Mobile phones and personal data assistant (PDA) appliances used to be limited in their functionality; however, today there are wireless devices that operate using advanced operating systems and support applications that are incredibly useful for conducting clandestine activities. As an example, Apple’s iPod touch runs on the UNIX-Darwin kernel, which is open source,2 POSIX compliant, and single UNIX specification version 3 (SUSv3) compliant. Because of this, advanced hacker appli- cations can be built and installed onto the device, making the iPod touch a powerful hacking platform.
Regardless, there are some interesting trends that we can examine and use to our advantage.
The first trend is the use of open-source operating systems. As already mentioned, the iPod touch and the iPhone, both products of Apple Inc., uses the Darwin operating system. Additional proprietary applications, including graphic interface software, have been added to these portable devices; however, the core system is undeniably UNIX based.
The second trend is the increase in computing power and memory. Although the iPod touch does not have the processing capabilities of desktops or even laptops, they are quite capable of processing large amounts of data rapidly. As a benchmark test, the iPod touch (first generation) was able to process 577 MD5 hashes per second using the password cracking tool “John the Ripper.” In comparison, the MacBook Pro with a 2.8GHz Intel Core Duo processor was able to process 7674 per second. Although about one-twelfth the capability of the MacBook Pro, the iPod touch results are still impressive for what many consider as simply a fancy MP3 player.
The method of obtaining applications needed for penetration testing or covert audio and video communication will vary, depending on the mobile platform. In the case of the Droid and Palm Pre, access to the underlying operating system is avail- able by design. However, in the case of the iPod touch, access to the operating system can only be achieved by “jailbreaking” the phone, which circumvents protection mechanisms installed by Apple.
The actual method of jailbreaking varies, depending on the generation of the iPod touch and the version of the installed software (HOW TO jailbreak is explained in another post -same hack section). Once jailbroken, we can place applications on our device through different repositories – the most notable is called “Cydia.” More information on Cydia can be found at http://cydia.saurik.com/.
Although we will focus on the iPod touch, the iPhone is just as capable as the iPod touch for conducting similar attacks and can be jailbroken just as the iPod touch. Overall, the iPhone is actually a better attack platform than the iPod touch since audio and video can also be recorded with the iPhone.
It is entirely possible that using modified firmware or making alterations to the operating system of a mobile device could have bad results. If we are lucky, such results may only be the odd application or operating system instability. If we are not lucky, we may have just gained a very expensive paperweight in the form of a completely nonfunctional device, commonly known as “bricking” it.