apple media files & iphone - virus bulletin...• apple can control it’s own itunes website,...
TRANSCRIPT
![Page 1: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/1.jpg)
© 2007 McAfee, Inc.
Apple Media Files & iPhone
Marius van OersMcAfee Avert
![Page 2: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/2.jpg)
2
24/09/2007
Overview
• iPods - Adding metadata to iTunes files, QuickTime movies
• Remote Bluetooth connections – AppleScript
• iPhone
![Page 3: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/3.jpg)
3
24/09/2007
iPod Malware
![Page 4: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/4.jpg)
4
24/09/2007
iPod trojan
• In September 2006 Apple shippedsome iPod devices that actually had amalicious 32 bit PE binary file,ravmone.exe
• Trojan might allow remote control andmight call various weblinks.
• Not Native for Apple
![Page 5: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/5.jpg)
5
24/09/2007
iPod virus
• In April 2007 Podloso was discovered,being the first binary infector for iPod.
• Needs iPodLinux , install not trivial
• Buggy virus ☺• Podloso virus prepends 0x17EF bytes
to ELF files
![Page 6: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/6.jpg)
6
24/09/2007
![Page 7: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/7.jpg)
7
24/09/2007
QuickTime
![Page 8: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/8.jpg)
8
24/09/2007
• QuickTime v7 player supports many audio/video formats: QuickTime MOV files AVI JPEG
MPEG1, MPEG2, MPEG4 many more…
• It is possible to add metadata to iTunes files and toQuickTime movies.
![Page 9: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/9.jpg)
9
24/09/2007
• Exploits for QuickTime havebeen around for quite sometime.
• Number of QuickTimev6/v7 advisories bySecunia
• Source http://secunia.com/• Data till August 2007
00,5
11,5
22,5
33,5
44,5
5
2003 2004 2005 2006 2007
QT6QT7
![Page 10: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/10.jpg)
10
24/09/2007
Exploit-QtRTSP , bad interpretation of rtsp web links which mayresult in buffer overflows.
![Page 11: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/11.jpg)
11
24/09/2007
• iTunes/QuickTime/Safari also available for MS-Windows
• Gaining popularity more malware
• Month of Apple bugs / security “contests”
• More fixes required
![Page 12: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/12.jpg)
12
24/09/2007
Podcasts
![Page 13: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/13.jpg)
13
24/09/2007
• Podcasts: Audio Video
• Video .Mov Podcasts with weblinks since 2005• Deceiving weblinks?
• QuickTime v7 can’t insert hyperlinks.• Standard included GarageBand can insert hyperlinks
![Page 14: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/14.jpg)
14
24/09/2007
![Page 15: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/15.jpg)
15
24/09/2007
• Exporting Podcast
• Rename extension from .m4a into .mov then it opens up with QuickTime
![Page 16: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/16.jpg)
16
24/09/2007
Clickable weblink - manual click/select
![Page 17: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/17.jpg)
17
24/09/2007
Safari opens weblink – no warning/abort message
![Page 18: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/18.jpg)
18
24/09/2007
• Shown WebLink (URL Title) might be completely differentthen actual WebLink (URL)
• Adware/Spyware/Phish
![Page 19: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/19.jpg)
19
24/09/2007
Smart parsing of .mov files might be needed
![Page 20: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/20.jpg)
20
24/09/2007
Proximity
![Page 21: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/21.jpg)
21
24/09/2007
The Proximity tool can execute AppleScripts uponBluetooth device appearance/disappearance
![Page 22: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/22.jpg)
22
24/09/2007
![Page 23: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/23.jpg)
23
24/09/2007
![Page 24: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/24.jpg)
24
24/09/2007
AppleScripts not ASCI text
![Page 25: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/25.jpg)
25
24/09/2007
Salling Clicker
![Page 26: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/26.jpg)
26
24/09/2007
• Salling Clicker, control MacBook Pro from Nokia Phone• Authenticate
![Page 27: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/27.jpg)
27
24/09/2007
Control many items on Macbook Pro
![Page 28: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/28.jpg)
28
24/09/2007
Salling Clicker allows creation of custom Scripts
![Page 29: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/29.jpg)
29
24/09/2007
iPhone
![Page 30: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/30.jpg)
30
24/09/2007
Source: http://www.apple.com
![Page 31: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/31.jpg)
31
24/09/2007
• AT&T/Cingular only – locked down SIM
• Owners eager to perform any unlocking method: Hardware modifying/Turbo-sim/Software hacks
• Risk of fake/malicious patches
• Exclusive right deal might have negative impact on security
![Page 32: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/32.jpg)
32
24/09/2007
• For MS-Exchange needs IMAP – not always enabled
• Requires Apple iTunes to locally sync
• Can’t use it as USB storage device
• No online Chat program – Third party solution available
• Wireless connections are possible with WiFi (802.11b/g), EDGE(AT&T/Cingular) and Bluetooth 2.0+EDR.
• The iPhone, unlike expected, doesn’t work automatically with otherBluetooth devices such as computers. Originally it just works with a caraudio system & headset.
