Tej Kohli

Latest updates and News of GADGETS By Tej Kohli

“MY PERSONAL BLOG ” : Tej Kohli

Tuesday, July 6, 2010 | 10:34 am

In amongst his many and varied business and philanthropic missions, Tej Kohli is keenly aware of the importance of all new developments in the IT world in general, and blogging in particular, areas which he believes hold the key to our future growth and aspirations.

His interest in blogging (where he particularly enjoys user-generated sites such as Associated Content), which started as a hobby to share his thoughts and views concerning a wide range of subjects, has seen him build and create over 30 content-rich websites to date, and generates many interesting and thought-provoking views from readers and business leaders alike.

Having researched the online marketing world, the rise and rise of social media such as Facebook and Twitter, the growing area of online content aggregation, and especially content management sites such as ClaimID, Kohli is convinced such media and applications are here to stay, and ones which represent a fundamental shift in the way they’ll shape how communities and businesses interact over the long-term

For more information on Tej Kohli’s blogs, please visit: Tej Kohli Blog

—admin | no comments
(posted in GADGETS)

ALERT: An iPHONE Hacked in 20 seconds

Tuesday, July 6, 2010 | 10:06 am

VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted.

Using an exploit against a previously unknown vulnerability, the duo — Vincenzo Iozzo and Ralf Philipp Weinmann — lured the target iPhone to a rigged Web site and exfiltrated the SMS database in about 20 seconds

The exploit crashed the iPhone’s browser session but Weinmann said that, with some additional effort, he could have a successful attack with the browser running.

“Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control,” Weinmann explained. Iozzo, who had flight problems, was not on hand to enjoy the glory of being the first to hijack an iPhone at the Pwn2Own challenge.

Weinmann, a 32-year-old from the University of Luxembourg, collaborated with Iozzo (a 22-year-old Italian researcher from Zynamics) on the entire process — from finding the vulnerability to writing the exploit. The entire process took about two weeks, Weinmann said.

Halvar Flake, a renowned security researcher who assisted with the winning exploit, said the biggest hiccup was bypassing the code-signing mitigation implemented by Apple on its flagship mobile device.

“This exploit doesn’t get out of the iPhone sandbox,” Flake explained, noting that an attacker can do enough damage without escaping from the sandbox.

“Apple has pretty good counter-measures but they are clearly not enough. The way they implement code-signing is too lenient,” Flake added.

On the Zynamics blog, Flake celebrated:

The payload used chained return-into-libc (“return oriented programming”) on ARM to execute in spite of code signing. As far as we know, this is the first public demonstration of chainged return-into-libc on thre ARM platform.

In addition to hijacking the SMS database, Weinmann said the winning Pwn2Own exploit could have exfiltrated the phone contact list, the email database, photographs and iTunes music files.

In the iPhone sandbox, Weinmann said there’s a non-root user called ‘mobile’ with certain user privileges. “With this exploit, I can do anything that ‘mobile’ can do.”

—admin | no comments
(posted in FUTURE TECH, GADGETS)

Tej Kohli | Tej Kohli Foundation | Grafix Softech | Ozone Real Estate | Tej Kohli Blog | Contact Tej