Tag Archives: vulnerabilities

04/04/2014

Hacking with mobile devices an INTRODUCTION

By dlosada85

20140404-125008.jpg

Mobile Devices
Mobile phones and personal data assistant (PDA) appliances used to be limited in their functionality; however, today there are wireless devices that operate using advanced operating systems and support applications that are incredibly useful for conducting clandestine activities. As an example, Apple’s iPod touch runs on the UNIX-Darwin kernel, which is open source,2 POSIX compliant, and single UNIX specification version 3 (SUSv3) compliant. Because of this, advanced hacker appli- cations can be built and installed onto the device, making the iPod touch a powerful hacking platform.

Regardless, there are some interesting trends that we can examine and use to our advantage.
The first trend is the use of open-source operating systems. As already mentioned, the iPod touch and the iPhone, both products of Apple Inc., uses the Darwin operating system. Additional proprietary applications, including graphic interface software, have been added to these portable devices; however, the core system is undeniably UNIX based.
The second trend is the increase in computing power and memory. Although the iPod touch does not have the processing capabilities of desktops or even laptops, they are quite capable of processing large amounts of data rapidly. As a benchmark test, the iPod touch (first generation) was able to process 577 MD5 hashes per second using the password cracking tool “John the Ripper.” In comparison, the MacBook Pro with a 2.8GHz Intel Core Duo processor was able to process 7674 per second. Although about one-twelfth the capability of the MacBook Pro, the iPod touch results are still impressive for what many consider as simply a fancy MP3 player.
The method of obtaining applications needed for penetration testing or covert audio and video communication will vary, depending on the mobile platform. In the case of the Droid and Palm Pre, access to the underlying operating system is avail- able by design. However, in the case of the iPod touch, access to the operating system can only be achieved by “jailbreaking” the phone, which circumvents protection mechanisms installed by Apple.
The actual method of jailbreaking varies, depending on the generation of the iPod touch and the version of the installed software (HOW TO jailbreak is explained in another post -same hack section). Once jailbroken, we can place applications on our device through different repositories – the most notable is called “Cydia.” More information on Cydia can be found at http://cydia.saurik.com/.
Continue reading

Advertisement

2 Comments   |  tags: , , , , , , , , , , , , , , , , , , , | posted in Hacks/IOS

25/03/2014

Phone Pen Testing Tools without Jailbreaking

By dlosada85

20140325-134558.jpg

Although you can get almost any security tool imaginable if you jailbreak your iPhone, I was curious what was out there for non-jailbroken iPhones. Given that my iPhone is setup to be my primary home and work device, I don’t want risk jailbreaking it. I’ve searched around on iTunes and across the interwebs for anything we could find and below is a list of what I came up with so far. To make the list more manageable we’ve tried to categorise them per the ISSAF framework. If an app fell into more then one group, we placed it in the earliest phase. With some exceptions I also didn’t include ones that haven’t been updated in the last year.

Continue reading

Leave a comment   |  tags: , , , , , , , , , , , , , , , , , , | posted in Hacks/IOS

%d bloggers like this: