HD Moore takes iPhone exploits public

Vulnerability in TIFF image-rendering library shared by Safari, email and iTunes software.

Noted hacker HD Moore has publicly posted exploits that take advantage of a vulnerability in Apple's iPhone, the same flaw that's been used by others to unlock the smart phone so it will work on non-AT&T networks.

The vulnerability, which is in the TIFF image-rendering library shared by the iPhone's Safari browser and its e-mail program, as well as by the iTunes software, leaves the iPhone wide open to attack, said Moore, who posted a second, and more robust, exploit after debuting attack code early this week.

"This exploit is rock solid," Moore said in an interview. "It's very reliable, as reliable as the WMF [Windows Metafile] exploits in Windows. You can send it in an e-mail, you can embed it in a Web page."

Although the vulnerability is the same as the one leveraged by hackers such as the iPhone Dev Team to return unlock capabilities to iPhones updated to Firmware 1.1.1 last month, Moore said that's the only similarity between his work and the activities of unlockers. "I wanted an exploit that would write any arbitrary payload" to the iPhone, rather than the specialized changes made for an unlocking hack, Moore said.

He claimed success. "The second exploit works on 1.0, 1.0.1, 1.0.2 and 1.1.1 iPhones," he said, referring to the four versions of the phone's firmware released since the device's June debut.

Although he expects Apple to plug the TIFF vulnerability in the next iPhone update -- a move that many interested in unlocking the iPhone have also predicted and bemoaned -- Moore also said it wouldn't matter. Citing the history of the vulnerability, which was also present in the Sony PlayStation Portable (PSP), he said attackers will be able to exploit the flaw in the future, even if Apple fixes it.

"All they'll need to do is back port the firmware to an earlier version that's vulnerable," said Moore. "Apple has to leave a way to restore an iPhone back [to previous versions of the firmware]."

The same technique was used to hack the Sony PSP after Sony issued an update that patched the TIFF vulnerability on that video game player.

In notes posted to customers of its DeepSight threat management network, Symantec warned iPhone users of Moore's exploits and recommended they use caution when browsing the Web, handling unsolicited e-mail and dealing with suspicious or unexpected music files.

But Ollie Whitehouse, a software architect with Symantec's security response team, downplayed the iPhone's apparent insecurity. "The iPhone isn't any different from other mobile platforms," he argued. "It's only the interest from the security research community that makes it seem different."

Moore disagreed. "I think the iPhone is pretty terrible," he said, referring to its level of security. "It's an easy platform to exploit." That's true in part, he explained, because exploiting any iPhone application gives root access to the entire phone. But other security weaknesses abound, including ones in the Safari browser and in the underlying operating system -- a scaled-back version of Mac OS X -- that runs the device, he added.

Moore has added the exploits to Metasploit, the popular penetration framework, a move that in the past has meant in-the-wild attacks are not far behind. He predicted that malicious code exploiting the TIFF vulnerability would be on the loose "pretty soon."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?