• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • New Baseband Hack at Pwn2Own, But No Unlock (yet)


    A new method of unlocking the iPhone baseband will be revealed at this year's Pwn2Own conference, with a new, and potentially malicious, feature: the ability to turn your phone into a spying device. Ralf Philipp Weinmann, a research associate at the University of Luxembourg, will be discussing a huge bug in the firmware of baseband processors commonly used on iPhones and Android devices at the CanSecWest conference in Vancouver, Canada, which begins March 9. However, there's no update on the arrival of a deployable iPhone unlock, whether or not connected to this exploit.

    Weinmann says he has identified some serious security holes in Qualcomm and Infineon firmware for GSM baseband processors. As a demonstration of how his exploit completely defeats the data protection engineered by the manufacturers into this firmware, Weinmann says he will show "how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device."

    Baseband hackers and security analysts alike are impressed with the sophistication of the exploit. "[It's] like tipping over a rock that no one ever thought would be tipped over, said a forensic and anti-forensic researcher who is known only as 'the Grugq' to protect his own identity. "There are a lot of bugs hidden" in the baseband firmware, he added. "It is just a matter of actively looking for them." Don Bailey, a security consultant with Isec Partners, calls Weinmann's work "an extremely technical attack," but notes that it's unlikely to turn into a problem for everyday phone users because an attacker would need his own cellular base station. However, he notes that using OpenBTS and as little as $2,000 worth of equipment, anyone can create their own tower: something that used to cost tens of thousands of dollars. "Now it's a completely different game," Bailey says.

    Weinmann hacked a non-jailbroken iPhone in last year's Pwn2Own contest and exflitrated the SMS database in about 20 seconds. By loading a web page in Safari, Weinmann triggered an exploit that ran entirely inside the iPhone sandbox using the privileges of a non-root user called 'mobile'. With this exploit, Weinmann said, "I can do anything that 'mobile' can do." Weinmann is also credited with finding the TMSI overflow hole that was patched in iOS 4.2. The expectation is that the details on this exploit will also be kept secret until Apple patches the hole.

    Source: PC World
    This article was originally published in forum thread: New Baseband Hack at Pwn2Own, But No Unlock (yet) started by Paul Daniel Ash View original post
    Comments 34 Comments
    1. Cowboy's Avatar
      Cowboy -
      Interesting to say the least
    1. trigun989's Avatar
      trigun989 -
      nice. like to hear the talk about unlocks after like months of silence
    1. LSZ33's Avatar
      LSZ33 -
      wonder if any good will come out of this hack.
    1. nautical79's Avatar
      nautical79 -
      almost every hack means good for the whole community.
    1. buttrr76's Avatar
      buttrr76 -
      Cool. Looking forward to the event.
    1. Captinsmooth's Avatar
      Captinsmooth -
      Amazing stuff!
    1. stlcaddie's Avatar
      stlcaddie -
      Krazy, with a K
    1. d_animality's Avatar
      d_animality -
      Nice one!! Creative hacks tho
    1. steve-z17's Avatar
      steve-z17 -
      Can't wait to see it.
    1. thechronic's Avatar
      thechronic -
      Very cool stuff. I have wanted to build my own tower for a while. Maybe now I will...
    1. delusion950's Avatar
      delusion950 -
      nice cant wait to see
    1. iwannamod's Avatar
      iwannamod -
      That weinmann dudes a genius! How did he hack a non-jb iphone?? The potential there is scary to say the least.
    1. willryan42's Avatar
      willryan42 -
      not to be the debbie-downer of the group, but seeing as how this event is happening in early march, we probably won't see an unlock from this guy any sooner than we will from the dev team (since they said they're waiting until 4.3)
    1. meaintsmart's Avatar
      meaintsmart -
      Quote Originally Posted by iwannamod View Post
      That weinmann dudes a genius! How did he hack a non-jb iphone?? The potential there is scary to say the least.
      That is how you jailbreak a device..by hacking into it.
    1. subywrex's Avatar
      subywrex -
      Quote Originally Posted by iwannamod View Post
      That weinmann dudes a genius! How did he hack a non-jb iphone?? The potential there is scary to say the least.
      Essentially jailbreakme.com hacks non jb iPhones to jailbreak it using a security hole.
    1. putosusio's Avatar
      putosusio -
      Quote Originally Posted by iwannamod View Post
      How did he hack a non-jb iphone??
      ... we'll find out March 9th.
    1. coolguy742's Avatar
      coolguy742 -
      Cool, it's funny how simple glitches can be so destructive


