[iPhone] Authentication bug still present in iOS 4 (at least on my 3G)

Maybe you all have read about the authentication bug found by Bernd Marienfeldt in May 2010. I tested this against my 3G after doing the upgrade to IOS4. It worked directly using libimobiledevice under my Backtrack installation (I don’t have plain Ubuntu here). Now I thought that the device is still vulnerable because I only did an upgrade and not a full recovery. So I did the full recovery and tested my iPwn against this vuln. Guess what, it’s still vulnerable!

I get asked by my customers every now and then why I do not recommend the iPhone in an enterprise environment. My default answer is:”Because it is vulnerable as hell and iPhone is the source of all evil!” They usually ask for demo or exploit and all I can tell them is that all exploits will be kept privately because they might have the potential to be used for an unlock or jailbreak. Now this is something worth for a short demo at the customer site… harhar

iPhone 3G and iOS4 annoyances…

Short intro just to tell you WHY I got an iPhone: Well, about 2 month ago I’ve got an iPwn for security testings and such stuff. I held a presentation about iPwn (+droid) sec on our companies event “Integralis Security World 2010″ (slides are available for download, but they are in German).

I played around withit and believe me when I say I’m not an iPhone or iDevice (or Apple) Fanboy. The last 6 years I used WinMo devices mainly, but that’s another sad story…

That being said, I must admit that the iPhone is a nice device to play with. I never thougth I would use one because of this stupid apple policy of not beeing able to “legally” run whatever you want on it and because of not beeing able to “legally” use it the way I would. As I in fact don’t care about Apples stupidity, I’m happy to be able to jailbreak and unlock the phone (thx to the dev-team and George for their hard work!). Well done as said. I recently upgraded to IOS4 on my 3G, removed the jail and unleashed the baseband touse it with another provider (next time I will definately by an unlocked one). I then installed all my favority tools like Wifi Analyzer, Metasploit, nmap, etc…

After the IOS4 upgrade my 3G just started to become slow and sluggish. I had lags, low memory conditions missing config options (for APN settings, VPN option button, etc) and the worst: the battery drained about 2 times a day to zero. I googled a lot andfound that most of the users who upgraded experience the same results. I installed battery monitor software, process watchers, observed cpu usage with top but t no avail.

To make it short: the solution to all annoyances was to to a fresh recovery install of IOS4 and to not install my previous 3.1.3 backup. It was a long way to reconfigure all my options and to reinstall all of my tools but it was worth every second of it. The battery now lasts as long as before the upgrade and the device is fast and respnosive again. I have enough free mem and all of my config options like APN settings, tethering and VPN toggle are usable again. So to all folks out there having problems with their device after upgradeing to IOS4: Do a fresh full recovery and don’t install your old backups!