Unlike the previous jailbreakme.com exploits targeting MobileSafari that could be used against an unwitting victim, publicly available jailbreaks require USB tethering. Since iDevices refuse to communicate over USB if they are locked unless they have previously paired with the connecting device these jailbreaks have a lower security impact, and are usually only useful to the phone’s owner. Then it is legitimate to think we are safe. Nevertheless, malicious codes already running on hosting personal computers silently steal confidential information using iTunes services or leverage USB jailbreaks.
This talk will discuss about the most interesting Apple services (from the attacker point of view) and describe how they can be exploited in order to retrieve confidential information or to deploy the evasi0n jailbreak. Finally, the author will present the analysis of a Made For Apple (MFI) dock station and its weapownizing in order to allow an automated jailbreak.
Audio available here : http://2013.hackitoergosum.org/presentations/Day3-04.Hacking%20apple%20accessories%20to%20pown%20iDevices%20%e2%80%93%20Wake%20up%20Neo!%20Your%20phone%20got%20pwnd%20!%20by%20Mathieu%20GoToHack%20RENARD.mp3
More information about the conference : http://www.hackitoergosum.org