iPhone - Hack


One thing you notice about the iPhone is that most of the so called 'applications' are just web controls and you end up with the same web browser (safari) being the underpinning of being an application plaform. So the hack here is to load a control into a web page that kicks off into the iPhones OS the commands you want and then streams them back up as a post. In the demo, they do a DNS hack to replace the page you're trying to load, but this could be on any page that anyone could gain administrator access to. I did this once for a practical joke, took the /windows/system32/drivers/etc/hosts file and edited it so that CNN looked like it was running a front page story on a friend of mine. Thats what they mean by a wireless access point controlled by a hacker. you should be careful about which one you snort, but don't worry so much about the DNS hack they have here - just be careful about any page you hit. Watch how long page loads take. If a page load takes a bit way too long, and then returns back to the main screen without displaying the page you want then thats probably this control at work. This hack does in the video a single command execution. You're not likely going to need to slick down your iPhone however apple will release a patch to this (all they have to do is block the control from safari and they're golden) in likely the next week. Thanks to ACE for raising my clue level.

Comments