The Space In Between

by Dmitry Kirsanov 4. May 2012 19:26

A5 chipYou’ve already heard about the Windows Phone operating system. Microsoft invested a lot of money into making you hear about it. They are trying to form opinion and clear up the niche for their new attempt to settle in the mobile phone market, and this time it appears like they went for broke.

It’s not only huge resources spent on all sorts of advertisements, but also the unusual amount of FUD in their pitch. One of such arguments that riveted my attention is that iPhone is a glamorous gadget for non-geeks. If you believe it, then this article is for you.

Divide et Impera

A bit off topic. A few days ago Apple co-owner Steve Wozniak mentioned, that Windows Phone is “beautiful”, and the subtle message of this remark might be – “so if you are Android user thinking about the next Android-powered phone, but can’t afford the iPhone – you’d better look at the Windows Phone”. So Apple would have two weak opponents instead of the strong one.

Woz surely is an independent professional, so are the MVPs of Microsoft. And if official Apple and Microsoft sources don’t clash, their “independent” media channels do.

Microsoft’s evangelists around the world are creating a lot of use cases about how they were able, without any knowledge about anything, to achieve something. Create applications, for example, using the free Visual Studio environment. At the same time, other army of Microsoft specialists, the MVPs, are building their own stories. The difference between them is that Evangelist is an employee of Microsoft, so his position is mild and is usually FUD-free, but MVPs are not Microsoft employee – they can write whatever they want, but it’s evaluated by Microsoft later – the MVP status is given by Microsoft for one year, and is performance based. Therefore, in my opinion, what evangelists say is the official position of Microsoft, while what MVPs are saying is unofficial, but still genuine position of the company.

As for the company itself, the Microsoft is going to financially support advertisements of those, who create a Windows Phone version of their application, against those rivals, who ignore Windows Phone. As well as aggressively offer companies to create such apps for WP. Some refuse.

That’s normal, as you should display your goods in the best light and use force when needed. However, if Apple said that Microsoft’s new OS is “beautiful”, Microsoft said that Apple’s iPhone is metrosexual. That is – where style was set above the functionality.

For example, according to this post by Microsoft’s MVP Nick Landry, the iPhone is basically a stylish glamorous gadget, not designed for the IT crowd. And illustrated it with the following picture.

Picture by Nick Landry

As someone, who apparently never used an iPhone, he still insists, that iPhone is a thing in which you can’t change anything, where everything is under control and if you are eager to dig into the inners of your device, then this one is not what you are looking for.

Android, on the other hand, is full of crap written by anonymous hackers. The digital minefield. Lin-əks.

And Windows Phone is neither stylish or powerful  both stylish and powerful, but not as stylish as an iPhone nor as powerful as Android. It’s like saying that Russian cars are not as powerful as BMW and not as safe as Volvo… So they are somewhere in between.

It’s hard to swallow such ignorance, when it comes from otherwise professional specialist. And that’s what makes me a bit worry – if such nonsense is repeated by reputable sources, it could cause quite real damage, and I am not talking about Apple’s brand damage, but about corporate networks, whose admins would believe fairy tales about saint iPhone and evil Android.

Instead of disclaimer

I am not really an iPhone user. I am a Windows professional with 18 years of experience and happy user of Android-powered HTC Desire Z phone (the one with the hardware keyboard). And today I am going to tell you what the iPhone is for a geek, so that you wouldn’t repeat the before mentioned fantasies by calling glamorous what in fact is not. So, let’s begin.

What is an iPhone?

iPhone is what Apple invented after an iPod and what shares the same design concept. And an iPod is a small computer, used for playing music, videos and doing other stuff. For example, you could have heard the story that happened in Clay High School in Oregon City, Ohio, in 2007. Couple of school boys hacked the school network using an iPod.

Now think about it. A school boy. With an mp3 player. Owned the computer network.

An iPhone is a powerful computer with great operating system. It is connected to the internet and external resources all the time, using 3G, GPRS, Wi-Fi, phone, mail and SMS. With the right software it could allow you to do the same things you could do with a laptop. Or maybe more. More about it below.

Behind the Curtain

If you are geek, chances are – your iPhone went through the jailbreak. It’s not something, that Apple loves – each new operating system update removes the holes used for jail breaking, and it’s the same thing that Microsoft really hates – for example, hundreds of thousands users of the jail broken XBOX consoles were permanently banned from online services simply because they installed a chip which allowed to run 3rd party software.

