Can someone hack my home PC over my iPhone?

Factual Questions
41

There are a lot of steps between “being on the same network” and “launching an attack from an iphone.” To begin with, the hacker would have to know the OP was using an iphone. Then he has to find it. How does a random Doper get his IP? Are we talking about a mod or admin?

Assuming he had the OP’s IP address, it points to the OP’s router, not the iphone. He has to scan the network somehow, I doubt any router allows that from outside. If he does find devices on the internal network from outside somehow, he has to figure out which one is the iphone and find a way to hack into it first, then the computer.

If we’re talking a malware app, the op would have to install the one app out of a couple hundred thousand apps that somehow got malware past the review process. That app would have to be able to talk to the computer. Being on the same network doesn’t mean they can talk.

Apps can’t run in the background so the OP would have to actually be using the malware app for it to attack the computer. The app would have to have a payload that could actually infect the computer and the computer would have to be vulnerable. Of course, the phone would have to be vulnerable before the computer and the attacker would have to be able to find, identify, and take advantage of both systems.

If the question is “is a computer not connected to the internet the only secure computer?” then answer is yes. If it’s “is it dangerous to use my iphone on SDMB?” the answer is no.

Unless the people who wrote Stuxnet are Dopers, of course.

42

No, but it shows that the pieces are all available, just not on the target’s phone.

And the more I think about it, the more possible something like this seems…

Remember how a few months back there was a iPhone jailbreak site that could jailbreak your phone just by visiting the site?

read all about it

That site exploited a weakness in Safari on the iPhone (I think it was a PDF exploit).
The latest firmware has patched this weakness, and the site no long works to jailbreak iPhones.

Nevertheless, if a single click can take you to a web site that is capable of making major changes to your phone’s operating system without Apple’s permission, you can see that it wouldn’t be unthinkable for a black hat to send a nasty link to his target in an innocent email.

And once inside the protected confines of the person’s network, there are toolkits available that have built in cracks for hundreds of recent security holes. Those toolkits are used to systematically try every single security hole until the one forgotten gap is found. That’s how one could get at the PC.

In theory, it is possible. And the “jailbreak me” tool is evidence that a simple link did have the power, before OS 4.0.2, to totally take over the phone.

Considering the severity of such a security hole in the phone, I think we would know about it if folks were doing this today.

I wouldn’t lose any sleep over it.

43

.
Not really. Macs and Linux machines get hit by windows seeking malware and probes all the time, precisely because you don’t have to know in advance what the system you are probing is. You just try the exploit for the system you care about - if it works, great, if not move to the next one.

Social engineering and constructing a careful message can do the trick, no admin required.

Many if not most routers allow remote administration.

Not really, if he can cause the iphone to install an app that will then “phone home”. Nothing fancy there, that is pretty much how all apps get installed “oh that would be cool” is about the level of thought involved.

So? that’s the defense? Security by obscurity?

Why not? How many home networks are setup to not trust packets from an internal address? Very few indeed I would wager.

Hence the fun game or useful utility I alluded to.

If it is Windows, it is certainly vulnerable, and the app does not need to carry the payload, it can proxy it in from the outside.

Sounds tricky, but that is exactly how viruses and other malware gets to PCs. What makes iphones on the network unique, or immune from the same approach? if they are on the network then they can be so used. being an iphone does not confer them special status wrt tcp/ip packets.

Sure, for some level of “dangerous”. But that might not be as remote a possibility as you might think. We all have our comfort levels.

And the risk is much higher if you leave out the dope and let the iphone loose on the whole net. How do you know what it is really doing while you browse or check email, or whatever? How do you REALLY know what tcp/ip stuff is happening behind the scenes?

44

The op simply asked if the PC could be hacked. That could happen without making the phone do anything out of the ordinary by all appearances. How long does it take to run through the exploits you mentioned via toolkit, turn the pc into a bot or snag some personal info or wait for instructions to send spam or whatever, and then delete one’s self on the phone?

I think that qualifies as a hack for the purposes of the OP, but it doesn’t mean the phone behaves badly ever to the phone’s owner.

Considering most people never realize such hacks on their own pcs now, at least not for a good long time, and the exploits form the phone could have come from anywhere, and by the time you notice, the phone has been long restored, I am not so sure we would know about it.

How many people really monitor their internal and external network for weird stuff at the packet level and can tie weird stuff to modified behavior at the application layer of the network model? Very very few I would wager.

I am not saying this is common, but I am saying the answer to the OP is most definitively YES.

45

In this case you do have to know what the system is and directly target it after taking over the phone. And you can’t packet it all day, you can only do this while the malware app is running so the attacker better free up his schedule.

If you set it up. I’ve only had a few routers but none had it enabled by default.

Do any apps phone home and download executable content? Seems like this wouldn’t be allowed by apple and would need a complete takeover of the phone.

