iPhone Rootkit? There's an App for That!

The most recent iPhone jailbreak developed by comex for Jailbreakme.com has once again put iPhone mobile security in the spotlight. Comex's impressive work implements a beautifully simple online process to take control of your iOS devices by exploiting a vulnerability found in PDF font rendering libraries. What they did, they did "for good" in order to free everyone from Apple's control on their customers. But, what if the techniques they use could be turned around for malicious purposes by those with less altruistic purposes in mind? In this presentation we will explain how we reverse engineered the jailbreak exploit to develop our own exploits and a wormable process for installing malicious rootkits on every iOS device that Apple makes. We will demonstrate a proof of concept attack in which we rootkit one or more iOS devices stealthily without letting the user know. We will release custom-developed tools for iPhone and jailbreak reverse engineering and explain the process by which we developed them.