Jump to content

Android and iOS attack with Bush Bunny?


Quique

Recommended Posts

Hi great community! First let me apologize if I am asking for something too obvious, but it's been difficult to find some topic about this tread once that I'm just begining to study hacking and with the bush bunny. I have read some topics and watched some hak5 videos, but still needing to find some tutorial to hack Android and iOS with Bush Bunny. Do you have any idea or recommendation?

Thank you very much.

Link to comment
Share on other sites

1 hour ago, RazerBlade said:

Ok. But for a newbei in hacking, trying to hack IOS will be impossible.

correct

Link to comment
Share on other sites

Maybe I am newbie, however I have a lot of determination and really want to know how to hack iOS too xD

I will search about metasploit and bruteforcing like you recommend me. If you have another clue I will appreciate it.

Thanks for your replies.

Regardssss.

Link to comment
Share on other sites

2 hours ago, Quique said:

Maybe I am newbie, however I have a lot of determination and really want to know how to hack iOS too xD

I will search about metasploit and bruteforcing like you recommend me. If you have another clue I will appreciate it.

Thanks for your replies.

Regardssss.

The problem is that no one knows how to hack IOS, even the pros

Link to comment
Share on other sites

2 minutes ago, Foxtrot said:

There is an interesting and currently growing community interested in iOS security research; Jailbreaks exist as do other exploits.

There is always a way in ;)

Yes, but I can almost guarantee that a remote exploit does not exist for the latest firmware. Sure jailsbreaks, but if the device is locked, then your screwd.  

Link to comment
Share on other sites

9 minutes ago, RazerBlade said:

Yes, but I can almost guarantee that a remote exploit does not exist for the latest firmware. Sure jailsbreaks, but if the device is locked, then your screwd.  

I think it's naive to say there is no remote vulnerability at all. There are multiple attack vectors.  

Link to comment
Share on other sites

 It's been shown that the same Israeli company (Cellebrite I think their name is) that helped the FBI to bypass the IOS security on the San Bernadino shooters phone can also bypass later firmware as well. 

Also, their CEO claims they can also bypass the current firmware (however have stated that they won't give any details or show that hack working as it's only for their 3 letter agency type customers).

My guess is that there are a large number of zero days for IOS which are floating around but only released to top paying bidders.

Link to comment
Share on other sites

Great, guys! You are completely right, sure there is a way to make it happen. Is really good to know too that like Foxtrot said, there is an interesting and currently growing community interested in iOS security research, hope some day I'll be able to contribute with this goal in some way.

Thanks for the great idea Darren! I'll make some research on it. By the way, your work is awesome, all my respect!

A great new year for you all!! 

Link to comment
Share on other sites

So, IOS can be cracked but it is not public knowledge.  My guess is any remote exploit of IOS would rake in serious cash because of its penetration in the market.  Android is in the same boat.  With that said, Android likes to cater some to the techie so of course you have ADB for Android devices which is a situational exploit.  Situational being Android needs to be in dev mode and running ADB which by default doesn't run in dev mode or have ADB installed (not installed unless you are a TV maybe?).

Only hacks that seem to be widespread for those are supplychain attacks.  Hack the makers of popular apps dev machines to implant malware.  Maybe someone can reply to say if Apple and Google have decided not to only check new software additions to their stores but updates as well.  We already know of bad actors putting clean software on the store and then later updating it with malicious code because the software will not get checked again on updates.

Link to comment
Share on other sites

As a person who worked on one of the most popular IOS and Android apps (tens of millions of users on both platforms)

I can confirm that both Google and Apple check updates especially if any update requires extra user permissions If no extra permissions are requested then once approved (and it will certainly be checked before being allowed in their app stores) they will just do random checks on the app.  Any IOS/Android exploits are too valuable to be out in the wild, the going rate for an IOS current version hack is $1,000,000 and there was one shown just a few weeks ago (it won't be released) see https://keen-lab.com/jailbreak/11.1/ for current IOS firmware hack that will be sold to highest bidder. 

Team Keen has said that they will release the hack but my guess is that it's already been sold and will be released publically at the same time as a new IOS upgrade release. This happens a lot and either exploit vendors/ antivirus companies and software company consortiums who get together and purchase a lot of the zero days in an effort to help better protect their users and the original researcher will release the zero-day on the day of the patch release (the same thing happened with the Krack exploit)

Link to comment
Share on other sites

8 hours ago, RazerBlade said:

Link?

http://newosxbook.com/liberios/ - and Link to Morpheus who did the hack https://twitter.com/Morpheus______

This was released 2 days ago and works with all IOS 11 devices, However Cydia hasn't been updated to work with IOS 11 so any tweaks or sideloading of apps may not work just yet, but with this you can easily get SSH access into the device and play with binaries and command utilities you may want. 

I suggest using a spare device for any type of ARM/IOS hacking. 

Also expect this to be patched very soon.

Link to comment
Share on other sites

  • 5 months later...

There are iOS Lightning to Ethernet adapters that do exist, and there is an Ethernet setting on iOS... Hmm. This could be very interesting indeed.

Additionally, I know that some adapters don't need to go through the "Trust connected device" popup on iOS devices. This could potentially be a way of exploiting the platform. 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...