Weaponizing Apple's iPod Touch

By Kelly Jackson Higgins
DarkReading <!-- --> It fits behind a coffee machine, inside a desk drawer, or in your pocket, and it doesn't arouse suspicion if you walk into a bank or office tapping away on it -- and that's why a security expert has turned an iPod Touch into a full-blown hacking tool.

Thomas Wilhelm, associate professor of information system security at Colorado Technical University, showed attendees at last week's Defcon17 conference in Las Vegas how Apple's seemingly benign iPod Touch can be converted into a portable and stealthy penetration testing or attack tool. He outfitted the iPhone cousin with the popular Metasploit software for exploiting vulnerabilities, as well as password-cracking and Web app hacking applications he was able to easily download onto the device. ...

The iPhone Touch can also perform ARP spoofing and force nodes to use it as a gateway. "The coolest thing with the iPod Touch is that it can tell every computer in the network that it's the gateway, and that when you talk to Google, you have to go through it," Wilhelm says. "Then it captures all of the packets that go across the network."

Wilhelm says the Unix-compatible iPod Touch didn't require much configuration to become a hacking tool, either. Once he "jail broke" it, he was able to easily install pen-test apps from Cydia. "There was very little I had to do to configure it," he says.

The tool can do most of what a laptop-based pen-test tool can do, he says, although at about only one-tenth of the computing power. The other drawback is when you plant the iPod Touch on-site, you have to find some way to provide it a power source. So Wilhelm designed his own camouflaged power setup with parts he purchased at Home Depot. It's basically an electric box with an empty faceplate affixed to a wall to hide the iPod, which is plugged into the wall outlet.

Another trade-off is it only works with a wireless connection. You have to jump onto a WiFi connection either legitimately or via MAC spoofing: "Once you're on there, you do information-gathering and find out what servers are on the network, do port scans, banner grabbing, and identify potential vulnerabilities, and try to exploit them with Metasploit," Wilhelm says.

And with the device hidden on-site, you can set up a backdoor and remotely connect to the iPod Touch to perform additional attacks. "Anything you can do in a real pen-test, you can do on this thing," Wilhelm says. "Other people have demonstrated some of this functionality before. I wanted to present to the world how robust the iPod Touch is as an attack platform, and some of the social engineering vectors that can be used to actually conduct a pen test."

via Weaponizing Apple's iPod Touch - DarkReading.