Skip to the content of this page

font size: Change text to small (default) Change text to medium Change text to large

Stock quotes from Yahoo! Finance
Symbol lookup
Market Overview
Fast Company Magazine Cover Image

FC NOW: The Fast Company Weblog

November 19, 2007

* Technology: Hacking the iPhone for Espionage

No, it's not enough that you can hack your iPhone to operate on the T-Mobile network, or launch third-party applications, or play games. No, someone had to go and demonstrate how you can -- quite easily, with some know-how -- turn an iPhone, or any smartphone, into a full-blown spy gadget. Go warm up your missile-laden Aston Martin, and then watch security expert Rik Farrow show you how it's done:


Article: Hacking the iPhone

I have an iPhone. I've also owned BlackBerrys, Treos, and even an awesome little Palm-based thing called the Samsung i500 that never quite caught on. But never once did it occur to me that someone could use it to record the mundane details of my daily existence. And now that it does occur to me, courtesy of Rik Farrow, I have one thing to say. This is pretty awesome.

I know, I know -- the upstanding thing to do is abjure piracy and hacking. But to acknowledge that the device in my pocket is capable of spying on me is also a tacit acknowledgment that the device in my pocket is very, very close to being a full-blown personal computer. Watch as Rik penetrates the iPhone; when he first logs in, the Terminal shows him system information for the device. Just when you notice the screen describing the iPhone's kernel, Rik reminds us that the commands he's using are the same for any Unix, Linux, or Mac OS X-based computer. This thing, like the entire generation of smartphones it accompanies, are increasingly based on viable, robust platforms, rather than piddling, proprietary software.

Would it be better if they were ironclad? Sure, but nothing is. Just as the utility of the Internet overshadows the nuisance of viruses, the upward march of the smartphone is a worthy cause, despite its occasional vulnerabilities. The solution, of course, to the immutable personal computing device: awareness. If you know not to click on that suspicious e-mail attachment from a Zimbabwean Prince, the chances of your computer (and now, your iPhone) coming down with a flu are greatly reduced. I, for one, will put my idiocy to the test, eager to see what convenience -- and perhaps, scandal -- the next generation of phones can bring me.

AddThis Social Bookmark Button

Posted by Chris Dannen at November 19, 2007 12:55 PM | Category: technology + computers | * 8 Comments

* 8 COMMENTS

Posted by: Matt at November 19, 2007 7:26 PM

This is FUD. Jailbreaking the iPhone has been around for months - that installs the SSH daemon for him to log in through with a password of his choosing and for him to remotely run programs. It also requires that the machine he's using AND the iPhone be on the same WiFi network for the duration of the "attack" and "spying".

He would require extensive physical access to the iPhone he was wanting to exploit and as such you have nothing to worry about regarding complete strangers getting these sorts of capabilities (unless you manually jailbroke your iPhone and left SSH running all the time) - they would have to be a friend or colleague or skilled thief to achieve this.

Posted by: commonsense at November 20, 2007 12:57 AM

If you turn your phone's power off, no hacker can activate your phone remotely and record anything. Cheapest and best security you can do during a private meeting--request no cell phones allowed!!!

Also, the odds of you visiting a hacker infiltrated website our pretty slim. Millions of people in this world, and they are gonna know to find you? Needle in a haystack. As for company intranets, well, that is a security issue to take up with your company's web guru.

As for inside security leaks, any dope can go to their local spy store and buy a mini-recorder--No techy or hackers needed.

Posted by: Upendra Poranki at November 20, 2007 7:33 AM

Now even more than some one else hacking into a phone to find about a user...

Imagine if the phone itself regularly sends a lot information about your phone usage,spending habits to some one(APPLE or its Friends!!) Scary right!!!

EXCLUSIVE Apple Secretly Tracking iPhone IMEI and Usage (with proof)
http://uneasysilence.com/archive/2007/11/12686/

http://www.techcrunch.com/2007/11/19/whip-out-the-tinfoil-hats-the-iphone-phones-home/

Is Apple collecting your iPhone usage data?
http://www.9to5mac.com/apple-collecting-iPhone-data-23654675445

This is seems to be hot topic of discussion all over the web if what Apple seems to be doing is right or not!!!

Posted by: 7death at November 20, 2007 9:33 AM

Oh commonsense, if you only knew what went on in the mind and the life of a hacker! While this iphone trick may be mostly benign, if you hold those same views for security in general (as you have indicated) then you will be in for a treat.

Posted by: Stephane Daury at November 20, 2007 11:07 AM

One more reason to visit jailbreakme.com, since they patch the libtiff exploit they themselves use to install their software installer. So, in practice, a jailbroken iPhone is more secure than out of the box. Oh, sweet sweet irony.

Posted by: EdZ at November 20, 2007 11:30 AM

@Matt
A LOT of people have already jailbroken the iphone (and thus installed the SSH client). And he only needs to be on the same WiFi network for the initial hack, anything subsequent to that can be done from any connection (simply install some sort of SSH tunnelling software on the iphone).
And what if the jailbreak site is itself the initiator of the hack?

Even if the hack is entirely voluntary, it can still be used offensively as a remotely operated covert recorder.

Posted by: Amber at November 20, 2007 12:57 PM

Uh,

The sound he recorded with RRecord... And the one he played back ARE NOT THE SAME.

Check it. He stutters during the recording session, yet the one he plays back DOES NOT HAVE THE STUTTER.

:/ while i can say that he used an earlier recording, this does shed some doubt on it. Albeit, that his reputation might wipe that doubt out.

Posted by: commonsense at November 21, 2007 8:36 AM

In my opinion, there are some very dangerous hackers out there, but these are groups that target specific internet properties for specific purposes. If you were a talented hacker, would you waste your time on any joe smoe? Again, millions of people in this world, nobody is specifically targeting you--at least unlikely. I have no doubt that there are hackers out there that can do damage--but only as long as you blatently leave yourself open to it. When not in use, turn off your computers and smartphones. Limit your exposure to open wifi use. Don't visit non-mainstream websites. Use web-browsers that erase your web-browsing history data so there is nothing to track, no passwords to copy, etc. These precautions can immediately cut down your risks of being hacked and it won't cost you a penney.

* ADD YOUR OWN COMMENTS










Remember personal info?

Basic XHTML is allowed (a href, strong, em, ul, li)


Please Post your comment only once. Clicking on Post more than once may result in multiple postings. If you don't see your comment immediately, try refreshing your browser.



* ADVERTISEMENT

* Featured Services

* FC NOW MENU

* RECENT ENTRIES

* NEWSLETTERS

Want to get the best of FC Now in a daily digest? Sign up for one of our newsletters.

* FC NOW CATEGORIES

* FC NOW ARCHIVES

* FC READS