Apple iPhone Security Gaps

We found different mobile devices available in the market Today iPhones are mainly used by nice ladies as it has a female style, not like BlackBerry or Android we feel that girls are more attracted by iPhones but from the security prospective iPhone may be hacked remotely within a few minutes.

Operating system that is used by iPhone is Mac OSX this is a modern version of NeXTSTEP BSD family which was released on September 18, 1989, after several previews starting in 1986.

Apple engineers have just removed all command lines utilities from the OS and by installing OpenSSH for jailbroken you will be able to find a complete BSD environment with different commands such as curl, gunizp , tar..etc

So here for the Mac OS X as in any other UNIX system the default root login password is alpine. Usually most iPhone that may be hacked have an OpenSSH installed which provides intruder the ability to accede over file system.

The remote SSH will give attacker a complete opportunity to calling people, sending SMS, getting all previous SMS, pictures, and you can do anything you want. So if you are using iPhone with SSH enabled do not ever keep your default password and make sure you use a complex one.

Now for detecting iPhones there are two interfaces wireless Wi-Fi and GPRS, Wifi provides a better interaction as GPRS a slow protocol and runs over the cellular provider.

You start by Nmap scanner to detect operating system remotely ex: nmap -O [Network] and you will find a list with all available iPhone in the targeted IP addresses range.

After identifying the apple phone you can run some brute force tools that will help in finding the password if default has been changed, here is a previous post with some tools.

Now on the operating system there are important folders where you can find some information like Library which contains personal data and settings and Media where you can find stored pictures, music and video.

SQLite stores more important information:

SMS: /var/mobile/Library/SMS/sms.db
Calendar: /var/mobile/Library/Calendar/Calendar.sqlitedb
Notes: /var/mobile/Library/Notes/notes.db
Call History: /private/var/mobile/Library/CallHistory/call_history.db
Address Book: /var/mobile/Library/AddressBook/AddressBook.sqlitedb and /var/mobile/Library/AddressBook/AddressBookImages.sqlitedb

You can copy any of them in a fast way using SCP command.

Another extremely useful thing is to use AT command, all modern mobile phone support an extended set of AT commands. One use of the extended AT commands is to control the sending and receiving of SMS messages.

AT +CMGS = Send message
AT +CMSS = Send message from storage
AT +CMGW= Write message to memory
AT +CMGD = Delete message

AT commands allow you to send SMS, dial numbers and learn the properties of iPhone hardware. You can imagine how it is possible to send an SMS to all the contact list without the knowledge of owners, or to run a crontab that will reboot the iPhone each 5 minutes, or delete all information on it.

For protecting yourself against any threat you should keep your software updated ,enable Secure Shell just when it is required and change the default password.

make sure you subscribe to my RSS feed!