I’m not claiming it’s a good defense, I’m claiming it’s a ludicrous offense. The SDMB reader has to get pissed off at the OP, create an app, have it approved (this can take weeks), and have it carry out the attack while the OP is running it and connected to the home router? All for the sole purpose of using this malware app to attack the OP’s computer. Why bother?

Just being able to send a packet to another computer doesn’t get you in. You mentioned an ssh program earlier and alluded to the idea that it could be used to hack the computer. No, it can try to connect to an ssh server, but if the OP doesn’t have one running, it’s useless. Even if he does have one running, it’s still probably useless.

Out of curiosity, have you ever used an iphone?

46

None of those change the answer to “Is it possible” from yes to no.

I don’t know what if any apps “phone home”. Probably most of them do, either to get content, or to store prefs, or to register themselves, or for whatever reason.

It is not necessary to download anything executable on the iphone by such an app. In the scenario I describe, it would simply pass information on directly from the outside, not unlike a router simply shuffles the packets without passing judgment on them.

This is what happens when you hear about a pc being a zombie or a bot on some sort of malware network, for the most part.

That is assuming way more specificity than is asked in the OP. In particular, there is no time factor in the question.

Note the question is “Is it possible”, not “is it probable”.

The answer to the first is “yes”, the answer to the second is “given the answer to the first, we all have to decide what our own risk tolerance is”.

My understanding of board rules is that it is not allowed to describe how to hack things specifically, so I decide not to go into more detail here on this point. You can ignore my claim at your own risk, like I said, we all have to assume our own risk tolerances.

Is there anything specific about an iphone that makes it immune from standard security issues related to a tcp/ip network on which it is participating?

The issue here is not really that it is an iphone, is it?

hey, I have a Roku box on my internal network. Other than a simple remote control, it has no external interface at all, not even a power switch.

But it IS on the internal network, and it DOES run linux, and the source code is available for the GPL parts from Roku, and the box not only phones home to roku, but apparently to partner web sites that provide content that I really have no reason to trust not to hack my network if they wanted to.

IOW, if the OP was about a Roku instead of an Iphone, the answer would be pretty much the same: Any device that can talk freely across the internal network while also talking with the external world is a vector to damage the internal network, precisely because it gives a way to bypass the firewall protection at the edge of the internal/external network.

The nominal, normative use of that device does not matter.

There are defenses against this, but they require a more sophisticated setup on the internal network than is typical, isolating untrusted devices from trusted ones.

There is nothing special about an iphone that makes it immune from such network security concerns.

47

The way I see this happening is this…

[ul]
[li]Black Hat is aware of a bug in iPhone OS, similar to the PDF bug used for “jailbreakme”[/li][li]Black Hat uses someone else’s “exploit” code and attaches his own payload. This payload will be executed by the iPhone and can do anything that the iPhone OS is capable of.[/li][li]Black Hat sends a nice email to Victim.[/li]Example: “I have naughty pictures of you that I will post online unless (blah blah blah) Click here to see what I am talking about”
[li]Victim receives email and doesn’t click link for a long time, but finally can’t resist and clicks link.[/li][li]iPhone bug allows BH’s code to run on iPhone.[/li][li]Victim sees Safari crash, but doesn’t think much about it; this has happened before.[/li][li]iPhone now uses an off-the-shelf PC hacker’s toolkit to probe the network and check for any one of hundreds of unpatched holes. This takes about five seconds.[/li][li]Toolkit finds the PC and spots an ancient security hole in an aging version of SQL Server that the victim never even knew was installed.[/li][li]Toolkit installs malware on PC that phones home and says “Hi Mr. Blackhat. I’m ready to do whatever you want.”[/li][/ul]
Quite doable with some decent hacker chops, but not likely.

As others have said, the BH guy will likely just target the PC without bothering with the iPhone. There are plenty of ways that one can be infected from just clicking a link. Indeed, there are far more well known exploits available for a PC than for an iPhone, so it would be much easier to attack the PC.

48

Or maybe BH simply wanted to address OP’s seeming lack of paranoia without planning to actually do anything. Maybe the intended hack was to get the OP to learn about his/her network, and to make sure things are secure. Maybe Black Hat is actually White Hat and the hack has already succeeded.

Note the OP didn’t say the hack would be malicious either, or even that it would not simply be a social engineering hack.

The OP is simply too general in my mind to rule anything out, hence the answer is “yes”.

49

That’s like asking “is it possible for all the air in the room to suddenly gather in one corner, leaving a vacuum in the rest of the room?” Theoretically, sure, but in practice, it would take longer than the age of the Universe for it to occur even once, so the reasonable answer is “no.”

50

Are you suggesting that PCs on home network should rely on security by obscurity? Because that doesn’t seem to be working, age of the universe notwithstanding.

