New ways to compromise smartphones, including iPhones
The Blackhat security conference is coming up very soon, and with it, advanced information about all sorts of wonderful problems. In this case, two new ways to compromise smartphones.
First up, a report on a tool that's built in to all smartphones: Androids, Blackberrys, iPhones sold by Sprint. They haven't tested Windows phones yet. It's a management tool that allows the cell providers to update firmware in the phone through over the air updates, and the security implementation isn't very good.
Granted, this is a team of advanced security researchers, but they were able to get in and totally pwn the phones they were working with. They've notified the maker of the management tool and the cell companies, so a fix should be distributed over the next few months that will make this more secure. Also, no evidence of this being exploited in the wild.
http://www.wired.com/2014/07/hackers-can-control-your-phone-using-a-tool-thats-already-built-into-it/
Next up, an iPhone, if connected to a compromised Windows PC, can potentially be turned in to a botnet! This is interesting stuff as it has falsely been assumed that Apple had pretty tight security on its iPhones, which is broadly true, but they're also kinda slow pushing updates. I assume that the exploit would also be effective against iPads that also have cellular radios built-in.
http://www.wired.com/2014/08/yes-hackers-could-build-an-iphone-botnetthanks-to-windows/
First up, a report on a tool that's built in to all smartphones: Androids, Blackberrys, iPhones sold by Sprint. They haven't tested Windows phones yet. It's a management tool that allows the cell providers to update firmware in the phone through over the air updates, and the security implementation isn't very good.
Granted, this is a team of advanced security researchers, but they were able to get in and totally pwn the phones they were working with. They've notified the maker of the management tool and the cell companies, so a fix should be distributed over the next few months that will make this more secure. Also, no evidence of this being exploited in the wild.
http://www.wired.com/2014/07/hackers-can-control-your-phone-using-a-tool-thats-already-built-into-it/
Next up, an iPhone, if connected to a compromised Windows PC, can potentially be turned in to a botnet! This is interesting stuff as it has falsely been assumed that Apple had pretty tight security on its iPhones, which is broadly true, but they're also kinda slow pushing updates. I assume that the exploit would also be effective against iPads that also have cellular radios built-in.
http://www.wired.com/2014/08/yes-hackers-could-build-an-iphone-botnetthanks-to-windows/