      Sent from my iPod touch using ModMyi
    1. GmAz's Avatar
      GmAz -
      Haven't you guys realized yet that Apple has finally found a way to stop people from unlocking their iPhone 4. Its by releasing updates so frequently. By doing this it scares the hackers to not release the unlocks/untethered jailbreaks.

      I don't even have an iPhone anymore and I say just release the ******* **** already. If people are retarded enough to update without waiting then its their own fault.
    1. eyepoper's Avatar
      eyepoper -
      Yeahh Totaly agree.. Release the darn thing... one day they are going to patch it wether you like it or not.if its gonna be patched in 4.4 or 4.5 or 5.0 ITS GONNA BE PATCHED...

      so releasing the Unlock later or sooner for it not being patched is just a stupid excuse..
      We all know for now that 4.3 is going to have the same BB as for 4.2.1... there is not going to be any BB updates till iPhone 5 is released

      iPhone 5 or iPhone 4 (S) is at he Horizon already and we all see on many website that its going to have New CPU Hardware and stuf meaning BB Updates...

      So Dev Teams release the Unlock...
    1. obtrunco's Avatar
      obtrunco -
      Quote Originally Posted by Paul Daniel Ash View Post


      A new method of unlocking the iPhone baseband will be revealed at this year's Pwn2Own conference, with a new, and potentially malicious, feature: the ability to turn your phone into a spying device. Ralf Philipp Weinmann, a research associate at the University of Luxembourg, will be discussing a huge bug in the firmware of baseband processors commonly used on iPhones and Android devices at the CanSecWest conference in Vancouver, Canada, which begins March 9. However, there's no update on the arrival of a deployable iPhone unlock, whether or not connected to this exploit.

      Weinmann says he has identified some serious security holes in Qualcomm and Infineon firmware for GSM baseband processors. As a demonstration of how his exploit completely defeats the data protection engineered by the manufacturers into this firmware, Weinmann says he will show "how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device."

      Baseband hackers and security analysts alike are impressed with the sophistication of the exploit. "[It's] like tipping over a rock that no one ever thought would be tipped over, said a forensic and anti-forensic researcher who is known only as 'the Grugq' to protect his own identity. "There are a lot of bugs hidden" in the baseband firmware, he added. "It is just a matter of actively looking for them." Don Bailey, a security consultant with Isec Partners, calls Weinmann's work "an extremely technical attack," but notes that it's unlikely to turn into a problem for everyday phone users because an attacker would need his own cellular base station. However, he notes that using OpenBTS and as little as $2,000 worth of equipment, anyone can create their own tower: something that used to cost tens of thousands of dollars. "Now it's a completely different game," Bailey says.

      Weinmann hacked a non-jailbroken iPhone in last year's Pwn2Own contest and exflitrated the SMS database in about 20 seconds. By loading a web page in Safari, Weinmann triggered an exploit that ran entirely inside the iPhone sandbox using the privileges of a non-root user called 'mobile'. With this exploit, Weinmann said, "I can do anything that 'mobile' can do." Weinmann is also credited with finding the TMSI overflow hole that was patched in iOS 4.2. The expectation is that the details on this exploit will also be kept secret until Apple patches the hole.

      Source: PC World
      That sucks, tell us how to hack it already!!! Screw apple you damn puppet!