Recent comments
« We're sheep! Beehhh! | Main | Flash on Fedora 11 not working? »

A ping of death for the iPhone

The release of the 3rd generation of the iPhone was the reason for me to rush to the TMobile store to get the 32G version. I had to wait for about one week first, but finaly got one, and I love it! But there is one thing that worries me a bit. I was able to remotely drain the battery in 30-45 minutes, just by pinging the public IP address, assigned by TMobile, to the GPRS/3G interface of the phone. Is your battery draining for no reason? Is your iPhone running hot when in standby modus? Then read on...

I was curious to see what IP address I was using during 3G networking. It turns out that on the Dutch TMobile network you are assigned a random IP within a block of TMobile mobile internet users. You can check this out by going to a site like, or installing the iStat app, which also shows you the 'cell IP' of the iPhone. To see if my iPhone was pingable, I issued the ping command on the OSX terminal on my MacBook, to which it responded. I was also be able use an app like Datacase, to share documents over the internet via FTP and HTTP from my iPhone. An Nmap to the device even reported that port 21 was open. Wtf? In other words, there is nothing between your device and the evil outside world when you switch on your iPhone, at least on the TMobile network in the Netherlands. Scary stuff.

When I was done experimenting, I noticed after 30 minutes that my fully charged iPhone ran a little hot and the battery suddenly was as good as empty, even though I had put it to rest by pressing the top button. It turned out that the ping I did half an hour before on my MacBook was still running and had kept the 3G module alive, sucking the energy from my phone. Crap!

I tried the same thing with a Nokia E71 on the same network, but this trick did not work. The E71 switches the 3G networking on when needed, for instance when the browser starts. Close the browser, and the device goes offline. I haven't tried other phones yet, but I'm curious to see how an Android reacts...

So, how could an attacker do harm to you and me remotely? Well, I used a nice tool called xprobe to do a remote ICMP fingerprint of the OS. One run of the tool against my public iPhone IP showed that the device was probably "Apple Mac OS X 10.3.x". Apparently, the iPhone responded with OSX characteristics. Easy catch! Someone can just scan the IP block with xprobe, and ping all iPhones he finds to death. Another, more targeted approach would be to lure you to his webserver, tailing and grepping his logs to see if any iPhones come along and then ping the device to death. He could also send you an email, containing a remote image to do this. Remote image loading is switched ON by default on the iPhone Mail app, so this method would be easier. Why would someone do this? For fun? An iPhone hater? Or just because?

Other networks in the Netherlands that offer GPRS/3G do not seem to be vulnerable to this problem because of the use of NAT or blocking inbound traffic. I hope that TMobile will do the same soon. Please share your experiences on other networks here.

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (7)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    HP finally came out with the official information on the heavy duty blade for use in VMware environments. This blade for the c- Chassis is the BL495c which has 16 slots for Memory DIMMs and two AMD Opteron processors. Its the official Virtualization Blade.
  • Response
    ... השוואת מחירים ביטוח רכב - בשנים האחרונות למרות שחלפו למעלה מ -25 שנה מאז חקיקתו של חוק ביטוח רכב מקיף השוואת מחירים, לנפגעי ביטוח רכב מקיף השוואת מחירים. ההשתתפות העצמית הינה לגרום לבעל הפוליסה שימוש עסק... A ping of death for the iPhone - Dutchtechies blog - dutchtechies ...
  • Response interestin post over at . . .
  • Response
    Soprano top quality, extra-durable products are used po Parajumpers Simona pular production, with styles incorporating awfully technological elements f Parajumpers Angie ashioned with a Parajumpers needs popular mind; discrete pockets,Parajumpers Simona, parachute the collar and throat f parajumpers jakke a
  • Response
    Response: cheap air max
    A ping of death for the
  • Response
    Response: heap nike shoes
    A ping of death for the
  • Response
    Response: heap nike shoes
    A ping of death for the

Reader Comments (72)

