Top stories

Commuter Delays? iPhone Tube Refund App Pays for Itself

Londoners stuck in the tube now have a handy iPhone app to request ticket refunds.
Tube Refund, which costs $0.99, zaps off the request for riders whose journey is delayed over 15 minutes.
Depending on where you go and what time of day, a one-way tube ticket can cost from £1.80 to £4.00 ($2.75 – $6 circa) [...]

What’s Next For the iPad? A Tabletop iPad, According to Xerox PARC Circa 1991

Way back in 1991, just as Apple was transitioning from 68k to PowerPC chips, the braniacs at Xerox PARC were predicting it’s entire iPod, iPhone and iPad strategy. And next up for the iPad is a blackboard-sized device.
Nearly 20 years ago, just as personal desktop computers were taking off, researchers at Xerox started thinking about [...]

iPhone App Arms Users With Silent Panic Button

A new app called Silent Bodyguard features a panic button that sends an SOS distress signal with GPS coordinates to potential rescuers without alerting onlookers.
While the $3.99 app, available on iTunes, isn’t the first ICE (in case of emergency) app, this one is backed by Dr. Clint Van Zandt, former FBI chief hostage negotiator and criminal [...]

Early Apple Employees Auction Killer Collectibles

If there’s a good thing about the recession, it seems to be bringing some fine Apple memorabilia out of storerooms and closets.
Cliff and Dick Huston — ex-Apple engineers, for the record employees 27 and 25 — have decided to part with a treasure trove of Cupertino collectibles by auctioning them on eBay.

What’s on the block:

Apple [...]

Exploit of iPhone Relies on Social Engineering; Threat Exaggerated

10:16 pm, July 23rd, 2007, Pete Mortensen


Watch the video up top. It’s a pretty terrifying video of a totally compromised iPhone through a new exploit of Safari, both on iPhone and likely PCs and Macs. A fix is already in the works, but I have to say I’m not that bothered. Why? Because it, like every other really dangerous exploit of a Mac or Apple product I’ve seen is heavily reliant on social engineering. For your iPhone to freak out and possibly shoot your cats with an iLaserbeam, you first need to go to a website specifically designed to make your iPhone freak out and kill your kittens. And I’m sorry, there’s no amount of protection that can protect people who are dupes for fraud. You can only go so far. This hole needs to close, no doubt, but if people vulnerable to harm on the web don’t know to only go to links they can trust, they probably shouldn’t be using the web at large.

Now, when people can make this happen over WiFi without the use of an exploit-focused website, then I’ll panic. And probably go back to landlines.

Via NY Times.

Posted by Pete Mortensen in iPhone | Comment on this article

If you enjoyed this article:
Subscribe via RSS or email, or follow us on Facebook and Twitter

About the author

Petemortensen

Pete Mortensen is a design strategist for consulting firm Jump Associates and the co-author of Wired to Care: How Companies Prosper When They Create Widespread Empathy, a book and blog that are significantly more interesting than you might initially think. Pete's particular Apple avocations are both around design--interface and industrial. Follow him on Twitter!

Email the author | Read more posts by Pete Mortensen.

Related posts from Cult of Mac

12 comments

    You can easily set up an open Wifi that redirects all web page requests to a malicious one containing the exploit. If your iPhone automatically connects to it and you try to go to google – you are hit.

    Alex, on July 23rd, 2007 at 11:07 pm

    Just a quick correction, while it’s true you need to go to a specific website to get compromised, the average iPhone user is likely to let their iPhone hop on any open network. A hacker can use a captive portal (like what happens when you try to use a WiFi network that requires you to pay or sign in at a hotel or coffee shop) as a honey pot to intercept your initial URL request, do their dirty deed, then hand the iPhone on to the actual address you requested. You’re mostly none the wiser but the iPhone is completely compromised. This is a very real vulnerability, though it applies to more OSes than just the iPhone. This one is simply tailored to the iPhone. The lesson here is to set your iPhone to check with you before using an open or unknown WiFi network.

    Ben, on July 24th, 2007 at 12:36 am

    LOL, this is hilarious. “if people vulnerable to harm on the web don’t know to only go to links they can trust, they probably shouldn’t be using the web at large.” First off, this doesn’t scale. If you are a brand new user, you haven’t been to any websites. Therefore you have no links you can trust. Under your suggestion, this person shouldn’t go anywhere, since they can’t trust anybody. Face it, EVERYBODY free surfs. Why do you think it was called “Web surfing” back in Web 1.0 days?

    cparker, on July 24th, 2007 at 4:54 am

    “Now, when people can make this happen over WiFi without the use of an exploit-focused website, then I’ll panic. And probably go back to landlines.”

    are we watching the same video? its looks to me like when you are connected to an attackers wifi, you can go to any site, and will be unknowingly redirected to a site where your info is stolen. then the browser (safari) quits. so it looks like what you say would be bad if it happens is actually what happens. watch the video again.

