Pwned by Phone – Vulnerabilities in Apple’s iPhone and Next Generation Mobile Networks

Utrecht, The Netherlands, 30 March 2011 – On the 17th till the 20th of May the Grand Krasnapolsky in Amsterdam will be home to the second annual Hack In The Back deep knowledge security conference, HITB2011AMS. Bringing together a unique mix of security professionals, researchers, law enforcement and members of the hacker underground, this years conference has an agenda packed with iPhone and iOS security goodies plus a very special look into hacking the 3G and 4G mobile networks that tomorrow’s smart phones will be running on.

With increased power and storage capabilities, today’s smartphones are a prime target for forensics investigators and Apple’s iPhone is certainly no exception. In 2008, Jonathan Zdziarski introduced a bit-by-bit copy technique to duplicate an iPhone’s data partition, by booting a custom ramdisk through BootROM DFU mode exploits. In a segment titled iPhone Data Protection In-Depth Jean-Baptiste Bédrune and Jean Sigwald or Sogeti ESEC will look into the passcode system used on the iPhone and will demonstrate a simple bruteforce attack running off a custom ramdisk which results in complete bypass of an iPhone4′s security in less than 20 minutes. While Bédrune and Sigwald cover attacks against the iPhone from a forensics standpoint, Laurent Oudot of TEHTRI Security will focus instead on attacks against iPhone users in a talk titled iNception – Planting and Extracting Sensitive Data From Your iPhone’s Subconscious. Outdot plans to disclose a new attack which combines physical security issues, social engineering & web threats to allow an attacker to steal the credentials of any installed application (Facebook / Twitter / Paypal etc).

Apple has certainly not been sitting idle when it comes to securing their iOS platform and Stefan Esser of SektionEins GmbH will be discussing their newly introduced ASLR (address space layout randomization) implementation in iOS 4.3 which aims to make it more difficult for an attacker to predict target memory addresses. Esser will explain the strength and weaknesses in Apple’s ASLR and also show how with the right vulnerabilities any ASLR protection cannot stop successful exploitation.

To top things off in the mobile security space, a presentation on Attacking 3G and 4G Telecommunication Networks by Enno Rey and Daniel Mende of ERNW will look into the security of GTP or the GPRS Tunneling Protocol. Given that the 3GPP standard mandates that GTP should never be accessible from the Internet their talk will prove that things are never quite as they seem. In addition, an attack based on the GTP protocol will be demoed and a GTP scanning tool to identify entry points into the mobile telecommunication networks will be released to conference attendees.

For further event details please see http://conference.hitb.nl/hitbsecconf2011ams/

HITBSecConf is run as a community-backed not-for-profit effort endorsed by the Malaysian Communications and Multimedia Commission (MCMC), Malaysian National Computer Confederation (MNCC), Multimedia Development Corporation (MDeC), MSC Malaysia and the Malaysian International Chamber of Commerce and Industry (MICCI).

Suzanne Heerschop
Media Officer

Hack In The Box
Suite 26.3, Level 26, Menara IMC,
No. 8 Jalan Sultan Ismail.
50250 Kuala Lumpur,
Malaysia

This release was published on openPR.