Android and iOS attack with Bush Bunny?

[Quique]

Hi great community! First let me apologize if I am asking for something too obvious, but it's been difficult to find some topic about this tread once that I'm just begining to study hacking and with the bush bunny. I have read some topics and watched some hak5 videos, but still needing to find some tutorial to hack Android and iOS with Bush Bunny. Do you have any idea or recommendation?

Thank you very much.

[RazerBlade]

Forget it with IOS, you can't hack it.

With android you can do somethings like metasploit and bruteforcing the passcode.

[Quique]

Thanks for your reply RazerBlade!
So sad to know that is impossible to hack iOS, hope someday it will happen.

About hacking an android, could you please recommend me some tread to study it?

Regards!

[b0N3z]

Nothing is Impossible.

[RazerBlade]

12 hours ago, b0N3z said:

Nothing is Impossible.

Ok. But for a newbei in hacking, trying to hack IOS will be impossible.

[b0N3z]

1 hour ago, RazerBlade said:

Ok. But for a newbei in hacking, trying to hack IOS will be impossible.

correct

[Quique]

Maybe I am newbie, however I have a lot of determination and really want to know how to hack iOS too xD

I will search about metasploit and bruteforcing like you recommend me. If you have another clue I will appreciate it.

Thanks for your replies.

Regardssss.

[RazerBlade]

2 hours ago, Quique said:

Maybe I am newbie, however I have a lot of determination and really want to know how to hack iOS too xD

I will search about metasploit and bruteforcing like you recommend me. If you have another clue I will appreciate it.

Thanks for your replies.

Regardssss.

The problem is that no one knows how to hack IOS, even the pros

[Foxtrot]

Just now, RazerBlade said:

The problem is that no one knows how to hack IOS, even the pros

There is an interesting and currently growing community interested in iOS security research; Jailbreaks exist as do other exploits.

There is always a way in ;)

[RazerBlade]

2 minutes ago, Foxtrot said:

There is an interesting and currently growing community interested in iOS security research; Jailbreaks exist as do other exploits.

There is always a way in ;)

Yes, but I can almost guarantee that a remote exploit does not exist for the latest firmware. Sure jailsbreaks, but if the device is locked, then your screwd.  

[Foxtrot]

9 minutes ago, RazerBlade said:

Yes, but I can almost guarantee that a remote exploit does not exist for the latest firmware. Sure jailsbreaks, but if the device is locked, then your screwd.  

I think it's naive to say there is no remote vulnerability at all. There are multiple attack vectors.  

[zoro25]

 It's been shown that the same Israeli company (Cellebrite I think their name is) that helped the FBI to bypass the IOS security on the San Bernadino shooters phone can also bypass later firmware as well. 

Also, their CEO claims they can also bypass the current firmware (however have stated that they won't give any details or show that hack working as it's only for their 3 letter agency type customers).

My guess is that there are a large number of zero days for IOS which are floating around but only released to top paying bidders.

Edited December 26, 2017 by zoro25

[Darren Kitchen]

I don't have an iOS device to test with, but does it not support ECM_ETHERNET? I know with the older 30 pin iPad devices we were able to pull off HID attacks using the camera adapter. 

[Quique]

Great, guys! You are completely right, sure there is a way to make it happen. Is really good to know too that like Foxtrot said, there is an interesting and currently growing community interested in iOS security research, hope some day I'll be able to contribute with this goal in some way.

Thanks for the great idea Darren! I'll make some research on it. By the way, your work is awesome, all my respect!

A great new year for you all!! 

[zoro25]

If you really are interested then I would recommend this book http://zygosec.com/Products by Billy Ellis. 

He also has a decent youtube channel where he walks through the latest exploits with tips and tricks for reverse engineering Arm based software. https://www.youtube.com/user/pr0Hacks2014/videos

[PoSHMagiC0de]

So, IOS can be cracked but it is not public knowledge.  My guess is any remote exploit of IOS would rake in serious cash because of its penetration in the market.  Android is in the same boat.  With that said, Android likes to cater some to the techie so of course you have ADB for Android devices which is a situational exploit.  Situational being Android needs to be in dev mode and running ADB which by default doesn't run in dev mode or have ADB installed (not installed unless you are a TV maybe?).

Only hacks that seem to be widespread for those are supplychain attacks.  Hack the makers of popular apps dev machines to implant malware.  Maybe someone can reply to say if Apple and Google have decided not to only check new software additions to their stores but updates as well.  We already know of bad actors putting clean software on the store and then later updating it with malicious code because the software will not get checked again on updates.

[zoro25]

As a person who worked on one of the most popular IOS and Android apps (tens of millions of users on both platforms)

I can confirm that both Google and Apple check updates especially if any update requires extra user permissions If no extra permissions are requested then once approved (and it will certainly be checked before being allowed in their app stores) they will just do random checks on the app.  Any IOS/Android exploits are too valuable to be out in the wild, the going rate for an IOS current version hack is $1,000,000 and there was one shown just a few weeks ago (it won't be released) see https://keen-lab.com/jailbreak/11.1/ for current IOS firmware hack that will be sold to highest bidder. 

Team Keen has said that they will release the hack but my guess is that it's already been sold and will be released publically at the same time as a new IOS upgrade release. This happens a lot and either exploit vendors/ antivirus companies and software company consortiums who get together and purchase a lot of the zero days in an effort to help better protect their users and the original researcher will release the zero-day on the day of the patch release (the same thing happened with the Krack exploit)

[Foxtrot]

3 hours ago, PoSHMagiC0de said:

So, IOS can be cracked but it is not public knowledge.

There are public (and public working) exploits for iOS.

[RazerBlade]

7 hours ago, Foxtrot said:

There are public (and public working) exploits for iOS.

Link?

[zoro25]

8 hours ago, RazerBlade said:

Link?

http://newosxbook.com/liberios/ - and Link to Morpheus who did the hack https://twitter.com/Morpheus______

This was released 2 days ago and works with all IOS 11 devices, However Cydia hasn't been updated to work with IOS 11 so any tweaks or sideloading of apps may not work just yet, but with this you can easily get SSH access into the device and play with binaries and command utilities you may want. 

I suggest using a spare device for any type of ARM/IOS hacking. 

Also expect this to be patched very soon.

Edited December 28, 2017 by zoro25

[MB60893]

There are iOS Lightning to Ethernet adapters that do exist, and there is an Ethernet setting on iOS... Hmm. This could be very interesting indeed.

Additionally, I know that some adapters don't need to go through the "Trust connected device" popup on iOS devices. This could potentially be a way of exploiting the platform.