Metasploit targets Apple iOS
The well-known platform for creating and testing Metasploit exploits from HD Moore has been updated to version 3.7.0 . The new release is notable for the fact that for the first time it included a post-exploit to get information from Apple iOS ( Apple iOS Backup File Extraction module collects call history, SMS, pictures, GPS coordinates, etc.).
Post-exploit is a tool for action after entering the system. For example, in our case with iOS, it is enough to penetrate the client system, which has access to iTunes, using one of the other modules, and then launch this tool. That is, directly Apple iOS is not hacked.
Although iOS remains "clean" and there is no special vulnerability here, it is still a very symbolic event. Judging by everything, the popularity of iOS devices has finally grown to the level when the creation of malware has become commercially viable. And the post-exploit from HD Moore is proof that there is such an interest. You may ask why only now? After all, iPhones have long become very popular. But the fact is that the exploit market in general, with some delay, reacts to the emergence of new trends, and the demand for viruses for smartphones has appeared relatively recently. Previously, the processors were weak, and there were too many platforms, so creating exploits was too expensive (compared to Windows-based systems), but now the situation has changed. Spreading a homogeneous iOS platform on millions of devices with powerful processors significantly increases the profitability of the attackers' business in this area.
In the latest hacker competition, Apple iOS is already included in the mandatory program for hacking. At this year's pwn2own competition, Charlie Miller broke through iOS 4.2.1 through Mobile Safari, telling Apple about the vulnerability in advance , and Apple soon closed the hole. However, the myth of the "unbreakableness" of Apple products is, of course, far from the truth. It's all about economic feasibility.
')
The new version of Metasploit added 35 exploits, 17 post-exploits and 15 additional modules, the total base has grown to 685, 39 and 355, respectively. Version 3.7 also improved the handling of sessions on the backend, which should improve the overall performance of the framework, and also made several other improvements.
Metasploit is a so-called dual-purpose tool. It can be used both by system administrators and security specialists for testing and hacking your own systems in order to detect vulnerabilities, or by hackers-crackers. The program has both free open source and commercial versions of Metasploit Pro and Metasploit Express (for each of them a seven-day trial period is provided). The author of the program since 2003 is the legendary HD Moore, in October 2009 he sold the project to Rapid7, which specializes in information security. Now a whole team of hackers is working on Metasploit, and HD Moore is the chief architect. Over the past year, the program has been downloaded more than 1 million times.
Post-exploit is a tool for action after entering the system. For example, in our case with iOS, it is enough to penetrate the client system, which has access to iTunes, using one of the other modules, and then launch this tool. That is, directly Apple iOS is not hacked.
Although iOS remains "clean" and there is no special vulnerability here, it is still a very symbolic event. Judging by everything, the popularity of iOS devices has finally grown to the level when the creation of malware has become commercially viable. And the post-exploit from HD Moore is proof that there is such an interest. You may ask why only now? After all, iPhones have long become very popular. But the fact is that the exploit market in general, with some delay, reacts to the emergence of new trends, and the demand for viruses for smartphones has appeared relatively recently. Previously, the processors were weak, and there were too many platforms, so creating exploits was too expensive (compared to Windows-based systems), but now the situation has changed. Spreading a homogeneous iOS platform on millions of devices with powerful processors significantly increases the profitability of the attackers' business in this area.
In the latest hacker competition, Apple iOS is already included in the mandatory program for hacking. At this year's pwn2own competition, Charlie Miller broke through iOS 4.2.1 through Mobile Safari, telling Apple about the vulnerability in advance , and Apple soon closed the hole. However, the myth of the "unbreakableness" of Apple products is, of course, far from the truth. It's all about economic feasibility.
')
The new version of Metasploit added 35 exploits, 17 post-exploits and 15 additional modules, the total base has grown to 685, 39 and 355, respectively. Version 3.7 also improved the handling of sessions on the backend, which should improve the overall performance of the framework, and also made several other improvements.
Metasploit is a so-called dual-purpose tool. It can be used both by system administrators and security specialists for testing and hacking your own systems in order to detect vulnerabilities, or by hackers-crackers. The program has both free open source and commercial versions of Metasploit Pro and Metasploit Express (for each of them a seven-day trial period is provided). The author of the program since 2003 is the legendary HD Moore, in October 2009 he sold the project to Rapid7, which specializes in information security. Now a whole team of hackers is working on Metasploit, and HD Moore is the chief architect. Over the past year, the program has been downloaded more than 1 million times.
Source: https://habr.com/ru/post/119250/
All Articles