August 7, 2008 3:33 PM PDT

This Christmas, your company's getting an iPhone in a box

by The Macalope
  • Font size
  • Print
  • 7 comments

George Ou (yes, that George Ou!) has an interesting preview of David Maynor's (yes, that David Maynor!) presentation tomorrow at DEFCON 16.

The horny one doesn't know if David's ingenious idea was inspired by the dick in a box, but to riff on a theme:

1) Get a box
2) Put a hacked iPhone attached to an external battery and running reconnaissance or penetration (ahem) tools in the box
3) Mail the box to your girl some company
4) Penetrate (the Macalope said "ahem" already!) said company

And that's how you do it!

While many companies have their shipping and receiving done at separate locations because of more traditional kaboom-related threats, this is still pretty Mission: Impossible.

The usual jokers will probably take this as another sign of why iPhones shouldn't be allowed in the enterprise.

Mythical beast and rumormonger extraordinaire, the Macalope writes about all things Apple for the CNET Blog Network. Read more at The Macalope: An Apple blog. He is not an employee of CNET. Disclosure.

Recent posts from The Macalope: An Apple blog
RETURN
Awwwwww, FREAK OUT!
Nick! Heath! There's a fire in the barn!
This Christmas, your company's getting an iPhone in a box
Rob Enderle be a lady tonight
Where have you gone, George Ou? A nation turns its lonely eyes to you.
If wishes were horses.
Ditto
Add a Comment (Log in or register) (7 Comments)
  • prev
  • 1
  • next
by GaryPatterson August 8, 2008 3:32 AM PDT
That's a joke, right?

I mean, a company gets an iPhone in a box that's physically hacked up and just puts it into use? No company I've ever worked for would allow that. Even the most stupid IT drone right out of mail-order-diploma-school would stop and think about that one.

It's some kind of crappy joke, right?
Reply to this comment
by ripragged August 8, 2008 5:41 AM PDT
Gracious, Mr. Lope. The level of seriousness of your article was immediately plain to me. Apparently the entry requirements of C|Net are somewhat less stringent than the requirements of your old blog.

Just to be clear, I think you should explain that the comparison is of a physically hacked iPhone to the male appendage of a desperate pervert. It seems like a reasonable comparison to me. In context to corporate IT, it seems entirely apropos.

Sit up straight. Eat your green beans.
Reply to this comment
by Sandro Abate August 8, 2008 6:27 AM PDT
What kind of imbecile would plug in any device, iPhone or no, that shows up unannounced and unexpected into the corporate network? That's right, George Ou.
Reply to this comment
by dmaynor August 8, 2008 7:08 AM PDT
The talk was actually inspired by the SNL skit.

Let me clear up a misconception. The box is never supposed to be opened, that why it is sent to a nonexistent person. The attack works fine since the box is suppose to stay in the companies shipping and receiving facaility that allows us to connect over the ATT network then use the wifi interface to collect data or launch attacks. In fact someone opening the box would pretty much ruin the attack since an iphone connected to a battery would look suspicious.
Reply to this comment
by chigaze August 8, 2008 8:28 AM PDT
This is actually an interesting attack and could probably be done with more devices than just an iPhone. The iPhone just makes it a juicier story.

The most frightening part is that a place would hold an unidentified package for 5 days. Homeland Security might have something to say about that.
Reply to this comment
by MATTAND August 8, 2008 9:23 AM PDT
@dmaynor:

Here's a less snarky version of what I tried to post at George Ou's site: It's seems that the major mechanism for this hack is counting on every mail department to utterly ignore the box.

Granted, most mail departments aren't exactly think tanks. However, given the 9/11-enhanced paranoia in today's world, doesn't it seem slightly implausible that most people are just going to ignore a delivery to a phantom employee?

Also, is it only the iPhone that can do this? As chigaze pointed out, the iPhone makes for more sensational headlines (and causes people like George Ou to have a four Kleenex box day.) If other phones can do this, are you going to list them as well?
Reply to this comment
by ripragged August 9, 2008 12:16 PM PDT
What if the iPhone was also contaminated with salmonella? Wait. Here's one. You could blow up a whole building with an iPhone and some carefully placed plastique. An iPhone could be programmed to make anonymous obscene phone calls to a transient hotel in Decatur, Ill.

Man. iPhones are scary.
Reply to this comment
(7 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About The Macalope: An Apple blog

Born of the earth, forged in fire, the Macalope was branded "nonstandard" and "proprietary" by the IT world and considered a freak of nature. Part man, part Mac, and part antelope, the Macalope set forth on a quest to save his beloved platform. Long-eclipsed by his more prodigious cousin, the jackalope (they breed like rabbits, you know), the Macalope's time has come. Apple news and rumormonger extraordinaire, the Macalope provides a uniquely polymorphic approach. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Macalope: An Apple blog topics

advertisement

Inside CNET News

Scroll Left Scroll Right