Tag Archives: vulnerability

iOS 7.1 Jailbreak Expectations

20140504-113708.jpg

If there’s one thing that we have learned over the last few years, it’s that, rightly or wrongly, the jailbreak community expects a lot. The majority of the complexities involved in researching vulnerabilities, exploiting those bugs and then tying it all nicely together into a jailbreak package capable of mass distribution are abstracted away from the end-user. This is undoubtedly how it should be, but the trade-off is that users become impatient and irritable due to a lack of understanding of the process and how much work is actually involved in effectively producing a jailbreak from scratch once Apple have slammed the security door in our faces.

First and foremost we expect to see a first glimpse of iOS 8 at this year’s Worldwide Developer Conference (WWDC) in June. We also expect to see a first developer seed going live to registered developers during the course of WWDC week. A public version of iOS 8 will likely ship with the iPhone 6 sometime in September or October. That’s approximately six or seven months in the future, so we of course expect to see an untethered 7.1 solution made available before then – all going well. However, if the first seed of iOS 8 is found to have exploitable vulnerabilities in then the Evad3rs could potentially make the call to hold off on iOS 7 and focus attention on liberating iOS 8 with the hope that any vulnerabilities are not patched as part of the process of going from beta to public.

iOS 7.1 Jailbreak with Evasi0n?

If the Evad3rs team are involved in the research or production of an iOS 7.1 untether, which we expect them to be, then it’s highly likely that we will see an updated version of Evasi0n7 shipping. The distributed tools and software that makes jailbreaking possible on a mass scale has improved exponentially over the years. What used to be a laborious and overly technical process has now been condensed into a single one click solution (where possible).
Continue reading


Hacking with mobile devices PART II

20140408-185020.jpg

Vulnerability Identification

There are numerous commercial tools available to a professional penetration tester who conducts vulnerability identification analysis – unfortunately, none have been ported to the iPod touch.
The Nmap application has the ability to use scripts that interpret the Nmap findings and attempt to identify vulnerability; however, the development of Nmap as a vulnerability scanning application does not have the support that other programs do, like Nessus or Core IMPACT (to name a couple).
Perhaps a better alternative is to use the iPod touch as a pivot for more robust vulnerability scanners.

I would say that the use of the iPod touch as a platform to conduct a pivot attack seems to be the best option for conducting a vulnerability identification scan than trying to use Nmap or do the identification manually.

Vulnerability Exploitation

We can use an agent deployed on the iPod touch to conduct vulnerability exploita- tion, similar to the way an agent can be used to perform vulnerability identification. Again, Core IMPACT would be a good choice for such an attack. However, there is an application framework that can perform vulnerability exploitation, which can be installed using Cydia – the Metasploit 3.0
Similar to the traditional application installed on laptops or desktops, the Metasploit application can be run from the command line from the iPhone touch where we can launch exploits against servers with greater certainty of stability and accuracy.
Continue reading


%d bloggers like this: