iPhone Vulnerability, Mac OS X Rootkit Debut at Black Hat

The annual Black Hat security conference is underway in Las Vegas, with researchers demonstrating how to take over iPhones via SMS...along with a Mac OS X rootkit.

The annual Black Hat security conference has gotten underway in Las Vegas, and, as promised, security researchers have detailed a technique that, in theory, could enable attackers to take over Apple’s popular iPhone using nothing by SMS messages which would be invisible to the iPhone’s owner. Apple has also took another hit on the chin with the demonstration of a proof-of-concept rootkit for Apple’s Mac OS X operating system, which—if exploited—could begin exposing the Macintosh to the kinds of malware nightmares Windows users have been enjoying for years.

As promised earlier this month, noted security analyst Charlie Miller detailed an exploit that potentially enables attackers to take over an iPhone using SMS messages; once in control, attackers could listen in on calls, access the phone’s location via GPS, run their own programs, and even use iPhones to participate in denial-of-service attacks. At his presentation, Miller also illustrated the flaw using Android- and Windows Mobile-based devices.

Miller informed Apple of the problem earlier this month, giving the company a chance to release a patch before going into detail of the vulnerability at the Black Hat conference. To date, Apple has not released any update to its iPhone software to address the problem, although a spokesman for European mobile carrier O2 has indicated Apple intends to release a patch for the SMS vulnerability imminently via iTunes. Miller said Google has already taken steps to address the problem. Apple recently issued an advisory warning users of jailbroken iPhones that they face greater vulnerability, including unreliable voice and data services, instability, and (perhaps most significantly) the inability to install crucial system updates from Apple.

Security researcher Dino Dai Zovi also demonstrated a proof-of-concept rootkit for Mac OS X, potentially opening an avenue for a flood of malware on Apple’s computer operating system. Although Macintosh computers have historically not suffered attacks from worms, trojans, viruses, and other security exploit that Windows users have had to cope with for years, this has more to do with where attackers spend their time than anything innately more secure about the Mac: in fact, many security researchers rank the security of Mac OS X and Apple’s core applications below that of other mainstream operating systems.

Zovi, who wrote The Mac Hacker’s Handbook with Miller, demonstrated his proof of concept rootkit, implemented as a kernel proxy server on a controlling host, with remote agents running on compromised hosts. Once a system has been breached, it can obtain ports from the compromised kernels just like a local application; Zovi plans to release demonstrations of logging SSL traffic, iChat instant messaging sessions, and a way to grab frame from a Webcam; he also plans to publish a tool to identify compromised hosts. Apple has not commented on whether it has, or intends to, patch the vulnerability on which the rootkit is based.