![Page 33: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/33.jpg)
33
24/09/2007
iPhone Safari
![Page 34: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/34.jpg)
34
24/09/2007
• No regular SDK• Safari browser based Web 2.0 applications – Ajax
• Instabilities in the mobile browser implementations,content attack exploits might be seen
• Less chance for malware• Harder to patch• No low level kernel hooking for AV/Firewall
![Page 35: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/35.jpg)
35
24/09/2007
Safari Security settings
• No such security controls for other components• iPhone runs all processes with full access/root rights• root password = alp…
![Page 36: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/36.jpg)
36
24/09/2007
iPhone SMS
![Page 37: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/37.jpg)
37
24/09/2007
SMS message with Weblink not automatically opened
![Page 38: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/38.jpg)
38
24/09/2007
\\192.168.1.55\1.jpg \\ and the 1.jpg ignored
![Page 39: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/39.jpg)
39
24/09/2007
SMS message with YouTube link not automaticallyopened
![Page 40: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/40.jpg)
40
24/09/2007
![Page 41: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/41.jpg)
41
24/09/2007
iPhone E-mail
![Page 42: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/42.jpg)
42
24/09/2007
E-mail message with weblink
![Page 43: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/43.jpg)
43
24/09/2007
Weblink Not Automatically called upon messageopening/reading
![Page 44: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/44.jpg)
44
24/09/2007
IP address seen as Telephone number ☺
![Page 45: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/45.jpg)
45
24/09/2007
Telekinesis -iPhoneRemote
![Page 46: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/46.jpg)
46
24/09/2007
Telekinesis - iPhoneRemote project
![Page 47: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/47.jpg)
47
24/09/2007
MacBook Pro Screen displayed on the iPhone
![Page 48: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/48.jpg)
48
24/09/2007
Applications Scripts
![Page 49: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/49.jpg)
49
24/09/2007
Files/Folders Remote(iTunes) Spotlight
![Page 50: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/50.jpg)
50
24/09/2007
Terminal Session - WebShell
![Page 51: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/51.jpg)
51
24/09/2007
iPhone Podcast
![Page 52: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/52.jpg)
52
24/09/2007
Podcast with weblink on iPhone
![Page 53: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/53.jpg)
53
24/09/2007
![Page 54: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/54.jpg)
54
24/09/2007
Touchscreen controls interferes
![Page 55: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/55.jpg)
55
24/09/2007
iPhone Exploits
![Page 56: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/56.jpg)
56
24/09/2007
• To be hoped that auto-dialing malware will not appear
• Phish-BuyPhony , 32 bit PE (exe) trojan send around
• Abusing a Safari web-browser exploit it might be possible toretrieve someone elses voicemail
• The iPhone’s root password = alp…
• iPhones by accident overloaded some Wifi hotspots
• No full support for Java/Flash/Rss
![Page 57: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/57.jpg)
57
24/09/2007
• Abusing a Safari web-browser exploit it might be possible toretrieve someone elses voicemail
• The iPhone’s root password = alp…
• iPhones by accident overloaded some Wifi hotspots
• No full support for Java/Flash/Rss
![Page 58: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/58.jpg)
58
24/09/2007
• The JailBreak tool has access to the entire filesystem but syncing does not work any more after using JailBreak.
• Apple can control it’s own iTunes website, it can’t do muchwith say podcasts with weblinks to adware/malware onYouTube
![Page 59: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/59.jpg)
59
24/09/2007
On 23 July 2007 an exploit was discovered (by ISE) which could lead toattackers taking over an iPhone if an malicious website is visited.It was a heap overflow in the regex parser in safari. The html is:
<SCRIPT LANGUAGE="JavaScript"><!--var re = new RegExp("[[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]][[**]]ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFG[\x01\x02\x03\x04\x05\x06\x07\x09\x0b\x0e\x0f\x11\x12\x13\x14\x15\x17\x19\x1b\x1c\x1d\x1f\x20\x21\x22\x23\x25\x26\x27\x29\x2a\x2b\x2c\x2d\x2f\x30\x32\x33\x35\x37\x39\x3a\x3b\x3c\x3e\x3f]XYZABCDEFGHIJKLMNOPQR");</script>
![Page 60: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/60.jpg)
60
24/09/2007
On 30 July 2007 Apple addressed it with an updated version of theiPhone software to v1.01 to address various vulnerabilities in:
• Safari : Visiting a malicious website may allow cross-site scripting• Safari : Viewing a maliciously crafted web page may lead to arbitrary
code execution
• WebCore : Visiting a malicious website may allow cross-site requests
• WebKit : Look-alike characters in a URL could be used to masquerade awebsite
• WebKit : Visiting a maliciously crafted website may lead to anunexpected application termination or arbitrary code execution
![Page 61: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/61.jpg)
61
24/09/2007
• The software on the iPhone may not be always the latestversion nor identical to the software found on regular OSXcomputers.
• The operating system version is reported to be OS X 1.0(1A543a).
• iPhone may be using some outdated open sourceapplications.
• Old “computer” Exploits might work on iPhone.
![Page 62: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/62.jpg)
62
24/09/2007
Conclusion
![Page 63: Apple Media Files & iPhone - Virus Bulletin...• Apple can control it’s own iTunes website, it can’t do much with say podcasts with weblinks to adware/malware on YouTube 59 24/09/2007](https://reader030.vdocuments.net/reader030/viewer/2022011901/5f07ebbf7e708231d41f6cc2/html5/thumbnails/63.jpg)
63
24/09/2007
Summary/Conclusions
• It is possible to add metadata to iTunes files and to QuickTime movies.
• Video podcasts can have clickable web links inside, on iPhone touchscreen control interferes
• The Proximity tool executes one of the two AppleScripts, they activate upon detection/going away of Bluetooth devices that come in or go out of range.
• It is very easy to write powerful AppleScripts.• iPhone runs a limited version of OSX
• Developers need to create Web2.0 Safari browser based applications for the iPhone
• Telekinesis project shows remote control possibilites iPhone – MacBook Pro
• It is to be hoped that auto-dialing malware will not appear any time soon as it• might have financial consequences for the user.
• In E-mail and SMS messages manually clicking on the embedded weblinks results in directloading/opening, no warning message/abort is given upfront.