Apple iPad, Like iPhone, A Prime Target For Jailbreaking Hacks

Page 1 of 2

While Apple's iPad tablet has been hailed as a "game-changer," security experts contend that the device is ripe for the same jailbreaking exploits carried out on the iPhone and other mobile devices.

Apple made a splash last week with the launch of iPad, a device that falls somewhere between a notebook and smartphone, containing a flat-panel touch screen, wireless connectivity and a virtual keyboard while providing the user with the ability to watch movies, read books electronically, listen to music and access about 150,000 smart phone applications.

Security researchers put the Apple iPad on par with other industry-changing devices, such as the iPod and the iPhone. Meanwhile, Cupertino issued an update to iPhone and iPod Touch Tuesday, patching CoreAudio, ImageIO and WebKit vulnerabilities that could enable remote hackers to execute malicious code that would allow them to take control of a user's device. However, Kevin Finisterre, head of penetration testing for NetraGard, said that those same vulnerabilities could ostensibly extend to the iPad, once it officially is put on the market.

"I think that realistically, it's going to be the same song and dance we saw with the iPod and iPhone. You're going to see quite a bit of the folks doing the standard jailbreaking techniques." said Finisterre. "Literally, it's a big iPod Touch. We're not really breaking any new ground here."

Security experts say that the iPad's popularity in the marketplace will determine whether it will be a worthy target for hackers.

"What' going to drive the level of threat is the level of adoption," said David Perry, global education director for security company Trend Micro.

As with the iPhone and other Apple devices, iPad users will likely be required to purchase approved software through the company's Apple App Store. Subsequently, the new iPad will likely be subject to a slew of jailbreaking attempts by hackers capitalizing on its weak encryption, browser vulnerabilities, and lack of firewall, in an attempt to find ways to run unauthorized and malicious software on the device, Finisterre said.

As with the iPhone, one of the most vulnerable attack vectors in the new iPad will likely be browser based, Finisterre said, which will likely subject the device to numerous Web kit vulnerability exploits, he said.

Daniel Hoffman, executive vice president and chief technology officer for SMobile Systems, said that he had seen malicious apps make their way into Apple's App store. Meanwhile, Apple prohibits third party security software from being installed on its mobile devices, which doesn't bode well for the iPad, considering its anticipated mass consumer appeal, security experts say.

"You wouldn't think of doing mobile banking without having antivirus on your system," Hoffman said. "With these new devices, you do not see that offered. Apple is prohibiting third party vendors from developing applications. They're being prohibited from being installed."

The iPad's e-mail client is another formidable threat vector. While thus far, there haven't been many e-mail vulnerabilities in OS X, Finisterre said that he detected a buffer overflow vulnerability in the OS X Mail.app e-mail client, which would enable hackers to infect users by sending malicious attachments over e-mail, among other things. A similar hack could easily be executed on the iPad, he said.

"You're talking about a very minimal interaction on the user's part," he said. "A vulnerability like that obviously would be a direct and easy way to impact the user of that device."

Next: Concerns Raised About Password Protection

1 | 2 | Next >>

Tweet

   

More Security