So that’s the trend. While Microsoft evangelists insist, that Microsoft’s environment will be “less strict than one of Apple, but more secure than one of Google”, the history shows us quite the opposite.

And the main reason for a jailbreak is not only to install custom software, but also to get access to the full power of the iPhone hardware, but more about it later.

From Theory to Practice

That’s something that a specific group of people usually have no clue about. iPhones and iPods are hackers best friends, with special utilities, frameworks and even best practices for penetration testing.

Consider the following scenario. You need to penetrate the network of some company. In best case scenario, you only need to penetrate the first layer of physical defense – say, guard on the office block entrance. Then, there is a Wi-Fi network for personnel, which is secured, and the same network for guests, which could be secured as well, but with never changing password, written somewhere on the wall of the meeting room.

The beauty of iPhone is that it will be working in your pocket all the time you are sitting outside the target office, in the cafeteria one floor below, in the lobby, or discussing the future contract with the sales guy. Capturing and analyzing the Wi-Fi packets to get the password, analyzing mail traffic of each mobile phone connected to internal Wi-Fi network, and you don’t even need to be a real hacker to do that, because everything is already written for you.

What a hacker can do with an iPhone?

What a hacker could do with a tiny powerful computer, empowered with 3G modem, Wi-Fi, Bluetooth, plenty of storage and software which would utilize all of it against your network? Let’s see.

The operating system of iPhone, the iOS, is derived from the Mac OS X. It’s a full scale Unix. The same as Android is a full scale Linux. The Windows Phone 7, on the other hand, doesn’t share the core with the “real” OS. It has the same in common with the PC operating system, as Pentium processor has with the Pentium II. Nothing. It doesn’t implies that it’s bad, though.

The first step in making an ultimate hacker tool out of your iPhone is to jailbreak it. You can do that using JailBreakMe or QuickPwn utility or paid AutomaticiPhoneUnlocker.com. Or whatever else you can find at iphonehacks.com. And just by the way - this will break your warranty.

Then, you need to establish the full shell remote desktop to your iPhone. You can do that using VNC (through Veency). This way you could hide your iPhone somewhere on premises, perhaps powered, and basically have an access to target Wi-Fi network from anywhere in the world. Or let someone wander around, while operating the attack from a distance.

Then, you need to install some hacker tools like MetaSploit, ngrep, nmap, network-cmds, OpenSSH, Stealth MAC and other network and security tools from Cydia.

Possible Scenarios of hacking using iPhone

Your iPhone could be both Wi-Fi client and Wi-Fi access point. This means, that you can assess the existing access points around, and set the same name and encryption type (although it will accept any password) for the fake one. The next thing you know is clients around you trying to use your access point instead of the genuine one. So all traffic will go through your device, meaning that you could change the content of web pages accessed by these clients to include the exploit. Or simply redirecting requests to the trap. Using that technique, the target network would be “owned” simultaneously from multiple workstations. Hopefully, some users will install it using the administrative access or open web pages through the web browser started with elevated privileges.

Corporate pages are usually not encrypted and Wi-Fi users have access to them. Almost everyone brings his cellphone or laptop and uses corporate Wi-Fi as well.

Since iPhone is equipped with Bluetooth, you could also try all types of Bluetooth attacks, such as blueprint attack, device hijacking et cetera. By the way, some people still believe that Bluetooth range is about 10 meters.

Performance of iPhone

So, according to Microsoft’s media channels, the new Windows Phone 7 will be more geek-friendly than iPhone. Let’s assume, that there will be tools for Windows Phone 7 (a promise is a promise!) that will allow you to do the same tricks as iPhone apps do. However, there is one tiny little detail left. Performance.

iPhone apps are written in Objective-C. Windows Phone 7 apps, on the other hand, are mostly .NET framework based interpreted language applications written using Visual Studio. You can write a sniffer and general network utility using C# or Visual Basic .NET, but it won’t have the same performance as native code applications. It doesn’t matter on typical workstation – the multi-gigahertz CPU is more forgiving to non-optimal performance of the platform. But it’s different for the mobile devices.

Android applications, on the other hand, are powered by Java, which is not better than .NET, at least in terms of performance.

The HTC or Samsung mobile devices, running Android, are visually fast enough to please almost anyone, but technically they are slower than iPhone, so even if we are speaking about the bare metal capacity of each hardware device, what we would like to have in the Mission Impossible style affair is definitely an iPhone. Not Nokia.

Resume

Don’t underestimate the glamour!

blog comments powered by Disqus