Site icon Liquidmatrix Security Digest

Military goes vulne^W versatile with the iPod Touch

crazytanks

As someone who once purchased a used Newton MessagePad 130 loaded with military command software (I’m not kidding), I couldn’t help but find this story simultaneously interesting and amusing.

Newsweek is reporting that the U.S. military is considering (and, if the article is correct in its suggestion, issuing) iPod Touches to soldiers, to provide such facilities as language translation and intelligence sharing. And it makes sense, really:

The future of “networked warfare” requires each soldier to be linked electronically to other troops as well as to weapons systems and intelligence sources. Making sense of the reams of data from satellites, drones and ground sensors cries out for a handheld device that is both versatile and easy to use.

(Gizmodo reported a similar story back in December 2008, discussing translation software.)

Yes, the iPhone and iPod Touch both bear a fantastic, intuitive interface, and can be made to do so much thanks to the App Store (not to mention jailbreaking, which opens up a world of near endless possibilities for the devices). Heck, the devices have even shown that they can pass muster with military’s tough requirements:

Typically sheathed in protective casing, iPods have proved rugged enough for military life. And according to an Army official in Baghdad, the devices have yet to be successfully hacked.

Come again. “Yet to be successfully hacked”? Maybe they missed 2007’s Mobile Safari TIFF exploit, or more recently, the (possible) iPhone shellcode execution vuln discovered by Charlie Miller. Additionally, the same jailbreaking that provides access to additional software and functionality often comes with the ability to install services, such as OpenSSH. Combining that with the well known password for the “mobile” and “root” users on the iPhone/iPod Touch (it’s “alpine”, btw), and soldiers’ intelligence-sharing, word-translating, Tap-Tap-Revolution-playing, network-accessible, probably-associated-to-an-attacker-controlled-WiFi-network are ripe targets.

(Update: 2009041000) Craig Ingram (@cji) notes something that I, in all of my wizdumb, didn’t discuss — there’s no mention of remote wipe being configured for these devices. Save for using Microsoft Exchange with the iPhone/iPod Touch, I don’t know of a built-in facility for remote wipe.

Read the Newsweek article for more of their story — you know, beyond the “yet to be hacked” stuff.

Exit mobile version