About Mobilecrunch

MobileCrunch is Mobile 2.0. Our mission is to identify, profile, test and even help develop the technologies, applications, services and devices that will define the next generation of connected mobile computing.

More about Mobilecrunch.

TechCrunch Network

CrunchBase
CrunchBoard Jobs
CrunchGear
CrunchNotes
InviteShare
Gillmor Gang
MobileCrunch
TalkCrunch
TechCrunch Forums
TechCrunch UK
TechCrunch en Français
TechCrunch 日本語版
TechCrunch

December 14, 2007

Hack Attack may be coming to iPhone in 2008

Posted by John Kullman

arbornetworks.jpgSecurity researches at Arbor Networks are predicting that the iPhone will be subject to a serious attack in 2008. The attacks will likely take the form of malware embedded in photos or video. In the past the iPhone has been vulnerable to such attacks through a bug in its handling of TIFF images. A recent update has solved the problem. Former versions of Apple’s firmware used a version of the libtiff library that was susceptible to buffer-overflow attacks.

HD Moore, a security researcher and hacker, revealed in October that the TIFF exploit would allow malicious hackers access the phone’s root level. All the iPhone’s key applications run as root processes and by exploiting the TIFF bug a hacker can take control of the phone.

Arbor Networks thinks that the challenge to be the first to hack the iPhone and take control of the phone is an enticement for hackers too big to pass up.

“2007 was the year of the browser exploit, the data breach, spyware, and the storm worm,” the Arbor report said. “We expect 2008 to be the year of the iPhone attack, the Chinese Hacker, P2P network spammers, and the hijacking of the Storm botnet.”

The prediction is hardly a risky one, said Andrew Storms, director of security operations for nCircle Security. “Predicting a higher rate of attacks on the iPhone is like saying there will be more people trying to hack Leopard in 2008,” he wrote in an e-mail.

“This is an obvious direction for the hacking community,” he added. “Those who hack for good or bad are always interested in the newest target and even better is a new target with a large install base.”

Things will change in 2008, Storms said, with Apple’s release of a software development kit for the iPhone. “Once the SDK releases, everyday users will be installing third-party applications without having to risk an iBrick,” he said, referring to the fact that uses who installed unlocking software found their phones were inoperative after an Apple firmware upgrade.

“The tools and methods which Apple integrates into the iPhone to protect users from malware developed with the SDK is what will be getting significant attention in 2008,” he said, predicting that AT&T and all Wi-Fi networks in range of the iPhone will be the next target.

“Imagine a successful mobile worm that distributes itself over both cellular and Wi-Fi,” he concluded. “That’s a day that security professionals have been worrying about for years.”

Arbor Networks


Categories: Analysis | Del.icio.us Bookmark this post with del.icio.us

1 Comment

  1. iphone is a real blessling for hackers they are earning money again and again through it

    Comment by taniya — December 14, 2007 @ 1:26 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.