Home > slashdot > New iPhone Attack Kills Apps, Reroutes Web Traffic

New iPhone Attack Kills Apps, Reroutes Web Traffic

February 2nd, 2010 02:11 admin Leave a comment Go to comments

Trailrunner7 sends in a threatpost.com article on exploiting flaws in the way the iPhone handles digital certificates. “[Several flaws] could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker is able to change some settings on the iPhone and force all of the user’s Web traffic to run through any server he chooses, and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from that phone. … Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. ‘It definitely works. I downloaded the file and ran it and it worked,’ Miller said. ‘The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it’s been verified.’”

Source: New iPhone Attack Kills Apps, Reroutes Web Traffic

Related Articles:

  1. iPhone Apparently Open To Old Wi-Fi Attack
  2. New Attack Hijacks DNS Traffic From 300,000 Routers
  3. IPhone Attack Reveals Passwords In Six Minutes
  4. T-Mobile Wi-Fi Calling Was Vulnerable to Trivial MITM Attack
  5. Charlie Miller Circumvents Code Signing For iOS Apps
blog comments powered by Disqus