| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Jul 2010 09:48:22 +1000 From: Fionnbharr <thouth@...il.com> To: "hmmrjmmr@...il.com" <hmmrjmmr@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: "Jailpassing" technique for iphones As everyone said more information is great, but I don't really like it when sock puppets for companies mail to fd with a 'new technique'. I say he's a sock puppet as hmmrjmm has only posted to the list twice (or anywhere else on the internet with that address), both times about ThinkSECURE. >>From the article - "we ran a demo of the technique for a local reporter and the story ran in the Straits Times on 26 June 2010." Just seems like releasing old techniques to get headlines for their company. On 22 July 2010 02:29, hmmrjmmr@...il.com <hmmrjmmr@...il.com> wrote: > Yeah, i second that - more videos = more helpful to everyone. > > What i found interesting about this one though is that it didn't stop at > bypassing the code-lock but also alludes to what you can do to the phone > from a non-forensic standpoint, e.g. load in "real-spy"ware (as in bugging > or some other surveillance tool). > > The later part of the video showed the guy loading in a filesystem app > (afs-something it was called??) to access the phone's root partition from > his macbook. If you're a gumshoe hired to keeps tabs on a suspected > cheating spouse and was presented with the suspect's iphone, that could then > be a prelude to loading in custom code or commercial bugging software to > turn the phone into a bugging tool and the evidence of the jailbreak removed > (as opposed to using the code-bypass to get into the phone to do forensics) > > So instead of bypassing the code-lock to access the phone for forensics > purposes, you could instead load in surveillance/bugging software and then > remove obvious evidence of the jailbreak (e.g. uninstall Cydia) and restore > the passcode so that the user was none the wiser... > Now that i think about it, this could be used for corporate espionage too > (e.g. CEO getting his phone bugged...) > > On Wed, Jul 21, 2010 at 11:47 PM, Tyler Borland <tborland1@...il.com> wrote: >> >> Yes, same exact story with different software. Pretty much, the only >> difference is the tool they chose to modify. There are a few webcasts >> in which I saw when they came out, where that iPhone forensics book >> guy does a good hour webcasts on what he did and what more is >> possible. Two different modified tools to do forensics (including the >> get rid of passcode trick). Even more if you include the Youtube >> video that was linked in an earlier reply: >> >> http://oreillynet.com/pub/e/949 - IPhone Forensics Demo >> http://oreillynet.com/pub/e/1093 - iPhone Forensics 101: Bypassing the >> iPhone Passcode >> >> I still think the video was cool, however it didn't exactly offer >> anything that wasn't available before. Just proving possibility with >> newer techniques. More videos with more techniques is never a bad >> thing. >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists