Top stories

Journalists Cover Microsoft, Using Macs

It’s not an easy time for Microsoft — with Steve Ballmer having to field questions about being “buffoons” and an “evil empire”  at the shareholder’s meeting (.doc) — so when they get together “the world’s most influential technology pundits and online writers” (nb: we weren’t invited) for Mobius to discuss super-secret mobile tech you’d think [...]

Guide To Black Friday Apple Bargains: Cheap MacBooks, iPods and Accessories Galore

Here’s a guide for finding the best bargains on Apple-related gear during the infamous Black Friday sales on November 27. We’ve compiled a comprehensive list of gear from leaked photos of sales flyers and descriptions of sales.
The bargains include a 2.26 GHz MacBook + $150 gift card at Best Buy for $999.99 ; a 32GB [...]

Review: Voices Is Today’s Best Thing Ever, Grab It Now While It’s Cheap

New on the App Store is Voices from the clever folk at Tap Tap Tap. You can guess what it does.

Open it up, pick a silly voice. Helium is pretty silly. A microphone appears and the app even clears your throat for you (try it, you’ll see what I mean). Now speak your brains, and [...]

Review: Sony Walkman S540 Series Video MP3 Player

Press releases, you will hardly be surprised to hear, are rarely very interesting. But one arrived in my inbox a couple of weeks ago that made me double-take.
“Sony’s S Series Walkman,” it chattered, “is a serious challenger to the iPod Nano.” Gosh, really? Perhaps the Cult had better have a look at one, then, despite [...]

Exploit of iPhone Relies on Social Engineering; Threat Exaggerated

10:16 pm, July 23rd, 2007, Pete Mortensen


Watch the video up top. It’s a pretty terrifying video of a totally compromised iPhone through a new exploit of Safari, both on iPhone and likely PCs and Macs. A fix is already in the works, but I have to say I’m not that bothered. Why? Because it, like every other really dangerous exploit of a Mac or Apple product I’ve seen is heavily reliant on social engineering. For your iPhone to freak out and possibly shoot your cats with an iLaserbeam, you first need to go to a website specifically designed to make your iPhone freak out and kill your kittens. And I’m sorry, there’s no amount of protection that can protect people who are dupes for fraud. You can only go so far. This hole needs to close, no doubt, but if people vulnerable to harm on the web don’t know to only go to links they can trust, they probably shouldn’t be using the web at large.

Now, when people can make this happen over WiFi without the use of an exploit-focused website, then I’ll panic. And probably go back to landlines.

Via NY Times.

Posted by Pete Mortensen in iPhone | Comment on this article

About the author

Petemortensen

Pete Mortensen is the communications lead for growth strategy firm Jump Associates and the co-author of Wired to Care: How Companies Prosper When They Create Widespread Empathy, a book and blog that are significantly more interesting than you might initially think. Pete's particular Apple avocations are both around design--interface and industrial. Follow him on Twitter!

Email the author | Read more posts by Pete Mortensen.

Related posts from Cult of Mac

12 comments

    You can easily set up an open Wifi that redirects all web page requests to a malicious one containing the exploit. If your iPhone automatically connects to it and you try to go to google – you are hit.

    Alex, on July 23rd, 2007 at 11:07 pm

    Just a quick correction, while it’s true you need to go to a specific website to get compromised, the average iPhone user is likely to let their iPhone hop on any open network. A hacker can use a captive portal (like what happens when you try to use a WiFi network that requires you to pay or sign in at a hotel or coffee shop) as a honey pot to intercept your initial URL request, do their dirty deed, then hand the iPhone on to the actual address you requested. You’re mostly none the wiser but the iPhone is completely compromised. This is a very real vulnerability, though it applies to more OSes than just the iPhone. This one is simply tailored to the iPhone. The lesson here is to set your iPhone to check with you before using an open or unknown WiFi network.

    Ben, on July 24th, 2007 at 12:36 am

    LOL, this is hilarious. “if people vulnerable to harm on the web don’t know to only go to links they can trust, they probably shouldn’t be using the web at large.” First off, this doesn’t scale. If you are a brand new user, you haven’t been to any websites. Therefore you have no links you can trust. Under your suggestion, this person shouldn’t go anywhere, since they can’t trust anybody. Face it, EVERYBODY free surfs. Why do you think it was called “Web surfing” back in Web 1.0 days?

    cparker, on July 24th, 2007 at 4:54 am

    “Now, when people can make this happen over WiFi without the use of an exploit-focused website, then I’ll panic. And probably go back to landlines.”

    are we watching the same video? its looks to me like when you are connected to an attackers wifi, you can go to any site, and will be unknowingly redirected to a site where your info is stolen. then the browser (safari) quits. so it looks like what you say would be bad if it happens is actually what happens. watch the video again.

