《The Making of the FOCUS 11 Apple》.pdfVIP

White Paper The Making of the FOCUS 11 Apple iPad Hack By Gabriel Acevedo and Michael Price McAfee? Labs? Table of Contents Motivation 3 Research 4 The iOS SSL implementation vulnerability 4 The “JailbreakMe” vulnerability 5 The Hack 5 Hardware 5 Software and tools 6 Scenario 7 Attack 8 Results 10 Conclusions 11 Acknowledgements 12 About the Authors 12 2 The Making of the FOCUS 11 Apple iPad Hack In October of last year, McAfee hosted its FOCUS 2011 conference. McAfee Labs offered customers several talks on malware and other threats as well as on myriad security topics. One of the most popular events was the Hacking Exposed keynote, which drew more than 2,000 people. Most of the attendees turned off their laptops, phones, Apple iPads, and other devices when McAfee CTO Stuart McClure announced that his team would perform live hacks at the session. We had seen a lot of buzz on Twitter and other social networks looking forward to the hack that everyone at the conference was talking about. Some skeptics claimed it would not be a live demo, but within moments of the start, people confirmed that the fake FOCUS Wi-Fi hotspot was indeed live. We aimed a TV camera at our soon-to-be-hacked demo iPad screen so that the attendees could follow along. While McClure loaded Gmail via a secure sockets layer SSL connection, we could see the HTTPS URI scheme and the lock icon on Safari. Under the hood, an exploit was loading and installing a secure shell SSH server. A few seconds later, the crowd applauded appreciatively as the iPad screen appeared on our VNC remote-control client. The iPad was compromised. We had root access through the Terminal and also graphical access through VNC that allowed us to see what McClure was doing and allowed us to interact with his device. A typical iPad user in this situation would have no clue that we had such powerful control of the system. The victim was not visiting a malicious website, but was simply checking email via a