Incident of the Week: Free iPhone Password Breaker Released

Posted on February 5, 2010 by Gabriel M. Helmer

Back in October you may remember our post on Elcomsoft, a Russian software company that came out with program to decrypt common wireless network signals.  Well, they're back this week with a program that will "enable[ ] forensic access" to password-protected backups for Apple iPhone and iPod touch devices.  In other words, if someone obtains access to the computer you use to sync your iPhone they could also get access to "backups containing address books, call logs, SMS archives, calendars, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache."  And while the program is in beta testing, Elcomsoft is even giving the program away for free

The program apparently uses the computing power of the latest generation of video cards to perform a dictionary or "wordlist-based attack" to recover the password needed to unlock the backup files.  This means that if your password can be found in a dictionary or a hacker's wordlist, there is a program out there that will unlock it.  With technology like this out there to decode commercially available encryption schemes, the best protection we may have is to select a sufficiently complex password to defeat wordlist based attacks (and not to use the same password for all your online activities as Twitter's recent incident and Trusteer's recent survey (.pdf) have suggested are rampant problems). 

Tags: , , , , , , , ,

Incident of the Week: Hackers to Demonstrate How To Take Control Over Every Apple iPhone In The World With A Single Text Message Today

Posted on July 30, 2009 by Gabriel M. Helmer

Speaking at the Black Hat computer security conference in Las Vegas only a few hours from now, hackers (or "security experts") Charlie Miller and Collin R. Mulliner are scheduled to expose an alleged security flaw in the Apple iPhone that may allow someone sending a single SMS message to take control of any iPhone.  According to a number of reports (note Forbes and AppleInsider), the exploit would allow a hacker to take control over all of the iPhone's functions.  This potentially could mean that a hacker could turn on the camera, microphone and GPS functions in your iPhone to record your activities, dial the phone or use your iPhone to infect others. 

Miller, who works as a security expert for Independent Security Evaluators, suggests that if you receive a text message with a single box-shaped character (e.g., ""), turn the iPhone off immediately.  [I'm not sure what the advice would be after that, but maybe you could use a break from all those emails while Apple fixes this problem.]  Because the alleged flaw could allow someone to take over your friends' and family's iPhones, the next suspicious text message you receive might be from someone you know.

Miller apparently notified Apple of this flaw some weeks ago and, concerned that Apple has not released a patch, intends to force the issue by demonstrating the hack today.

Links:

Tags: , , , , , , ,