    MINI Vanilli, on July 24th, 2007 at 5:23 am

    This doesn’t seem to be a social engineering trick at all.
    Maybe you can look at the video again.
    The exploit is an exact demonstration of the exploit you mention:
    “Now, when people can make this happen over WiFi without the use of an exploit-focused website, then I’ll panic. And probably go back to landlines.”

    J.

    J, on July 24th, 2007 at 5:51 am

    I have looked at the video many times. It requires the iPhone to visit an exploit-focused website. You’ll notice he navigates there with Safari. It’s not a sudden hostile takeover while I’m making a phone call with a WiFi connection open. This is a bunch of hype.

    Pete Mortensen, on July 24th, 2007 at 10:22 am

    Hmmm, that’s odd. When *I* listen to the video, I hear them say very clearly that, when going to a *trusted* web site, “such as the New York Times”, the rogue *wi-fi base station* will substitute a different URL, thereby directing the iPhone to a rogue web site, but withOUT the user’s participation or endorsement. So the initial rogue element in this scenario is the wi-fi base station. It does NOT require the user to select a rogue web site – that part is done by the wi-fi base station, out of view or control of the user.

    So … it still doesn’t seem like an overwhelmingly horrible vulnerability, but the opening for the exploit is for the user to make use of an untrustworthy/compromised wi-fi hotspot – something that a lot of users may not ever think about.

    Paul Lustgarten, on July 24th, 2007 at 11:14 am

    The user has to be connected to the exploiter’s wi-fi network. That’s the first sentence he mentions. The lesson isn’t to use only trusted web pages (what a sad, small world you would occupy), but to use only trusted wi-fi networks.

    Tom, on July 24th, 2007 at 2:42 pm

    This is almost as much a threat as those “worms” that require you to click Yes to download, select the folder to copy it to, enter your system password, and click Yes to install. Almost.

    “Run away! Run away!”
    - King Arthur (well, in Monty Python and the Holy Grail)

    imajoebob, on July 24th, 2007 at 6:19 pm

    Is there anything significant about the pretzel, blue post-it notes and tape?

    Purple monkey dishwasher.

    Michael Easter, on July 25th, 2007 at 12:10 am

    Maybe you posted a different video then.
    The scenario is see is: ‘hostile WiFi access point’, ‘access trusted website (via Safari)’, ‘iPhone is now under outside control’.
    So, no ‘exploit-focused website’ is used. It could be ‘www.google.com’ etc.
    No social engineering is needed, it could be a notebook with WiFi in a coffee shop, pretending to be the public WiFi access point of the coffee shop (how would you know?). No ’system’ password or other acknowledgment is needed either.
    And the claim of the video is that the iPhone can be hijacked in normal use, not necessarily while calling.

    If the claim is true, it is a very serious exploit that reveals more than one problem with iPhone (and OS X) security.

    J.

    J, on July 25th, 2007 at 12:58 am

    Hmm..
    So..
    Lets say I am an attacker.
    and I make my access point called “linksys” and open with no password – Just like many coffee shops and dorm rooms here in Boston. Any there are many.

    As the user, I have connected to a “linksys” wap before in coffee shops therefore it has been saved in my preferred networks on the iphone. So anywhere I go now, iphone will automatically connect to linksys if it finds it.

    As the attacker, I decide to change the google.com (maps,mail,news,www) dns a records in the dhcp scope of the my “linksys” wap to point to my frontpage with iphone exploit.

    Now I can steal anyones info who walks through my access point and tries to access *.google.com per the video. How many times do you think people goto google? And how many people who have an iphone are psyched when they find an open wireless network in the wild, when the edge perfomance is so sloooooow.

    Best way I can see right now to prevent this, is to turn off the automatic joining of wireless networks, and then decide when prompted if its safe or not- which stinks because the automatic switching between wireless and the edge is a cool feature.

    Yes you do have to goto a harmful website – but since when has google.com put a trojan on your phone?

    prill, on July 25th, 2007 at 5:14 am

Buy Inside Steve's Brain Buy from Amazon.com Buy from Barnes & Noble