I have asked others to no reply, but maybe you can tell us - what if anything makes an iphone special compared to every other device on a home wifi network?

51

Until someone posits a believable series of steps which lets an unjailbroken iPhone not running malicious third-party software transmit malware to a PC, I have to say that the idea is a fantasy, like destroying the Borg with an image.

Remember Y2K? There were lots of sources that warned that your microwave would crash, because, after all, it had a microprocessor in it. Hardware Engineers like myself knew better, but we were shouted down.

So, just because someone can imagine an attack doesn’t mean it’s possible.

So, I’ll believe it when I see it.

52

You have seen descriptions of precisely that by at least two posters on this thread.

Can you give us an idea of which parts you don’t find believable and why (in technical terms if possible)?

But software engineers like me mad a pretty living for a while actually fixing mission critical software that DID have such bugs. In particular, I worked on a system that is (or was then anyway, not a clue now) in very wide use syncing tv shows, commercials, and clocks at tv stations (on air and cable) around the world.

There was very definitely a y2k problem. would the world have stopped? No, but TV stations would have had to work to re-configure their software and systems, probably while broadcasting a Please Stand by slide.

Which part of the description do you find implausible and why?

53

No, I haven’t seen any plausible vectors described in this thread.
I will stipulate that it might conceivably be possible to do this with a user-installed piece of malware on the iPhone, but I specifically said “which lets an unjailbroken iPhone not running malicious third-party software.”
So, my answer is still NO.

54

The means of getting the software installed is the problem. You can write your app that will probe an internal network for vulnerability and report back results but it won’t get approved by Apple so the OP will never install it on his phone. Given that the OP won’t/can’t willingly install the software you need to ‘force’ it on to the phone, how do you plan on going about doing that?

You can’t rely on general terms such as ‘all you need to do is exploit a bug in the OS’, if no such bug is known to exist that is not a valid answer.

55

What is yoru bais for judging that the vecottrs so described are not plausible? They are precisely how most attacks in the home network happen already, the only difference is the iphone instead of another PC.

So what makes the iphone special?

You said you are a hw engineer right? Do you design hw that participates on a tcp/ip network?

56

Someone already gave you actual examples of apps that do exactly that. Apple WANTS apps to communicate across the wifi network with other apps and programs on other devices, otherwise why be on the network at all?

Apple does not want to, and could not prevent even if it did, an app from communicating via tcp/ip as it sees fit with any other device on the network.

Why?

Because that is just how tcp/ip networks work.

If you claim otherwise, it is like claiming GM can keep your car from going on certain roads of its choosing. Not only is there no reason for it to want to, it is completely counter to the purpose of the vehicle in the first place to implement such functionality, so it doesn’t happen.

What keeps you off of roads where you don’t belong are devices such as signs that are independent of the car itself.

And so it is with iphones - they can send whatever packets an app wants, to whatever ip address they want to. But they can’t control what happens once the packets leave. The issue with the home networks is that there is almost certainly no sentry between the iphone and the targeted IP address, su ch as a firewall.

But of course if the internal devices are firewalled off from each other, than it is not going to be much of a network other than to share the external connection at the router.

So that means there is a lot of trust happening in your network and mine inside the firewall.

Modern routers can place the IPhone in a place where there is less trust and less ability to communicate with trusted devices. That is probably the proper defense - to put a sentry between the phone and the internal network, while still allowing the phone full access to the outside network. The technical term for this is “DMZ”.

That would help, but it has nothing to do with Apple, because Apple doesn’t care. Whatever app approval process they have is in no way able to tell what might be a malicious program, because the functionality is identical from non-malicious network functionality Apple WANTS you to use…

It might keep you from getting porn or stuff like that, but that is not what we are talking about. There is simply no way to know what the intent of tcp/ip packets are individually or collectively, and if you are going to allow such packets at all, then the vectors described in this thread are available to exploit.

No one here has made such a claim.

But I will say a big problem with proprietary OS is that they tend to rely on security by obscurity a little too much. Whereas, if I want to find out what is really possible on my Roku box in my living room, I can download the software, check it against standard versions of the same open source software for changes, and monitor what security upgrades have been made since then, and find a way to upgrade my Roku with the patched software, or else modify internal firewalls accordingly to address the threat.

Really everyone, this is Security 101 in the networking world. I am not saying it is something everyone with a router needs to know in detail, but instead of rejecting it out of hand, you should ask - is my home network at risk by these issues? Can I do something for my protection besides install anti-malware stuff on my PC and keep that stuff up to date?

Also ask, if my iphone (or droid or blackberry or roku or tivo or whatever) is on my home network, how do I know that it is not communicating with my PC or other local devices at all, let alone maliciously?

