So now that the first real piece of Botnet malware (http://www.computerworld.com/s/article/9141354/New_iPhone_worm_steals_online_banking_codes_builds_botnet?taxonomyId=17) for a mobile phone is in the wild, I wonder what took it so long really. The default root password for the iPhone has been published all over for quite a while.
I continue to believe the mobile devices will be a target for malware authors especially since the networks continue to get faster. Let's face it, much of the botnet economics is based on bandwidth. What I think is the interesting fallout of this is for the users who jailbreak for various reasons the main way to prevent the malware infections is to change the root password. This now creates a problem for those performing forensics on iPhones, since it was fairly easy to make a dd of a jailbroken iPhone. Now we have the potential of password to deal with.
How to deal with the password issue, if the user doesn't provide it?
My approach in testing so far has been:
1. Get a logical data dump if possible. There is always the change of the other passcode to deal with.
2. Index the logical data to create a dictionary file
3. Attempt to use THC Hydra to brute force SSH using the dictionary file created from the logical.
Still playing with it.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment