08-05-2010, 11:35 AM | #16 | |
Wizard
Posts: 1,449
Karma: 58383
Join Date: Jul 2009
Device: Kindle, iPad
|
Quote:
Separate questions: If you do open a PDF, how long is the "window" for someone to be able to hack you? How would hackers know when you open a PDF, so that they can time their hacking? I'm not sure I've ever opened PDFs on my iPad, but I'd like to know this stuff, to judge how much risk there actually is. Some of the news reports said that the weaknesses hadn't been exploited so far, but hacking was expected. How can they tell whether any hacking has happened? Is such a statement credible, or more likely PR spin? |
|
08-05-2010, 01:54 PM | #17 |
Ebook Reader
Posts: 605
Karma: 3205128
Join Date: Nov 2009
Location: Texas
Device: Kindle 3, HTC Evo, HTC View
|
You will only be at risk from "risky" pdf's, so be careful what you open. And yes, if you open a "bad" pdf, you're done.
A good example might be downloading pdf ebooks from the darknet, I definitely wouldn't try that. |
Advert | |
|
08-05-2010, 02:04 PM | #18 | ||
Info Geek
Posts: 44
Karma: 622
Join Date: Jul 2010
Device: iPad, iPhone 3GS, Kindle 2
|
Quote:
Quote:
Last edited by dwharrison; 08-05-2010 at 02:06 PM. |
||
08-05-2010, 02:25 PM | #19 |
Wizard
Posts: 1,449
Karma: 58383
Join Date: Jul 2009
Device: Kindle, iPad
|
Thanks, guys. So reviewing to make sure I understand:
As long as you open PDFs from a trusted source, as opposed to one rigged by a hacker, you should be fine, right? (I realize there are no absolute guarantees.) Hackers basically hafta lure you into opening their rigged PDFs, right? Or is it likely that they also will infiltrate some legit site and mess with existing PDFs? I ask because I don't visit the darknet (checked it out and haven't returned), so no risk there. But should I be worried if I need to open a PDF from my bank or such? If there's reasonable risk in such uses, I guess I'd just not open PDFs on iPad till some kinda patch is offered. |
08-05-2010, 04:52 PM | #20 |
Guru
Posts: 695
Karma: 822675
Join Date: May 2010
Device: Kobo Aura, Nokia Lumia 920 (Freda)
|
Almost, but not quite. That's true if you're physically opening PDFs, but the hack is that PDFs can be loaded automatically. You navigate to shady site X, and that site automatically loads a hacked PDF with malicious payload. If done correctly, you'll never even know that the site just hacked you.
That's why you need to install the PDF Loading Warner (which can only be done after jailbreaking), to stop Safari from automatically and silently opening PDFs. You can still be hacked even after that, since the warner doesn't fix the whole. It just lets you know that, "Hey, this site here just tried to open a PDF. That could be dangerous. You sure you want to do that?" and allows you to stop the load before it's dangerous. If you allow it through anyway, you can still be hacked. |
Advert | |
|
08-05-2010, 05:38 PM | #21 | |
Wizard
Posts: 1,449
Karma: 58383
Join Date: Jul 2009
Device: Kindle, iPad
|
Quote:
How long do you think it will take for Apple to patch this? Let's say take your iPad back to factory settings, and reload all your stuff from iTunes. Would that work to stop whatever unseen hacking might be already at work on your iPad? I ask because someone posted earlier that it's hard to tell whether you've been hacked. Even if you jailbreak now and load the PDF warner, the hackers could already have access, it sounds like. And it doesn't sound as if the jailbreaking and PDF warner could help if that were the case. |
|
08-05-2010, 05:52 PM | #22 |
Guru
Posts: 695
Karma: 822675
Join Date: May 2010
Device: Kobo Aura, Nokia Lumia 920 (Freda)
|
If you want to be sure you're not hacked, resetting to factory and not applying a backup will ensure you're in a good state. Until you browse the web again, because at that point you've introduced the unknown (did you accidentally go to a site that hacked you?). If you want to be completely paranoid, completely wipe and reset your device, immediately go to jailbreakme.com very first thing after the reset, then install PDF Loading Warner before doing any other web browsing.
|
08-05-2010, 05:56 PM | #23 | |
Wizard
Posts: 1,449
Karma: 58383
Join Date: Jul 2009
Device: Kindle, iPad
|
Quote:
|
|
08-05-2010, 10:38 PM | #24 |
Grand Sorcerer
Posts: 11,230
Karma: 4651787
Join Date: Mar 2009
Device: Kindle, Kindle Fire, iPad, iPod Touch, Sony PRS-350
|
It's ironic isn't it - the way to protect yourself right now is to jailbreak your device and then apply the warning hack. Apple says it already has a patch, but they haven't released an update yet.
And if they do patch it, doubt that the already jailbroken phones will go for the update. Cause then, how do you jailbreak it again? (I was just looking at the 5 Killer Apps for Jailbroken iPhones - really cool especially the ability to sync via WiFi!) |
08-05-2010, 10:44 PM | #25 | |
Wizard
Posts: 1,449
Karma: 58383
Join Date: Jul 2009
Device: Kindle, iPad
|
Quote:
|
|
08-06-2010, 12:44 AM | #26 |
Grand Sorcerer
Posts: 11,230
Karma: 4651787
Join Date: Mar 2009
Device: Kindle, Kindle Fire, iPad, iPod Touch, Sony PRS-350
|
The PDF Loading Warner has a bug though, after you install it, every time you check your Clock app, the Warner pops up to warn you that you're opening a PDF file.
|
08-06-2010, 01:38 AM | #27 |
Wizard
Posts: 1,449
Karma: 58383
Join Date: Jul 2009
Device: Kindle, iPad
|
|
08-06-2010, 05:08 AM | #28 |
Wizard
Posts: 2,743
Karma: 32912427
Join Date: Feb 2008
Location: North Yorkshire, UK
Device: Kobo H20, Pixel 2, Samsung Chromebook Plus
|
What's the reason why an app or plug-in that warns if you're about to open a PDF in Safari can't be written to run on an iPad that hasn't been jailbroken?
Graham |
08-06-2010, 08:37 AM | #29 | |
Info Geek
Posts: 44
Karma: 622
Join Date: Jul 2010
Device: iPad, iPhone 3GS, Kindle 2
|
Quote:
To get around this restriction involves either (not sure which) unsupported APIs (which means Apple wouldn't approve it for the app store) or just plain hacking the files (which requires security escalation). Either requires jailbreaking. |
|
08-08-2010, 12:56 PM | #30 |
.
Posts: 3,408
Karma: 5647231
Join Date: Oct 2008
Device: never enough
|
F-secure has a FAQ about the 2 vulnerabilities:
http://www.f-secure.com/weblog/archives/00002004.html 1) It sounds very serious, and affects all iOS devices, including the Touch. 2) There are zero reports of malicious attacks so far. 3) Don't open PDFs, period-not from email, web, or instant messenger until Apple releases a patch. (I've heard possibly this Monday or Tuesday, actually) |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
PDF's in kindle app on ipad???? | mack 120 | Amazon Kindle | 5 | 08-13-2010 07:27 PM |
iOS 4.0.2 (iPhone) 3.22(iPad) updates now available | kjk | Apple Devices | 5 | 08-12-2010 10:21 PM |
FBI investigating iPad 3G security breach / FCC also concerned | =X= | News | 35 | 06-19-2010 01:47 PM |
iPad BoingBoing: Report: AT&T security breach exposed 114k iPad users | kjk | Apple Devices | 9 | 06-14-2010 12:09 AM |
Monthly Magazine PDF's - Is The iPad My Only Option?? | Rex32 | Which one should I buy? | 2 | 05-30-2010 07:01 AM |