*From SANS (and don't say they didn't warn you:)
–iPhone Data Stealing Exploit Released
(November 11, 2009)
"The same vulnerability that was used to spread a relatively harmless
worm is now being exploited to allow attackers to steal data from
jailbroken iPhones. An estimated six to eight percent of iPhones are
jailbroken, meaning they have been modified to allow applications and
other code to run on the devices even if that code has not been signed
by Apple. The attackers can access music, photos, email, text messages
and other information. Both attacks gain access to iPhones through
default SSH passwords; users who choose to jailbreak their iPhones are
advised to change the default SSH password if they have installed that
utility."
http://www.scmagazineus.com/Attack-tool-can-hijack-data-off-unlocked-iPhones/article/157587/
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=221601340&subSection=Attacks/breaches
http://www.computerworld.com/s/article/9140699/Hackers_pillage_jailbroken_iPhones?taxonomyId=17
http://www.theregister.co.uk/2009/11/11/iphone_hacking_tool/
[Editor's Note (Northcutt): This is just the beginning. It is the
classic features versus security story. The iPhone rocks; it has the
features people want; it has a far better interface than any other
phone; so it will keep selling and keep ending up as a business PDA.
Perhaps it won't be the standard, but rather the device allowed as an
exception. Try to hold the line, the Blackberry is a far safer device,
keep it as the standard. When exceptions are granted, ask those business
folks not to put the entire company directory on their phones. It is
just a matter of time until security applications start to become
available for this platform, but we need to try to minimize data loss
until then.]
(((A sure way to get known as "the nerd company that still uses Blackberries
because they're supposedly more secure." You want some REALLY secure
communications? Work in an industry were nobody makes any money.)))
