Has anyone come across this in the field or know of any methods? Essentially I would be interested in knowing if someone can take their iPhone/iPod and plug it in via USB to various machines to transfer malicious software or run a script that will extract sensative information?
With a hacked iPhone, you can run ssh, scp, afp, etc quite easily. This would make the transfer of files to from an iPhone as trivial as using finder (explorer in Windows). basically like an external storage device.
With a hacked iPhone, you can run ssh, scp, afp, etc quite easily. This would make the transfer of files to from an iPhone as trivial as using finder (explorer in Windows). basically like an external storage device.
There is also a suite of software that I have seen on the App Store and tried out myself. You don't need to hack the phone as such as you can use FileAid / DiskAid that provides access to the storage of the iPhone similar to disk mode on the iPod. The only issue is you need to install something (DiskAid) on the PC to get this to work and it also needs iTunes to be installed. There are a bunch of ssh packages on the App Store as well but I believe DiskAid /File Aid is the most friendly one so that would likely be the one most used. Most of the ssh stuff I have seen for un-jailbroken use doesn't give you access to the iPhone data store in any event. One app I haven't tried myself is WebSave. It apparently acts similar to a download manager for the the iPhone's Safari browser so you can store downlaoded files from the web to your phone and also have the ability to transfer them to a PC/Mac via Wifi. I don't think any of these apps can just dump a file on the PC side without some intervention on that side of the link, either through a webdav connection or FTP. Almost all these tools need a wifi connection to work.
Metasploit is available on a jailbroken iphone/ipod touch as well. I have not run into this yet in any investigations.
This is some great information. I appreciate it. I know for a fact that wifi was not used, and I know the custodian did not have iTunes installed so I can rule those two out and narrow my search. I did find evidence in the registry that the device was plugged into the machine. We will soon find out if it was for malicious purposes.
