Metasploit adds iPhone/iPod Touch hacks
As reported in ComputerWorld, security researcher H.D. Moore has included several iPhone and iPod Touch exploits in the latest Metasploit tool. The free tool is used by professional pen-testers and criminal hackers alike. The new exploits take advantage of a flaw in the TIFF image-rendering library and are similar to flaws used by the iPhone Dev Team.
"This exploit is rock solid. It's very reliable, as reliable as the WMF [Windows Metafile] exploits in Windows. You can send it in an e-mail; you can embed it in a Web page," Moore told ComputerWorld.
Even if Apple fixes the flaw, which it is expected to do soon, Moore says that criminals can still exploit it by rolling the firmware back to a prepatched version. A Trojan in 2005 used a similar firmware rollback on the Sony PlayStation Portable.
Moore has previously written in his blog how any successful hack on a iPhone will give the attacker root access to the entire phone. In the past, adding exploits to Metaploit has been a shortcut to the wild attacks.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
