[iUsability-Pwned] critical iPhone 3.0 bug/feature

Monday, July 6. 2009

I recognized that iPhone SW version 3.0 connects immediately after finding a WLAN to a page outside to check for internet connectivity and enable automated hotspot authentication.

The new hotspot feature tries to access http://www.apple.com/library/test/success.html to determine if it can access the internet directly or not. If it can't access the page it assumes it's in a hotspot and the new hotspot feature kicks in (which doesn't work with http authentication).

http://discussions.apple.com/thread.jspa?threadID=2044951&start=15&tstart=0

In case a malicious attacker uses faked hotspot tools, like karmetasploit's scrip kmsapng your iPhone will get 0wned by walkin by. kmsapng creates hotspots based on the WLAN probe request ist sees. So it might be very likely named like your home network, the hotel hotspot you had been on yesterday, you mobile providers WLAN network name or "Free Internet" (be aware!).

This attack class is not new, any other browser might also react in the same fashion, in case you try to open any web page while being connected to a faked hot spot.

The interesting part about the iPhone SW 3.0 is that it immediately opens the browser once you try to associate with a network without internet connectivity.

Max Moser of remote exploit documented this potential risky feature in this nice movie.

As far I can tell this behavior enables an attacker to steal authentication cookies of iPhones, if not more.

advice: don't connect to networks you don't trust

further research of impact is pending

iUsability-Pwned from Max Moser on Vimeo.

[1] http://remote-exploit.blogspot.com/2009/07/iusability-pwned.html

Posted by gramels in english, security at 00:44 | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , , ,

First Snow in BlackForest

Sunday, November 23. 2008

not the first snow though, but it looks like this one is about to last (-6 °C)

Posted by gramels in deutsch, english at 14:58 | Comments (2) | Trackbacks (0)
Defined tags for this entry: ,

Hack a plane!

Saturday, January 5. 2008

It seems like, that Boing made a typical design flaw:

  • Never connect two networks with differen security status.
  • Firewall them.
  • If security status is too different ensure physical separation.

The last point seems to apply also to plains flight control and passengers interent connectivity systems.

Not for Boing it looks like: http://www.wired.com/politics/security/news/2008/01/dreamliner_security.


Posted by gramels in english at 09:16 | Comments (0) | Trackbacks (0)
Defined tags for this entry:

fluffy trojan

Thursday, January 3. 2008

For those of you which have missed 24c3 and "Security nightmares 2008" (get the recording at http://outpost.h3q.com/fnord/24c3-torrents/ ) here is the right trojan for your bosses desk (the features just lack network connectivity):

• camera-based vision system (for light detection and navigation)
• two microphones, binaural hearing
• eight touch sensors (head, chin, shoulders, back, feet)
• four foot switches (surface detection)
• fourteen force-feedback sensors, one per joint
• orientation tilt sensor for body position
• infrared mouth sensor for object detection into mouth
• infrared transmit and receive for communication with other Pleos
• Mini-USB port for online downloads
• SD card slot for Pleo add-ons
• infrared detection for external objects
• 32-bit Atmel ARM 7 microprocessor (main processor for Pleo)
• 32-bit NXP ARM 7 sub processor (camera system, audio input dedicated processor)
• four 8-bit processors (low-level motor control)

(The toy is called Pleo, more at http://www.pleoworld.com/discover)

Posted by gramels in english at 17:33 | Comments (0) | Trackbacks (0)
Defined tags for this entry: ,

waiting for the [up/down] link

Monday, December 10. 2007

After years without broadband up here in the black forest the newly established wireless broadband provider promised me for tomorrow to get access to their test setup.

I am ready!
After years without broadband up here in the black forest the newly established wireless broadband provider promised me for tomorrow to get access to their test setup.
I am ready!

Posted by gramels in english at 16:17 | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , ,

tune the truth - you don't get what you see

Thursday, September 27. 2007

Some of you might remeber the picture of the girl in the knee deep mudd at CCCamp 2007

Here is the truth about this picture:

Posted by gramels in english at 23:06 | Comments (0) | Trackbacks (0)
Defined tags for this entry: ,

Heavy rain @ camp07

Saturday, August 11. 2007

Posted by gramels in english at 17:53 | Comments (0) | Trackback (1)
Defined tags for this entry: ,

camp07 at night

Friday, August 10. 2007


Posted by gramels in english at 19:48 | Comment (1) | Trackbacks (0)
Defined tags for this entry:

Hackers on a <strike>plane</strike>bus

Friday, August 10. 2007

Well, it looks like that the widely announced "Hackers on a plane" ( also here ) turned into a "Hackers on a bus" trip. (see also http://ioerror.livejournal.com/448684.html)

Due to some (unconfirmed) scheduling issues (<rumor> somebody mixed up dates due to the fact that timezones exist </rumor>) the Hackers coming from Defcon had to take a bus from Duesseldorf airport to the camp site.

Instead of riding a chartered DO-328 they rode this nice chartered coach:

This coach took 10h from Düsseldorf to Berlin, while the Berlin airports are just 50 minutes away from here.

However, to compensate for the bus trip, there is still a chance at the camp to take off at the runway attached to the camp.



A round trip with the Hacker plane, a AN 2.

Posted by gramels in english at 19:07 | Comments (0) | Trackbacks (0)
Defined tags for this entry:

CCC camp07 dog rules

Friday, August 10. 2007

some impressions about dog rules at CCC camp 2007

Posted by gramels in english at 18:51 | Comments (0) | Trackbacks (0)
Defined tags for this entry: , ,
(Page 1 of 3, totaling 21 entries) » next page