #1 on:** July 04, 2007, 11:29:52 AM »

Doesn't surprise me in the slightest. Hackers and exploiters going to be having a field day with the iPhone for quite some time.

xpgeek · « **Reply #2 on:** July 04, 2007, 11:39:53 AM »

Speaking of;

Quote

DVD Jon Hacks iPhone: No Activation Required
Ace hacker DVD Jon, AKA Jon Lech Johansen (known for breaking the CSS protection on DVDs), has cracked the activation process on the iPhone. Phone Activation Server v1.0 is a Windows application which will bypass the registration required to unlock the iPhone's functions. Without activation, the iPhone is a brick.

What does this mean? It means that you have a $600 8GB iPod. It also means you have a mail and internet device. Everything works except the phone and EDGE functions, but WiFi is a go.

But it's not just plug and play. You'll need to know what you are doing, as Jon says, "this application will not do anything unless you understand the magic numbers as well as add the hosts entry." That's Greek to me, but if you try it, tell us about it in the comments.

Source

Ryan Wagner · « **Reply #3 on:** July 04, 2007, 10:24:25 PM »

You know, this just goes to show how much hackers enjoy targeting popular devices. It will be interesting to see how fast Apple responds to these vulnerabilities and what kind of patching process is required. I assume it will all be done through iTunes, but I can just hear it now

"I upgraded and all of my contacts are gone, what do I do?!?"

El Guru (Al) · « **Reply #4 on:** July 05, 2007, 02:34:58 AM »

or "I upgraded and all my music is gone!"

Ryan Wagner · « **Reply #5 on:** July 06, 2007, 08:40:20 PM »

or maybe they can do more of what Microsoft would do and have people say "I upgraded and my iPhone won't boot"

El Guru (Al) · « **Reply #6 on:** July 07, 2007, 05:11:47 AM »

Looks like the iPhone is going to be another prize GoDaddy is going to add to their rotation based on the internal ads I have been seeing.

News:

Author Topic: iPhone Vunerabilities (Read 2417 times)

OldManDeath

iPhone Vunerabilities

xpgeek

Re: iPhone Vunerabilities

xpgeek

Re: iPhone Vunerabilities

Ryan Wagner

Re: iPhone Vunerabilities

El Guru (Al)

Re: iPhone Vunerabilities

Ryan Wagner

Re: iPhone Vunerabilities

El Guru (Al)

Re: iPhone Vunerabilities