    MINI Vanilli, on July 24th, 2007 at 5:23 am

    This doesn’t seem to be a social engineering trick at all.
    Maybe you can look at the video again.
    The exploit is an exact demonstration of the exploit you mention:
    “Now, when people can make this happen over WiFi without the use of an exploit-focused website, then I’ll panic. And probably go back to landlines.”

    J.

    J, on July 24th, 2007 at 5:51 am

    I have looked at the video many times. It requires the iPhone to visit an exploit-focused website. You’ll notice he navigates there with Safari. It’s not a sudden hostile takeover while I’m making a phone call with a WiFi connection open. This is a bunch of hype.

    Pete Mortensen, on July 24th, 2007 at 10:22 am

    Hmmm, that’s odd. When *I* listen to the video, I hear them say very clearly that, when going to a *trusted* web site, “such as the New York Times”, the rogue *wi-fi base station* will substitute a different URL, thereby directing the iPhone to a rogue web site, but withOUT the user’s participation or endorsement. So the initial rogue element in this scenario is the wi-fi base station. It does NOT require the user to select a rogue web site – that part is done by the wi-fi base station, out of view or control of the user.

    So … it still doesn’t seem like an overwhelmingly horrible vulnerability, but the opening for the exploit is for the user to make use of an untrustworthy/compromised wi-fi hotspot – something that a lot of users may not ever think about.

    Paul Lustgarten, on July 24th, 2007 at 11:14 am

    The user has to be connected to the exploiter’s wi-fi network. That’s the first sentence he mentions. The lesson isn’t to use only trusted web pages (what a sad, small world you would occupy), but to use only trusted wi-fi networks.

    Tom, on July 24th, 2007 at 2:42 pm

    This is almost as much a threat as those “worms” that require you to click Yes to download, select the folder to copy it to, enter your system password, and click Yes to install. Almost.

    “Run away! Run away!”
    - King Arthur (well, in Monty Python and the Holy Grail)

    imajoebob, on July 24th, 2007 at 6:19 pm

    Is there anything significant about the pretzel, blue post-it notes and tape?

    Purple monkey dishwasher.

    Michael Easter, on July 25th, 2007 at 12:10 am

    Maybe you posted a different video then.
    The scenario is see is: ‘hostile WiFi access point’, ‘access trusted website (via Safari)’, ‘iPhone is now under outside control’.
    So, no ‘exploit-focused website’ is used. It could be ‘www.google.com’ etc.
    No social engineering is needed, it could be a notebook with WiFi in a coffee shop, pretending to be the public WiFi access point of the coffee shop (how would you know?). No ’system’ password or other acknowledgment is needed either.
    And the claim of the video is that the iPhone can be hijacked in normal use, not necessarily while calling.

    If the claim is true, it is a very serious exploit that reveals more than one problem with iPhone (and OS X) security.

    J.

    J, on July 25th, 2007 at 12:58 am

    Hmm..
    So..
    Lets say I am an attacker.
    and I make my access point called “linksys” and open with no password – Just like many coffee shops and dorm rooms here in Boston. Any there are many.

    As the user, I have connected to a “linksys” wap before in coffee shops therefore it has been saved in my preferred networks on the iphone. So anywhere I go now, iphone will automatically connect to linksys if it finds it.

    As the attacker, I decide to change the google.com (maps,mail,news,www) dns a records in the dhcp scope of the my “linksys” wap to point to my frontpage with iphone exploit.

    Now I can steal anyones info who walks through my access point and tries to access *.google.com per the video. How many times do you think people goto google? And how many people who have an iphone are psyched when they find an open wireless network in the wild, when the edge perfomance is so sloooooow.

    Best way I can see right now to prevent this, is to turn off the automatic joining of wireless networks, and then decide when prompted if its safe or not- which stinks because the automatic switching between wireless and the edge is a cool feature.

    Yes you do have to goto a harmful website – but since when has google.com put a trojan on your phone?

    prill, on July 25th, 2007 at 5:14 am

Buy Inside Steve's Brain Buy from Amazon.com Buy from Barnes & Noble