Friday, November 16, 2007

(Too) Smart Phone

I've seen many hacking demonstrations over the years. I've even tried several tools (don't expect names and URLs here biggrin). But the one you can see in the attached video takes the cake.

The more "smart" our phones and PDAs get, the more complex their systems get and the more vulnerable to hacking they get. Both the Blackberry and the The iPhone have their own operating systems, with firewalls and security software. In the case of the iPhone, it's a Unix kernel, with the phone's user operating in root mode (the equivalent to a Windows administrator). If you take control of that user, you can do whatever you want with the phone.

And here's where the scary part starts: Rik Farrow a Unix consultant and security specialist, gives new meaning to "taking over a phone". Not only can he read all your messages, emails, and browser history, but he can actually listen to every conversation you make.

But Rik takes it one step further, he actually can tap into the iPhone's microphone and listen in on converstaions made in the room.

All of it starts by answering an SMS or email containing a Trojan, browsing to a malicious web site, or using your wireless network to browse to a non-secure hotspot.

While this demonstration uses the iPhone as a playing ground, other phones can be compromised in a similar manner. Think about that when purchasing the Blackberry 8830 (the wireless model) or the Nokia N95 (a phone with a Symbian/Linux OS).

No comments: