edit: there was a “kid” (yes, a 14yr old kid) that designed an app for the original iphone that when removed, would take everything on the phone with it.
Nobody in the community noticed it for a while (or until people started loosing data). They caught the kid and had a talking to with his father who assured a developer he was grounded from the computer for a very long time lol
Exactly. The jailbreak was a perfect example of how a exploit can be used in a browser and install applications as root. This in theory could replace the Installer.app on the iPhone with a hidden virus or keylogger that causes someone to think they just had their browser crash. Also with the always on data the iPhone provides, you can simply stream any keystroke over the air without the user knowing.
You are missing the whole point. The point was that as Macs (and the iPhone which runs a Mac OS) are being more and more popular, they now are becoming targets of hackers. The original mentality of Unix based systems was that they are unhackable using typical methods however, the jailbreak was a simple way to prove that it is possible to install software on a system without root access simply using a web browser and this will be a future development of many hackers.
UNIX isn’t un hackable…I don’t know how long you have been into computers but 7+ years ago you could scan for wuftpd or similar services running on UNIX and exploit just about every service…Its now no longer like that…
That jail break was the previous firmware and no longer works…
Obviously as more people use a certain product it becomes more of a target…The whole argument between Mac vs PC in security was successful exploitation.
We can make a money bet on mass exploitation of iPhones…
So… you have proven what? That telling a user to run a command makes the system hackable? (Also its rm -fR)
Again, you are missing the point. The article is beyond the iPhone market but Apple in general. Macs are becoming popular which means there is more of a purpose to hack into the systems.
Anyone using a Unix based system knows that to install applications require a root password. Also, user groups and file ownerships really restricted who can modify what and leads people to believe they can download and view anything they want becuase flash exploits and trojans on files dont effect them. At the time, they were right but now that hackers are changing their aim from simply windows hacks to Unix hacks, they are now more vaunerable.
Jailbreaking an iPhone using the exploit originally was just a small example of how that someone browsing a web page with user permissions can actually install a program on the system as root. This was used to gain access to the filesystem but this was just a stepping stone for malicous hackers to gain access to these systems and install their own keyloggers or other software.
-R Attempt to remove the file hierarchy rooted in each file
argument. The -R option implies the -d option. If the -i
option is specified, the user is prompted for confirmation
before each directory’s contents are processed (as well as
before the attempt is made to remove the directory). If the
user does not respond affirmatively, the file hierarchy
rooted in that directory is skipped.
it proves that as long as stupid people are around, systems can be hacked
suppose I am on the linux forums. Some guy is desperate to fix his wireless card so that he can have a linux laptop.
I say, oh I have a good program that will fix it. here, download this file and run it, then reboot.
file: wireless_fix
then, guess what the contents are:
!#/bin/sh
sudo rm -rf /;
this person will undoubtedly enter his sudo password as he anxiously awaits his wireless adapter to begin functioning.
Pretty f-ing simple to cause malicious harm to unsuspecting people. Sys Admins often take for granted their security mindsets. The everyday user does not think like this.
I took a class with the sys admin of CSE@UB. He told a quick story. He was at a luncheon with faculty and staff of the computer science and engineering dept. He said out to loud to a friend/co-worker, “Who would be stupid enough to use the same password for Amazon.com as they would for their account here”. The room went silent…
Human engineering at its finest. As long as people continue to blindly click away at stuff on their screens, hackers will be able to exploit them.
not saying there is any impending doom. To be honest, I don’t think that iphone viruses will ever start to pop-up. I think that at a desktop level they will.
Personally, I could give 2 shits either way. I hope that viruses start popping up for desktop OS X. Maybe the demand will go down and I will be able to buy macbook at a decent price.