Bilbao Digital

Asociación para la Cualificación y el Aprendizaje Permanente

  • Full Screen
  • Wide Screen
  • Narrow Screen
  • Increase font size
  • Default font size
  • Decrease font size

iPad security notes

E-mail Imprimir PDF

After a great week-end with a friend's iPhone, I have tried out my bigger and brand new iPad expecting a proportional success, doing a security assessment.

First of all, I thought about jailbreaking the new IOS 4.2.1. So I can use other repositories to install Displayout Cydia package and record the iPad screen using a component av cable and a Hauppauge PVR. But this would lead me further the mainstream, so I prefer to keep the stock configuration avoiding extra noise/traffic.

It's a great tablet device, thin, light and pretty. Doesn't do much but it does nicely. One of the main features of this device is the most dangerous, the wireless adapter. No matter how new the gadgets are, the protocol vulnerabilities remain the same. Anyhow, there is a big surprise, while scanning WiFi networks doesn't differentiate between adhoc and infrastructure connections. So, you really don't know if you are connecting to your company wireless network or to my personal computer with the same SSID, scary uh!?

Many people uses the open WiFi spots in airports, public rooms, city squares... to log in their favorite websites and download their emails trusting in those connections. In every conference I suggest to use only wired connections, but in this case, you have no choice. Yeah you can use 3G too, I will talk about this another time (direct Internet access and non filtered ports is a bad and old combination).

I set up an adhoc connection to simulate this scenario and sniff passively my own iPad traffic. Looking at the huge dump I found the common plain protocols such:

- Http basic auth (base64 encoded) and pop3:

- And performed some cookie-hijacking easily to login in to websites without knowing the username and password credentials (Facebook and Twitter).

In the other hand, there is a good TLSv1 implementation in the AppStore authentication and personal IM.

From what's been found out so far, nothing not expected. But, with new IOS anyone with an iPad, iPhone 4, new iPod touch (4th generation) can locate a misplaced iPad, iPhone, or iPod touch on a map. You can also have your device play a sound and display a message to help someone return it to you, or you can remotely lock its screen or wipe all of its data to protect your privacy.

Every new service catches my attention because may need to be checked. So I cannot wait longer... The authentication process is done using ssl but, :-), the google image transfer is done directly from the google servers. So, using passive sniffing is possible to follow the tcp data streams to assemble the images and track any device of the iPad owner, usually his/her wife/husband. Cool, isn't it?

Your email, forums user, facebook account are easy targets. Would like to say that Gmail is safe, but as we demonstrated in our first security conference, is not (phishing with dns spoofing, removing the ssl certificate while actively sniffing, ...). Maybe you think that I am able to do those tests because I am a security professional, but do you really feel better?

Think twice if you are a hot spot/iPad user. Many people tries to gather information through fake access points. We are many, but few will put boundaries to protect your privacy.

Happy surfing!

Comentarios (0)add comment

Escribir comentario
menor | mayor

You are here: Artículos Seguridad iPad security notes