The following exploits have been discovered on the new Apple iPhone:

• Ability to access the Wi-Fi capabilities without activating on the AT&T; network.

• iPhoneinterface tool: This tool, using the same API functions used by the iTunes player, was able to access the small portion of the file system accessible to iTunes.

• Jailbreak: This program modified the iPhone in such a way that the entire file system could be access through the iPhoneinterface application.

• Safari browser exploit: This buffer overflow attack was previously discovered in Apple’s full version of Safari.

a.	By surfing to malicious HTML document, the payload of the exploit forces the iPhone to make an outbound connection to a server. The compromised iPhone can then send personal data including SMS text messages, contact information, call history, and voice mail information over this connection. Other personal data such as passwords, emails, and browsing history can also be obtained from the device.
.
b.	An additional exploit performs physical actions on the phone. It can force the device to make system sound and vibrate the phone. Alternatively, by using other API functions discovered in the hack, the exploit can dial phone numbers, send text messages, or recorded audio (as a bugging device) and transmitted it over the network for later collection by a malicious party.

     

Proposed Solutions

Apple can mitigate some risk by implementing safer practices such as data caging, address randomization, and forcing better control over privileges (i.e. all network data processes run in an administrator role)

However, even patching the OS from these known exploits does not eliminate risk of future buffer overflow attacks. The use of third party security software is recommended, as suggest below:

• Embed an anti virus software as a plug-in to the browser which detects the injection of code whenever the safari browser is opened (much in the same way as scanning for viruses before opening Microsoft Word).

• Embed a firewall to protect from threats that are originating from known IP addresses, or exploiting specific ports

• Embed an IPS for anomaly detection and pattern matching techniques to prevent known buffer overflow attacks.

• Embed a Spam filter to protect again known phishing attacks, or sites and numbers that are sending malware links via SMS or MMS.

• Protect confidential data on the device i.e. the user is notified of any attempt to copy the data stored in a restricted area (where the user stores all his personal information).

• Automatically connecting to unprotected wireless access points must be disabled by default.