iUsability-Pwned!
Lothar informed me about a strange behaviour of the iPhone running OS 3. It seems like the iPhone is automatically opening a browser when joining a network. (See video of the whole probleme here: http://www.vimeo.com/5466236)
The iPhone tries to do the following:
1. DNS querries for www.apple.com
2. Opening http://www.apple.com/library/test/success.html
When both are successful, then fine... the phone gets back "success" and everything is ok.
When both are failing... thats fine as well because then the phone assumes that the internet connection is not up and running.
BUT <-- isn't there always a BUT?!
If the phone can succcessfully querry the name but get back any different content than "Success"
it assumes that there is a captive portal which requires you to authenticate first to get access to the internet.
This is true for many hotspots etc... so Apple was thinking.. damn thats annoying for the user... lets open up
Safari automatically if this special case comes into place :-)
Usability kills security .... together with karmetasploit its a very evil thing. Get Iphones cookies, accounts and maybe even
system control... depending on the bugs you have left to test.
You can see the whole thing as a video @vimeo http://www.vimeo.com/5466236 .... now lets find some new safari bugs :-)
And thank you lothar for the fish.
The iPhone tries to do the following:
1. DNS querries for www.apple.com
2. Opening http://www.apple.com/library/test/success.html
When both are successful, then fine... the phone gets back "success" and everything is ok.
When both are failing... thats fine as well because then the phone assumes that the internet connection is not up and running.
BUT <-- isn't there always a BUT?!
If the phone can succcessfully querry the name but get back any different content than "Success"
it assumes that there is a captive portal which requires you to authenticate first to get access to the internet.
This is true for many hotspots etc... so Apple was thinking.. damn thats annoying for the user... lets open up
Safari automatically if this special case comes into place :-)
Usability kills security .... together with karmetasploit its a very evil thing. Get Iphones cookies, accounts and maybe even
system control... depending on the bugs you have left to test.
You can see the whole thing as a video @vimeo http://www.vimeo.com/5466236 .... now lets find some new safari bugs :-)
And thank you lothar for the fish.
posted by Max at
12:12 AM
1 Comments:
Hey Max,
I'm not sure I get your point (or Lothar's point) here. What is exposing your ass is the fact that you are joining and unknown and untrusted network, and receiving IP and DNS config from it. Anything you would do from this point on in the network is owned.
Do you just mean that Safari started without being asked for? I don't see a big deal with that. If you joined a network, I would say that the next thing you're doing is browsing (or using applications that need Internet access).
Post a Comment
Subscribe to Post Comments [Atom]
<< Home