bill's blog

Just another WordPress weblog

Browsing Posts tagged iPhone

Software applications are complicated things. Developers need to think about what the application is supposed to do… then write code to make it happen. They need to anticipate how the end-user is going use the application and how the application could be misused. Trying to understand all possible scenarios is nearly impossible and added to that large monolithic applications may have many different coders working on it at any given time. This leads to situations where defects (or bugs) crop into applications. It is these bugs that hackers look to exploit! Very often it is in the form of a buffer overflow attacks that leads to the compromising of an application and depending on the crash… to root access to the box.

I have always said that with the iPhone’s popularity exploits will come… and they have! Apple has tried very hard to lock down the iPhone so that it can’t be used on other carrier’s networks and so applications can only be loaded via the iTunes Music Store. Apple has in many ways crippled it’s own phone. Apple said that the original iPhone 2G could capture video… It can! It said that it couldn’t be used to tether a laptop to the Internet… It can! Why because AT&T wanted to prevent their network from collapsing under the load of this Smartphone. Additionally, it didn’t want to lose the revenue stream by cannibalizing its mobile broadband market. Many people saw this as an unfair business practice and sort to find ways of breaking these locks to allow unrestricted access to the phone.

Jailbreaking is a process that allows iPad, iPhone and iPod Touch users to run third-party unsigned code on their devices by unlocking the operating system and allowing the user root access (Wikipedia.org, 2010). Jailbreaking the phone takes advantage of un-patched security holes within the iOS. The jailbreaking of iPhones has been a cat and mouse game between hackers and Apple. Apple patches the phone and the hacker set off looking for new vulnerabilities to exploit. Apple recently release iOS4 that set the ball in motion once again to find a new exploit to unlock the phones. The Jailbreak that worked against iOS 4 was particularly problematic in that it exploited vulnerability in the displaying of PDFs on the devices. These specially crafted PDFs could be sitting out on the Internet and when the Safari browser tries to display the PDF… a buffer overflow condition happens and the phone is then “rooted.”

The vulnerability is caused by a flaw in the FreeType font engine… which is called upon when displaying a PDF with embedded fonts. A full description of the bug can be gotten by googling CVE-2010-1797. Apple’s information regarding the flaw cab be found in it’s update info at http://support.apple.com/kb/HT4291

CVE-ID: CVE-2010-1797
FreeType

Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later,
iOS 2.1 through 4.0 for iPod touch (2nd generation) and later

Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution

Description: A stack buffer overflow exists in FreeType’s handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.

It is so easy to exploit this vulnerability in fact that individuals have taken to Jailbreaking iPhone in many Apple stores. They merely visit the website JailbreakMe.com and leave a trail of jailbroken iPhone in their wake! In an effort to thwart the Jailbreaking of phone in their stores, Apple has had to set up a DNS forward for the site until they had a patch for the vulnerability. Apple released a fix for FreeType 2 CFF font stack corruption vulnerability August 11th (on of the fastest turn around times for an iOS patch).

Jailbreaking one’s iPhone will void Apple’s product warranty though it is a simple task to restore the phone to a factory “new” default.

NOTE: You need to remember to restore a jailbroken phone before bringing it to an Apple store for repair.

The Library of Congress is required to revise Digital Millennium Copyright Act (DMCA) rules every 3 years. On July 26th, 2010, issues it’s update to the DMCA and made it legal for iPhone owners to jailbreak their phones. Corynne McSherry, a senior staff attorney for the Electronic Frontier Foundation, (a San Francisco-based privacy-rights group) had this to say about the ruling.

“Now people can go ahead and fix their phones and jailbreak them so they can run all sorts of different applications,” “They can make full use of the phone they bought without some kind of legal liability hanging over their head. (Bloomberg.com, 2010)”

It should be noted that the Electronic Frontier Foundation is the advocacy group that initiated that petitioned with the Library of Congress for this ruling said.

Resources:

Shields, T. & Satariano, A., (2010, Jul 26th), `Jailbreaking’ of IPhones to Add Apps Backed by U.S. Retrieved on August 13th, 2010 from http://www.bloomberg.com/news/2010-07-26/apple-iphone-users-have-u-s-blessing-to-jailbreak-add-own-applications.html

Various, (2010, August 13th), iOS Jailbreaking, Retrieved on August 13th, 2010 from http://en.wikipedia.org/wiki/IOS_jailbreaking

Security surrounding PDAs and other “smart-phones” is a complicated issue. I for one own an iPhone (but hopefully for not much longer)! I know… I know! Here comes the classic iPhone / Blackberry debate. It’s been a hotly contested acquisition! IT would prefer I use a Blackberry. They feel they have more control over the device and in many respects they do… BUT they don’t want to pay my expenses and I’d much rather a richer Internet experience. Fortunately for me many senior VPs in the organization wanted an iPhone as well.

Why give all the background?

Because sometimes technology is driven by the business and thus needs to be supported by IT. We need to find the best way to make these devices secure even tough they may not have all the security bells and whistles IT is looking for.

These devices have allowed us to spend a little less time in the office and a little more time doing the things we want… But there is a cost. Sometimes in the course of using information we have to deal with data that is sensitive… whether it is of a military nature or mere intellectual property concerns! The reality is these devices are now capable of holding a lot more information. In fact some of these device now offer the ability to extend its capabilities though the use of SD cards! So how do we protect the company and the data we all work so hard to create? Corporate policy! We need to have clear guidelines as to what data we will allow on any device… that includes USB thumb drives!

Most of us use these so-called smart-phones as glorified email and calendaring clients. Both Blackberry and the iPhone offer differing levels of security over these devices… Both offerings allow for remote wipe! Blackberry does this though the use of its proprietary server product… the iPhone relies on its implementation of Microsoft’s ActiveSync. Certainly RIM’s offering is a lot more feature rich… but one needs to keep in mind the type of data we are protecting.

One thing the iPhone is not real good at is battery life when transferring data over a 3G connection.

One thing that the iPhone does really well is seek out public Wi-Fi networks.

Many of us gladly connect to “free” hot spots to save battery life BUT that presents big security risk. The iPhone really doesn’t inform you that you are associating the phone with a true AP or an ad-hoc device. One must use care with sending passwords over an “untrusted” network! While not exactly trivial to do… it isn’t exactly hard for someone to set up a rogue AP. These devices can cause you a lot of aggravation. These ad-hoc APs could be used to perpetrate a Man-in-the-Middle attack while using the hot spot. Additionally, it could be used to “poison” your phone’s browser cache, which in turn could be used to display fake Web pages or even steal data at a later time. It’s always a good idea to clear Safari’s cache after connecting to an unknown AP. So how does one go about clearing the cache on the phone?

Choose Settings > Safari > Clear Cache.

Want to capture a screen shot on your iPhone?

Hold down the sleep/power button and press the home button twice! Have fun