Charlie Miller, also known by some in the security community as “Safari Charlie” for his Safari exploits at the Pwn2Own hacking contest, has announced that he and Vincenzo Lozzo, a student at the University of Milan, have recently discovered a new exploit to trick the iPhone into running unsigned code, and will be revealing their findings at the Black Hat Security Conference in Las Vegas.
“The iPhone has lots of defenses,” Miller told Ars Technica, “including application sandboxes, memory protections, and lack of a shell.” The “memory protections” differentiate between data and code, and prevent areas marked as data from being executed as code.“What I discovered was a way to get around that memory protection,” Miller explained. “Basically you’re able to have your data interpreted as code. That code could then modify the processor to load and run unsigned library.”
“In our case, we have processor load an unsigned library that amounts to a complete shell environment,” he added. At that point, a hacker would be able to do whatever they wanted to do with the device, including read any file or download more code.
Fortunately for us bystanders, the exploit itself is still useless without an exploit to load code as data and trick the iPhone into executing it in time. “By itself, it’s useless,” Miller said. “You still need to get control of the processor.”
Still, now that this exploit exists, other hackers will likely be trying to find ways to do just that.
[via Ars Technica]
Popularity: 1% [?]
Novothink rolls out Solar Surge iPhone / iPod touch charging case
DARPA looking to develop iPhone and Android apps, App Store
iDongle hardware iPhone jailbreak tool makes hacker life a little simpler
iPhone SDK 3.2 showing first hints of multitasking for third-party apps?
iPad pre-order is go!
Case-Mate’s Hug wireless iPhone charging solution
Sam Fisher to Debut on iPhone in New Splinter Cell Game
TomTom Update to Include Real-Time-Traffic, Google Search, and More
First iPad ad premieres during the Oscars