Pa los que les sobre un ifon…
12.08.2008 @ 01:29 \01\Tue, 12 Aug 2008 01:29:50 +0000\50 +0000 UTC
Así es, si les sobra un ifon, lo pueden usar para hackear la red inalámbrica de una empresa. Sólo dirigan el ifon a un empleado de x empresa y asegúrense que el empleado no trabaje en la empresa. En el empaque donde está el ifon pónganle una batería extendida y con el SW adecuado, pueden usar el ifon como un hacking tool. En cuanto el ifon adquiera una dirección ip, se comunica con un servidor que ustedes especifiquen y si la empresa a la que mandaron el ifon tiene wireless sin seguridad, pues ya pueden ponerse a hacer lodo. Eso si, todo a costa de un ifon. Cortesía de los hackers en Defcon.
In initial runs, the iPhone’s scanning showed some interesting results. Graham told the audience that the phone would just sit in a receiving facility, usually a mailroom, for a long time. Fedex and UPS generally will deliver numerous boxes in a shipment and then a secretary or internal mailman (in larger companies) will then sort everything to its final destination. But if the package is addressed to someone who doesn’t work at the company, then employees will have no real urge to move it. Calls need to be made to verify that the employee doesn’t exist and then someone will finally call the shipping company to pick the package – this all takes time, time that the phone can use to scan the internal network.
Once the phone was inside a business, Graham said most of the wireless networks were wide open. This should probably come as no surprise as companies usually trust employees and anyone’s who has made it past the front door must be friendly.
While the notion of an iPhone attack may seem a bit too Hollywood-ish to some, Graham and Maynor say the idea is much better than a hacker sitting outside of a company sniffing for wireless traffic. They say police and even average citizens are quite suspicious of people sitting in their cars with glowing computers screens. Furthermore sending a company an iPhone means you can be completely anonymous with a jailbroken iPhone and a third-party SIM card.
Companies typically spend thousands even millions of dollars on physical and network security, but Maynor said their iPhone can foil all of that by “getting past all the firewalls and crap that they’re buying.” He added that many organizations have armed guards that will stop any intruders, yet they let in the Fedex guy at 10 AM every morning.