H.D. Moore supports Metasploit for the iPhone

H.D. Moore of Metasploit has been working on iPhone support for the Metasploit Framework. The Metasploit Framework is a development system used by security professionals for vulnerability and exploit research. And having iPhone support in Metasploit makes security vulnerability and exploit research easier, which makes developing new exploits more likely.

Moore lists the following as encouragement:

1) The processor is actually decent. Compare the iPhone (400Mhz*) with the Nokia n770 (233mhz) or the Nokia n800 (320Mhz) and the choice of a handheld hacking device is a no-brainer. The (mostly) working toolchain, large amounts of storage (8Gb), and ease of use make this a great candidate for almost any security researcher “on-the-go”. If you tweak the networking preferences file, you can set the signal quality limit down to “1”, turning the “join a WiFi network” screen into a primitive stumbler (or just install Stumbler via AppTapp).

* The media widely reported the processor speed as 620Mhz and I repeated it here. Dan Moniz suggested I check the output of ioreg for the actual CPU speed, which is reported as 400Mhz (0084d717 == 0x17d78400 == 400000000).

2) EDGE network access is horribly slow, but it works. The downside is that the EDGE network provides the phone with a private address, on a point-to-point link, that is three hops away from a public IP range. For example, my phone’s EDGE address is 10.x.x.x, its first hop is 172.16.x.x, its second hop is 10.x.x.x, and its third hop is also 10.x.x.x. The fourth hop is a 200.x.x.x address. Latency is between 180ms and 600ms, but averages around 200ms-250ms. I made a few attempts to discover other hosts in the private address space, in hopes of finding other EDGE devices, but instead only found a few scattered routers, switches, and servers.


~ by David Barnett on September 28, 2007.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: