Monday, July 23, 2007

iPhone Video of iPhone Exploit

The Youtube video for the iPhone exploit can't be viewed on the iPhone, and the h264 version of the video that was posted on the ISE site doesn't work with the iPhone.

I have found a iPhone friendly version of the video, but it only works if you view it with an iPhone, otherwise it shows you the YouTube video.

iPhone Exploit Revealed | Red-Rome Developers

iPhone 3rd Party App Developers looking to new exploit to run their apps

You can read about the exploit at Red-Rome Developer


With the news of the new exploit on the iPhone, it may have become possible to run 3rd Party Apps on the iPhone. The conditions and code of the exploit are still secret, but the implications are not.

1. It was shown that 3rd Party Code can be run on the iPhone, whether this was run inside the Safari "shell" is not known, but code was run that was able access parts of the phone that cannot be accessed by normal javascript.

2. The code was able to also run other programs, which was demonstrated by the sending of text messages.

3. Can the exploit change files on the iPhone or just read data? This is not known, but if it can, then it opens the door to installing files and placing application icons on the home menu.

4. Can the exploit access advanced graphics, the mic, camera, speaker, etc? Also not known, but would be very useful for VOIP apps and Games.

In Conclusion, we still don't know a lot, but what we do know is that 3rd party apps are at least possible, and I truly believe that it is only a matter of time before they will be commonplace on the iPhone. Apple should take the lead and release an SDK, but I don't think they will. Whether this turns out to be a smart move or not, only time will tell.

iPhone Exploit Found

Red Rome Developer Article

Due to the widespread attention paid to the iPhone and the security implications of mobile devices in general, we performed a security evaluation of the new Apple iPhone. While Apple takes some precautions to minimize the amount of code accessible to remote attackers, it did not take other basic precautions in designing a robust security solution for the device. While made more difficult due to the closed nature of the device, with little effort we were able to find a vulnerability in the iPhone. We were then able to leverage this vulnerability and use it to write an exploit which could extract personal information off the device without the user ever knowing.