HITB SIGINT: Keith Lee (Independent Security Researcher)

Presentation Title iPhone Espionage
Presentation Abstract

The passcode gives the owner a false impression that the iPhone is secured but it actually isn’t. It is possible to install/delete programs, download/upload files from a locked jailbroken iPhone with passcode that’s connected to an Ubuntu computer with the right tools installed. All you need is a couple of seconds on the iPhone and you can install a virus/worm on the target’s iPhone.

What if you shrink down the size of the computer to a mobile device like a mobile phone like Nokia N900, Gumstix or Beagleboard? What if you disguise it like a iPhone accessory like external battery? How about a charging station? (Used in Defcon) Jailbreaking the iPhone gets rid of the limitations set on it by Apple. However, that also means that everything you install the iPhone can be installed as root with full privileges on the iOS. Are iKee/RickRoll worm the only malware that exists on the iPhone? Probably not. These are the common ones that have been reported by the media. What we don’t know doesn’t mean it doesn’t exist.

What the different commercial/non-commercial spy software available for the iphone and their features? In my demo, I will show how it is easy to copy data out from a locked iphone as well as how to install a rootkit on the iphone in seconds (via usb) A script has been written to extract all important information from the iPhone. I will also show how easy it is to decompile an existing iphone app (whatsapp) and write a tool to intercept the incoming and outgoing messages and forward it to external email account.

About Keith Lee