Authentic Joe Flacco Jersey, Authentic Jason Witten Jersey, Authentic Jeremy Maclin Jersey, Authentic Johnny Knox Jersey, Authentic Hines Ward Jersey, Authentic Frank Gore Jersey, Authentic LaDainian Tomlinson Jersey, Authentic Heath Miller Jersey, Authentic Mike Wallace Jersey, Authentic Fred Jackson Jersey, Authentic Frank Gore Jersey, Authentic Eli Manning Jersey, Authentic Mark Sanchez Jersey, Authentic LaMarr Woodley Jersey, Authentic Michael Vick Jersey,, Authentic Justin Smith Jersey, Authentic Hakeem Nicks Jersey, Wholesale Jerseys USA, Authentic Greg Jennings Jersey, Authentic Matt Schaub Jersey, Jerseys USA, Authentic Mark Ingram Jersey, Authentic Jacoby Ford Jersey, Authentic Jimmy Graham Jersey, Authentic LeSean McCoy Jersey, Authentic Maurkice Pouncey Jersey, Authentic Justin Smith Jersey, Authentic Jay Cutler Jersey, Authentic Eli Manning Jersey, Authentic Marques Colston Jersey, Authentic Mark Ingram Jersey, Authentic Michael Bush Jersey, Authentic Marques Colston Jersey, Authentic James Harrison Jersey, Authentic Jermaine Gresham Jersey, Authentic Julius Peppers Jersey, Authentic Lance Briggs Jersey, Authentic Hakeem Nicks Jersey, Authentic Jordy Nelson Jersey, Authentic Dustin Keller Jersey, Authentic Jimmy Graham Jersey, Authentic Jermaine Gresham Jersey, Authentic Jahvid Best Jersey, Authentic Matthew Stafford Jersey, Authentic Jason Pierre-Paul Jersey, Authentic Matt Forte Jersey, Jerseysusa, Authentic Haloti Ngata Jersey, Authentic Jason Pierre-Paul Jersey

November 18, 2011 | Unregistered Commenterjoejersey

Patrick Willis 49ers authentic Jersey, Ahmad Bradshaw Jersey, Hines Ward Jersey, Eli Manning Jersey, Miles Austin Jersey, Arian Foster Jersey, Dustin Keller Jersey, Clay Matthews packers Jersey, randall cobb packers jersey,, Calvin Johnson Authentic Lions Jersey, Plaxico Burress Jersey, Drew Brees Authentic Jersey, Rob Gronkowski Patriots Jersey, aaron rodgers jersey packers, DeMarcus Ware Jersey, Michael Bush Jersey, nick collins jersey authentic, jordy nelson packers jersey, Carson Palmer Raiders Jersey, Matthew Stafford Authentic Lions Jersey, Jason Witten Jersey, aaron rodgers jersey authentic, Ray Lewis Jersey, Jonathan Stewart Jersey, Darren McFadden Raiders Jersey, Brian Urlacher Jersey, Santonio Holmes Jersey, Dez Bryant Jersey, Frank Gore 49ers authentic Jersey, Cam Newton kids nfl Jersey, Ben Roethlisberger Jersey, jordy nelson jersey, wholesale jerseys china, Clay Matthews Jersey, Victor Cruz Jersey, Darren McFadden Jersey, Jacoby Ford Jersey, James Harrison Jersey, Andre Johnson Jersey, Jimmy Graham Authentic Jersey, Aaron Rodgers Jersey, Hakeem Nicks Jersey, Nick Collins Jersey, Tom Brady Patriots Jersey, Authentic Victor Cruz Jersey, DeMarco Murray Jersey, Sebastian Janikowski Jersey, Maurkice Pouncey Jersey, Torrey Smith Jersey, Mark Sanchez Jersey, Carson Palmer Jersey, Darrelle Revis Jersey, Steve Smith Jersey, DeAngelo Williams Jersey, Devin Hester Jersey, Dez Bryant Jersey, Tony Romo Jersey, Jason Pierre-Paul Jersey, Victor Cruz Jersey giants, Cam Newton Jersey, Aaron Rodgers Jersey

December 14, 2011 | Unregistered CommenterGSFGSF

<p>NBA Snapback Hats

Snapback Hats Online

MLB Snapback Hats

Authentic Snapback Hats</p>

<p>Snapback Hats Cheap

Last Kings Clothes

Last Kings Snapback Hats

Blank Fitted Hats

Cheap Jerseys Wholesale

Snapback Hats For Sale

Wholesale Snapback Hats

Obey Snapback Hats</p>

<p>CHI Flat Irons

CHI Flat Iron Official Website

CHI Flat Iron

CHI Hair Products

Official CHI Flat Iron Site</p>

<p>Wholesale Snapback Hats Blank

MLB Snapback Hats

NBA Snapback Hats

CHINA Snapback Hats</p>


January 11, 2012 | Unregistered Commentersnapbackhats

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>