Tuesday, January 18, 2011

New iPhone Jailbreak Technique to be Demoed in Pwn2Own Contest!

Hackers have identified a new hack to jailbreak iPhone iOS and Android phones. Ralf Philipp Weinmann, a research associate with the University of Luxembourg, will be demoing a new way of breaking into the baseband processors used by phones to communicate with cellular towers.

Ralf-Philipp Weinmann (center) with organizers of the Pwn2Own contest at the 2010 CanSecWest conference in Vancouver.
Ralf-Philipp Weinmann (center) with organizers of the Pwn2Own contest at the 2010 CanSecWest conference in Vancouver.
“I will demo how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device.”
Weinmann says he can do this by breaking the phone’s “baseband” processor, used to send and receive radio signals as the device communicates on its cellular network. He has identified some bugs in the way the firmware used in chips sold by Qualcomm and Infineon Technologies processes radio signals on the GSM (Global System for Mobile Communications) networks used by the majority of the world’s wireless carriers.
“[It's] like tipping over a rock that no one ever thought would be tipped over,” said the Grugq — a pseudonymous, but well-respected, wireless phone hacker, and one of a handful of people who have done research in this area. “There are a lot of bugs hidden there,” he said, “It is just a matter of actively looking for them.”
“This is an extremely technical attack,” said Don Bailey, a security consultant with Isec Partners. He says that while the work on baseband hacking is very exciting — and ultimately a big deal for the mobile phone industry — he doesn’t expect any attacks that target the general public to emerge anytime soon.
But the research into this area is just starting to take off, fuelled by new open-source software calledOpenBTS that allows virtually anyone to set up their own cellular network radio tower with about$2,000 worth of computer hardware.
Five years ago device makers didn’t have to worry about this type of hacking, because it used to cost tens of thousands of dollars to set up a cellular tower. But OpenBTS has changed all that. “Now it’s a completely different game,” Bailey said.
Last year, Ralf-Philipp Weinmann hacked the non-jailbroken iPhone via Safari in Pwn2Own contest held in Vancouver. He made iPhone to visit a Web site which was hosting exploit code to bypass the digital code signatures used by Apple in iPhone. He took less than 10 minutes to hack the iPhone 3GS running iPhone OS 3.1.3 and finally won $15,000 in prize money.
Two months from now another hacker conference, Vancouver’s CanSecWest, will invite hackers to break into mobile phones using a low power transmitter. Conference organizer Dragos Ruiu expects some interesting results from the contest, called Pwn2Own. “It sounds like the radio parts of the phones are very shaky indeed and pretty vulnerable,” he said. via Dinodaizovi