They can mock at Android's security loop holes or the slow and sleepy Symbian ,but they were unaware that one day the tables get turned. The leading consumer electronics giant, Apple is affected by a major flaw in its security. The flaw is termed as code signing flaw.
Metasploit, an important framework for security auditing is used in this hack.
Metasploit is used to inject the payload after finding vulnerabilities in a computer operating system, but no one really knew that it can also be used to bypass the security features of Apple's App store. Each App uploaded in apple app store by the developers are passed through a code signing test, where the apps are checked for malicious code or malware. But using the Metasploit framework, the apps can bypass this test, and a pure malicious unsigned-code app is published in the app store.
The hacker waits with his Metasploit terminal for the installation of the unsigned app in a remote iPhone(a innocent victim). Once installed, the app does its normal work, but backdoor's reverse handler connects to the Metasploit terminal and opens a Meterpreter shell. Meterpeter shell in Metasploit is what all Hackers want, considered as a success in hacking. Using Meterpeter shell all the features of iPhone can also be accessed by the hacker, like messages, calls, media, and can even transfer files. Hackers enjoy these privileges till the user deletes the app, and thats not gonna happen if it is a addictive game like Angry birds.
This Major flaw was discovered by Charlie Miller, developer at Apple. He was fired immediately after they found that he was violating terms of Apple by hiding this flaw and some information, which he was not supposed to do.
Android users do reverse engineering in each app they download to check whether it is a malware or not. Now it seems iPhone users also needs to get their hands dirty. Well we really miss you Steve jobs
For Any Query Leave A Comment Or Contact Me On Facebook
Contact ==> www.facebook.com/ryan.manjothi
Posts
0 comments:
Post a Comment