iPod hacking

[Sadaiyappan]

How easy is it to hack someone's iPod through wifi if you come within range?

 

[0roo0roo]

pretty easy if its an open wifi hotspot...that is a hole that is affecting every user, not just ipods.

anything else would require actual security holes in the system

 

[Newbian]

This won't end well.

 

[0roo0roo]

yea pretty much if he has to ask ...we shouldn't tell

 

[Ichinisan]

Well, there have been vulnerabilities for iPhone that allowed remote exploits. One could be triggered by text message. When it was demonstrated that the microphone could be remotely activated and start transmitting, it even inspired some parts of The Dark Knight.

However, iOS was increasingly locked down after the first iPhone. If such a vulnerability still exists in iOS and is discovered, it would probably be immediately abused. We'd probably see an extremely devastating virus or wide-spread botnet almost overnight.

 

[DrPizza]

I have to go to a few days of training sessions this summer on how to use ipads in the classroom. I'd love to be knowledgeable enough by that time to mess with the instructor. "What about students hacking into the teacher's Ipad?" "These are made by Apple. It's hacker proof." "Hmmmm..." "uhhh, what's going on?"

 

[Ichinisan]

I have to go to a few days of training sessions this summer on how to use ipads in the classroom. I'd love to be knowledgeable enough by that time to mess with the instructor. "What about students hacking into the teacher's Ipad?" "These are made by Apple. It's hacker proof." "Hmmmm..." "uhhh, what's going on?"

If the instructor has jailbroken his / her own personal iPad, maybe they installed SSH and didn't change the root password: "alpine"

 

[CZroe]

pretty easy if its an open wifi hotspot...that is a hole that is affecting every user, not just ipods.

anything else would require actual security holes in the system

Uhh... are you talking about that "flash in a pan" Jailbreakme.com from last year? Apple partially closed the PDF exploit almost IMMEDIATELY and fully closed it with the very next FW update. There hadn't been a browser-based exploit since the original iPod Touch and iPhone days.

Even so there was an issue with AT&T asking Apple to automatically connect to any WiFi hotspot with the SSID "attwifi" if the user had ever connected to it before (ignore the specific MAC and connect anyway). This was intended as an effort to reduce bandwidth on the cellular network, but anyone could create and "attwifi" hotspot to start phishing every iDevice-user who's ever hopped on McDonald's wifi. Combined with the Jailbreakme.com exploit, it could have been MUCH more serious, but they weren't popularized at the same time.