• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • New Baseband Hack at Pwn2Own, But No Unlock (yet)


    A new method of unlocking the iPhone baseband will be revealed at this year's Pwn2Own conference, with a new, and potentially malicious, feature: the ability to turn your phone into a spying device. Ralf Philipp Weinmann, a research associate at the University of Luxembourg, will be discussing a huge bug in the firmware of baseband processors commonly used on iPhones and Android devices at the CanSecWest conference in Vancouver, Canada, which begins March 9. However, there's no update on the arrival of a deployable iPhone unlock, whether or not connected to this exploit.

    Weinmann says he has identified some serious security holes in Qualcomm and Infineon firmware for GSM baseband processors. As a demonstration of how his exploit completely defeats the data protection engineered by the manufacturers into this firmware, Weinmann says he will show "how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device."

    Baseband hackers and security analysts alike are impressed with the sophistication of the exploit. "[It's] like tipping over a rock that no one ever thought would be tipped over, said a forensic and anti-forensic researcher who is known only as 'the Grugq' to protect his own identity. "There are a lot of bugs hidden" in the baseband firmware, he added. "It is just a matter of actively looking for them." Don Bailey, a security consultant with Isec Partners, calls Weinmann's work "an extremely technical attack," but notes that it's unlikely to turn into a problem for everyday phone users because an attacker would need his own cellular base station. However, he notes that using OpenBTS and as little as $2,000 worth of equipment, anyone can create their own tower: something that used to cost tens of thousands of dollars. "Now it's a completely different game," Bailey says.

    Weinmann hacked a non-jailbroken iPhone in last year's Pwn2Own contest and exflitrated the SMS database in about 20 seconds. By loading a web page in Safari, Weinmann triggered an exploit that ran entirely inside the iPhone sandbox using the privileges of a non-root user called 'mobile'. With this exploit, Weinmann said, "I can do anything that 'mobile' can do." Weinmann is also credited with finding the TMSI overflow hole that was patched in iOS 4.2. The expectation is that the details on this exploit will also be kept secret until Apple patches the hole.

    Source: PC World
    This article was originally published in forum thread: New Baseband Hack at Pwn2Own, But No Unlock (yet) started by Paul Daniel Ash View original post
    Comments 34 Comments
    1. justsun's Avatar
      justsun -
      Why am I the only one who is tired of hearing about "we could" hacks...
      I have been an avid consumer of the jailbreak process for years but I have to say I'm getting tired of the banter and endless possibilities with limited results - I want action or silence. Please.
      No disrespect to the people who are hard at work developing hacks but man am I tired to reading about fluff!
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by justsun View Post
      Why am I the only one who is tired of hearing about "we could" hacks...
      I have been an avid consumer of the jailbreak process for years but I have to say I'm getting tired of the banter and endless possibilities with limited results - I want action or silence. Please.
      No disrespect to the people who are hard at work developing hacks but man am I tired to reading about fluff!
      This really isn't from any dev team. This is just a showing of a flaw in security of the GSM chips. Like he did last year with SMS security flaw.
    1. Dorkenstein909's Avatar
      Dorkenstein909 -
      that would be cool in a spy movie...
    1. GellBrake'rrrr's Avatar
      GellBrake'rrrr -
      All in all, he is only helping Apple! Not the jailbreak/unlock community. So, don't get your hopes up that this will benefit us. The exploits will be shown /only/ to apple, and they will patch them as soon as he reveals them.

      It really would be nice if he were a member of modmyi though.... But, I'm sure he'd rather get paid a fortune for finding holes, rather than do it for free like our /greatful/ devs do...... Which most people take for granted.
    1. Cer0's Avatar
      Cer0 -
      Yea his last security mention was fixed really quick by Apple.
    1. JedixJarf's Avatar
      JedixJarf -
      sounds pretty dang awesome.
    1. tomtom's Avatar
      tomtom -
      Quote Originally Posted by eyepoper View Post
      Yeahh Totaly agree.. Release the darn thing... one day they are going to patch it wether you like it or not.if its gonna be patched in 4.4 or 4.5 or 5.0 ITS GONNA BE PATCHED...

      so releasing the Unlock later or sooner for it not being patched is just a stupid excuse..
      We all know for now that 4.3 is going to have the same BB as for 4.2.1... there is not going to be any BB updates till iPhone 5 is released

      iPhone 5 or iPhone 4 (S) is at he Horizon already and we all see on many website that its going to have New CPU Hardware and stuf meaning BB Updates...

      So Dev Teams release the Unlock...
      the first beta has allready a new baseband
    1. archie26's Avatar
      archie26 -
      You know I remember hearing about how the iphone can be used as a listening device even if the phone is shut off like a year ago. Cant remember where I heard it but I remember the conspiracy guys were saying the government was in on it lol.

      But hey you never know.
    1. Mobiman's Avatar
      Mobiman -
      There's always going to be loopholes, it just needs the right people to exploit it.
    1. EskimoRuler's Avatar
      EskimoRuler -
      maybe we can turn the hole nation into a high frequency sonar microphone like in The Dark Knight
    1. delizaza23's Avatar
      delizaza23 -
      I can understand Apple making jailbreak hard BUT I DONT UNDERSTAND WHY THEY ARE CAUSING PROBLEMS FOR UNLOCKERS.
    1. spamsalad's Avatar
      spamsalad -
      Quote Originally Posted by LSZ33 View Post
      wonder if any good will come out of this hack.
      no, only bad.....
    1. stfudvs's Avatar
      stfudvs -
      with the CDMA phone and gsm/cdma i5 you can be assured the hacking community will grow, with new jailbreaks new dev teams flashing tools n such

      I would think it would make sense for apple to head twards selling all iPhones unlocked, if no exclusivity,and using the dual network chip, why not just sell all iPhones unlocked. Helps fight jailbreaking

      the i5 could
    1. Aurora331's Avatar
      Aurora331 -
      Exfiltrate
      –verb (used without object)
      1.to escape furtively from an area under enemy control.

      –verb (used with object)
      2.to smuggle (military personnel) out of an area under enemy control.

      Please use a dictionary and proofread these articles. These kinds of mistakes are rampant in the news on this site and look very unprofessional.