Suppose I am using my iPhone over my home wi-fi and some malicious Doper takes exception to something I say.
Is it possible for that person to hack into my computer via my phone?
If you have your phone, how is someone going to use it to hack your PC? Why wouldn’t they just hack your PC directly?
Maybe the security is easier to hack from the outside to the inside on the iphone, and from there an attack on the pc can be launched safely ensconced inside the router/firewall.
The iPhone can’t even sync with iTunes over wireless (which is more than a little ridiculous) so this looks phenomenally unlikely. Getting control over your phone alone would be nigh on, if not entirely, impossible.
The only route I can see is that your phone and PC will have the same external facing IP address (your modem) and this address would be stored by the SDMB servers when you post. So they could hack into the SDMB whose IP address is known then find your IP address in the logs and start working from there. You would have to say something very annoying for someone to go to all the bother though!
Fair enough.
As to why anyone would ask such a stupid question. The simple answer is that I couldn’t possibly know whether or not it’s a stupid question.
Obviously the words of someone with only the barest rudimentary understanding of how networks work and what network and operating system vulnerabilities are like.
Enlighten me, what did I say that was wrong? Of course the OS has vulnerabilities but the OP can’t be targeted unless his IP address is known. There is no mention of either his phone or computer being tricked into visiting other websites.
It’s not that it is wrong, it is that it is woefully incomplete and demonstrates a fundamental lack of knowledge of the architecture of IP networks and their vulnerabilities.
But you did qualify it with “As far as I can see”, so maybe that is all you can see. But it is hardly what a hacker would be looking at.
Again, enlighten me. I’m aware it isn’t a PhD dissertation on IP addresses or networks, it was never intended to be.
If you know of some way that someone could hack into an iPhone knowing only the IP address of a wifi network it is connected to OR how someone with control over an iPhone on the same network as a PC could attack it more successfully than they could from their own PC I would love to hear about it. We’re talking theory here not a step-by-step guide to keep things nice and legal.
Sheesh. The phone is on the internal network, communicating with the outside network right? Then there is no reason an app couldn’t be a trojan horse busily probing the internal network while you play games or whatever.
This is not iphone specific, any device you are not sure about should be isolated on a DMZ with only very limited communication possible with the internal network.
Even a device on the internal network only could do that and bide its time until if found communication with the outside, on that network or another, to report back certain vulnerabilities or identity info or whatever.
Yes there is, all iPhone applications have to be approved by Apple before they can be installed on an iPhone. Apple won’t approve an app that exhibits anything approaching this kind of behavior.
Because no hacker would ever be able to find a way around that!
Sure, you can Jailbreak the phone and install whatever you like, but you can’t jailbreak a phone, or install apps, remotely. So we are back to square one. The iPhone is essentially useless in this scenario. If someone was annoyed with the OP they could attack his PC using the method I stated originally but the phone would be completely ignored.
Says you. Are you saying no apps on the iphone can talk to the outside world if the phone is on wifi? What is the point of wifi then?
And are you saying no app can talk to another device on the internal network via wifi? because again, what would be the point of wifi then?
even if an app could only do one or the other, what is to stop them from communicating with each other and then voila! the iphone is a bridge between something on the outside and the PC.
BTW, this part was where I said you don’t understand the fundamentals of how a router works, or the networking protocols that bridge the inside and outside networks. yest everything on the network has the same outside IP address, but they have different inside addresses. The inside devices don’t have to pretend to be each other, the whole point of the router is to manage packets inbound and outbound and make sure they get to and form the right places. It’s a given that that “just works”.
Yep, that’s what I say and nobody has been able to offer any evidence to the contrary, can you?
No, I never said that.
No, I never said that either, but thinking about it i’m not aware of any apps that do communicate with other devices on the internal network, can you?
You are going around in some nice big vague circles here. If you still believe there is some way to hack a somebody’s PC over their iPhone then say how rather than posting vague nonsense and trying to give the impression you are privy to some great secret that you can’t share with the rest of us.
All you have done so far is to say I am wrong, without offering anything even remotely approaching proof, this is GQ, show us some cites, ‘you’re wrong because I say you are’ doesn’t wash here.
And your point is? I’m well aware that the devices on the internal network will have their own IP addresses but that doesn’t change anything. If someone took exception to the OP they could try to attack him using the method I initially stated, the phone would be ignored. If you can think of any way to compromise the OP’s iPhone with the information available (i.e. he has used it to post on SDMB) then tell us how. I can’t see it being possible, you can’t jailbreak a phone remotely, you can’t install apps remotely, you can’t force Apple to accept an app to the app store and even if you had the OP’s phone in your hand you can’t do a god-damn thing to his computer using it. If you feel otherwise then tell me how.
You asked me for the theory, not the details, and in good faith I provided it. The ball is in your court now to fill in enough details to understand it - it is basic networking and security, covered in umpteen million web sites and books since probably at least 1998.
I am not going to claim to even hacve an extensive list of IPhone apps, let alone what they do or don’t do. That being said, there are many iphone apps used for businesses and industrial apps that would be gathering data from sensors on the internal network, querying databases on the internal network, and aggregating data internally.
No reason on earth an app “in the wild” couldn’t probe the internal network if such apps like that exist.
Don’t be a douche. You asked for theory, I gave you theory. If you don’t understand the vocabulary of what it means to be a bridge on a network, or what the risks are, then google is your friend.
If the show was on the other foot, and I sais show me the risk, and you said what I said - the iphone acts as a bridge between the inside and outside network, and not a word more, I would completely understand what you meant.
Like I said, you are simply demonstrating you don’t know the very fundamentals of the issues you wish to discuss. You might think you do, but you don’t. that’s ok, most of the world doesn’t, I don’t want to beat you up for that.
But quit telling me I haven’t provided enough info, I have if you understand the basics. I said at the top I won’t go into specifics, you asked for an outline, so I gave it to you. Don’t cry to me if you changed your mind about that.
Maybe maybe not, but it doesn’t matter. That is hardly the only vector to get to his phone or his PC.
I already told you how. Just because you don’t understand it doesn’t mean I have time to teach you. google is your friend, or maybe you can order a copy or two of the magazine called 2600.
BTW, pretty much all of that is true regarding PCs too, but somehow they get hacked. And there are apparently 10s or hundreds of centrifuges in Iran that have been destroyed that seemingly had no connection to the outside world too, but somehow malicious software found them.
I have told you how it could happen in deliberately vague terms, but it seems you are saying in terms just as vague that an iPhone on an internal network is somehow the first completely safe, perfectly secure device, no matter the surrounding network. I find your claim more than a little implausible, but would be willing to listen if you can provide Apple’s claims of such security for its phone, and somehow being able to inject perfect security into any wifi network merely by the phone’s presence. I would google such a claim to see what the hoi polloi is saying on the record, I suspect it would be pretty much what I have said. If you have some claims other than your own feelings to support your fantastic theory, buy all means share!
A smart man with enough time