Tuesday, June 15, 2010

More iPad Security Issues Exposed

Goatse Security, the security group which exposed hundreds of thousand of iPad users emails last week, has revealed yet another potentially more serious security flaw found on the iPad.

Responding to AT&T's claims that the security researchers at Goatse Security were "malicious hackers who attacked AT&T's servers", Goatse researcher Escher Auernheimer has issued a new warning to all iPad users out there. Warning them that AT&T and Apple are doing too little to protect them from harm.

According to the post Apple has failed to fix two flaws, one of which could be used to determine an iPad owners location. The second flaw is an exploit in Apple's Safari browser which was originally published back in March. Apparently the company has failed to be patched on the iPad. This flaw combined with the ICC-ID data taken last week could be used to perform targeted attacks that could not only leave users at risk but nay major organization that has an iPad attached to their network.

The exploit uses an integer overflow exploit, which gives access to proxy connections over banned ports (behind corporate and government firewalls!), allowing a hacker full access to the machine for spamming, exploit payloads, password bruteforce attacks and other undesirables.

Goatse warns if Apple and AT&T do not patch this flaw and fast, the iPad could soon become the tool of choice for attacking corporate networks. All you would have to do is gain access to the network itself (which can be accomplished via a variety of techniques either social engineering or otherwise) and then jump on and carry out attacks -- bypassing all firewall protections.

Given some of the names shown on the ICC-IDs list handed out last week the potential here is very serious. We not only saw heads of major corporations but several big names in the government sector. You are talking about some serious ramifications and the potential to directly affect national security should hackers be able to utilize this exploit!

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you