Shall we install iSpit: tiny web browser on iPhone?

After getting open-source toolchain for iPhone development and release of beta version of iPhone SDK , there are many application available for iphone. Everyday lot of people are porting existing applications or writing new ones. Application count is increasing day by day.
Whenever there is race for being first to provide new functionality, security gets unknowingly neglected.
In this blog, i am going to publish a security flaw in iPhone software design which can lead to complete compromise of your iPhone.
iSpit: fast and tiny http server for the iPhone developed by ROBOTA Softwarehouse allows you browse and download files from your iPhone using your favorite Internet browser.
Once you install this application from AppTapp, you can start the web server and point your broswer address bar to http://<yourIPAddress&gt;.

As there is way to authenticate user before downloading any file, anybody can download /etc/master.passwd and get hold of root password or get stored voice mails, Phone book etc
iSpit should get user logged in before s/he traversing critical directories like /etc.
I sent three mails to inform ROBOTA Softwarehouse regarding this directory traversal vulnerability but they didn’t respond.
Even if this the software is intended to allow user to download file from iPhone, authentication is must.

So, the bottom line is – do not install iSpit V1.5 till it gets patched.

I am going to post a small video on how iPhone can be compromised if iSpit V1.5 is installed on it.

Let me know your comments.


About this entry