h4x the planet!

If you’ve been living under a rock (or not interested) the latest jailbreak has been released for all devices running all firmwares!

The jailbreak is performed via the browser, no laptop or downloads are required and is as simple as going to a website and selecting unlock, tutorial and more information here:
iClarified Linky

It seems the jailbreak makes use of an exploit in the PDF application to execute the exploit code:
f-secure Article

The more worrying fact is that a malicious user could craft a PDF to pull down malware onto your device and from there they could recover contacts,emails,pictures they could even pull down tcpdump and grab any plain text web traffic etc etc. As the iPhone loads PDFs by default there is absolutely no protection for the user as they visit websites, however if you have jail-broken you iPhone someone has released a patch which prompts the user before loading a PDF:

If you haven’t already jail-broken your device i would strongly recommend you do and install the patch, at least until apple address the issue. There are no reports of the exploit in the wild but it will only be a matter of time! It would be quite interesting to compromise a corporate iPhone to access the internal network/exchange servers…….if it hasn’t already happened!

Nino

I was messing around with the FaceTime app to see how it sets up and disconnects calls. To view the traffic I set the phones proxy to a Paros session, which replaces any SSL certs with its own. On previous versions of the IPhone firmware when it received a self signed/out of date certificate it would present the user with a generic accept decline option and not give a lot of detail.

It seems apple are pulling their finger out and the error is much more verbose allowing the user to see exactly what’s wrong.

I’ve been pulling my hair out about the ETA time on my Navigon 2100MAX!

Basically it looks like the time is not taking BST into play!

If i start my trip at  14:00 and it takes 20 minutes the ETA should be 14:20 but the damned GPS gives me 15:20.

I had a google about “unlocking” the satnav and found the following zip:

Navigon2100-kombitz-4.2.zip

extract the files to the root of your SD card carefull if you overwrite any files, restart the device and go to the control pannel.  Once in there you can change the country and time 1 hour so it reports the correct time.

Problem solved!

mmmm crackberry

No not the fruit!!

We’ve been issued company mobile devices recently and i opted for the Blackberry Bold. I’m starting to like it more than my iPhone but that’s another story

Having a new gadget i was very curious about how the device communicates with the corporate network, I know RIM do a very good job securing their devices but i figured i would have a poke anyway.

One of the easiest methods of sniffing traffic between devices is performing a MITM attack where by devices’ ARP table is poisoned resulting in the targeted device’s network traffic flowing through the attacker’s device, more info: Linky

Ettercap is a great tool for performing this and it allows simple MITM attacks on SSL encrypted connections. Simply put it presents the users device with a certificate that is an exact copy of the legit site only it hasn’t been signed by an authorised CA. The user will receive an SSL error but 9 times out of 10 the cert is accepted. This allows ettercap to fully decrypt the transmitted data as it supplied the cert.

This attack has recently been highlighted with the iPhone: Linky The main issue with the iPhone (other than it can be ARP poisoned) is that the error it supplies is not verbose and users do not know what they are accepting.

I attempted this attack on the blackberry and instantly found the device closed down, all connections were killed and only sporadic DNS requests could be seen. So it seems that opportunistic attackers will NOT be able to MITM the blackberry on open wireless such as hotels etc. To view the information transmitted by the Blackberry the attacker would need to have the ability to sniff traffic on the gateway device (router etc). Not having a device that i can easily do this on i toyed with a few ideas.

I bridged the wireless and wired interfaces on my laptop and created an AD-HOC network an attempted to get the Blackberry to join it. This proved unsuccessful tho to be honest i didn’t hold much faith in it. I wanted a more permanent setup that would allow me to inspect gateway traffic easily. I dug out the old Buffalo router and flashed it with the DD-WRT firmware Linky. This was a little more difficult as expected as the router only has 4MB of storage of which 4MB is taken up with the firmware!! The DD-WRT wiki has a lot of information in relation to mounting samba shares and symlinking them to the file system. The current setup has the router mounting a samba share on my local server on which i the router accesses a tcpdump install. All dumped traffic is stored on the share allowing easy access.

At the minute this is as far as I’ve got but ill make another post once i start analysing the traffic.

What every techie needs!!!! A wifi scanner t-shirt!!!! Doing wireless reviews just got 100 times more stylish ;0)