It is possible to know, so the question is, do you really know, or do you simply hope your devices are not compromised and compromising each other and other networks?

How do you know?

57

I thought I provided such a scenario, in clear steps.

I mentioned the “jailbreakme” site as evidence that an iPhone running iOS 4.0.1 could run rogue code to do something very un-Apple-like (in this case, to jailbreak it) just by a user clicking a link.

That’s all the bad guy would need. The hard part is now done.

58

Well I certainly hadn’t thought that my question would start such a lively discussion.

The only reason that I asked was that on another forum, a discussion became a little heated. Idiotic posts get tossed around and someone threatens to hack another poster.

I access that forum through Tapatalk most of the time. Sometimes on the 3G network and sometimes on the home wi-fi. So I wondered if someone could get access to the phone and then when I got home and hooked up to the wi-fi, the hacker could attack my PC.

At least in my mind it was possible, and I really don’t know how secure smartphones are. So I still avoid doing things like checking my bank accounts on the phone.

59

You mentioned a way that used to work, not a way that does work. Am I saying that the iOS is 100% secure? No, there is no way on Earth to possibly verify that, you can however demonstrate that the iOS is unsecure and that is something that you can’t do as there are no known flaws that allow an attacker to install malicious code onto the iphone.

Sure apps exist that scan devices on the network and tell you what services they have running, though the information gathered is no more useful than saying ‘this PC is running Windows’.

You can write an app to do whatever you please but that does not mean you can get the OP to install it on his phone. During the app approval process the app is monitored for its outputs, if they note that the game you have made is sniffing the local network and sending the results to a third-party you can bet they won’t approve it.

In order for the answer to the OP to be ‘yes’ you need to demonstrate some way of installing malicious code on the phone that doesn’t require Apple to approve an app that is sending data to a third party. If they allowed such software to be used then you can bet your ass someone would have done it already, inventing an app that looks on the local device for stored passwords in Safari/mail or banking apps. No such app exists because Apple would notice the strange behavior during testing and it wouldn’t be approved. What you need to do is show how you can install an un-approved app on the iphone remotely.

60

Perhaps mittu can summarize his or her experience in networking, particularly securing networking in light of the fact that each post s/he makes is the complete opposite of what is well known by every professional in the field?

Because as far as the OP goes, combined with Mittu’s #9 (mittu, please re-read #9), every single post is a moving of the goalposts. No details needed, just theory, apple does this, apple does that, if there is a flaw, blah blah blah not a word of it supported by empirical evidence after 59 posts.

Readers, please use your best judgment when considering mittu’s advice on your own networks. Ask yourself if you think Apple has not only invented the very first device that is immune from acting as a normal device on a network was, and also somehow keeping that remarkable claim off of the internet.

Ask yourself why mittu keeps demanding info from me, but has not responded to a single question posted to him or her?

Ask yourself, how do you really know your what your apps are doing?

And ask yourself if someone didn’t want apple to see network traffic, why they wouldn’t simply code the program so that there was no network traffic until after a certain date or other indicator that the approval process is done?

Mittu’s claims are getting stretched thin, while you have two people who have described as clearly as possible without running afoul of board rules why any device inside a firewall, iphones NOT excepted, are a risk to other devices on the network.

And oh yeah, the bridge program does not need to scan the network to see what services are running, it only needs a list of known exploits that may or may not work, and as another poster indicated, that is trivial to include in a program. That’s it. You don’t need to know what services are on a mchine, or if there are any services at all. You don’t need to know what ports are open.

It is like this: My car has a remote control door key. If I drop it in a parking lot, whoever finds it does not need to know which car it might go to, they only need to push th button and see what happens. If the car is there, it will respond. If the car is somewhere else (maybe someone else drove me there) then nothing will happen, and the finder can try in another parking lot until they find my car or give up. the point is, the car doesn’t know or care who is using the key, only that the signal was properly sent and received.

Similarly for hacks - the bridge program we have described gives a way for an outsider to “press the key” for doors that might open on the PC.

Mittu’s claim earlier was that such programs are not possible on Apple, but he was shown example programs that Apple has approved.

Now s/he sort if seems to be speculating that Apple would somehow know if such a program had bad intent, but hasn’t offered a shred of a clue how Apple would infer that. I for one would be very interested in Mittu’s or anyone’s explanation of how Apple can force a program to behave the same way during approval as it would later. If one can’t even show this, then the approval process is not the place to look for network security. And if this can be shown, then we can have a discussion about how the process works in real life.

Because in real life, that would be different from every other programmable networking device, and Apple would surely be spinning this highly desirable and valuable technology off if they had it. It would be a very fundamental breakthrough indeed.

Yet mittu and others act as though it is a given. It is not.

Caveat emptor is the bottom line. It’s your phone, your PC, your data. You decide the risk you can take.