Metasploit 3.7 Takes Aim at Apple iOS

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The open source Metasploit vulnerability testing framework got a major overhaul this week with the release of Metasploit 3.7.

The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple's iOS mobile operating system security.

The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.

"The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."

Apple's iOS was specifically targeted during this year's pw2own hacking challenge in which security researcher Charlie Miller was able to exploit the system. Apple has since patched the pw2own flaw.

"In large corporate environments, a single domain administrator login can yield access to hundreds of desktop systems, and the Metasploit Pro product makes it easy to scavenge these iTunes backup files from the entire network at once," Moore said.

Metasploit is a popular vulnerability testing frame and is available in Express, Pro and Open Source editions. The Metasploit 3.7 release follows the Metasploit 3.6 release, which came out in March and had a focus on compliance related issues.

With Metasploit 3.7, in addition to new exploit module, there is a focus on improving performance. The improvements to the session tracking system and the associated database in Metasploit 3.7, means that Metasploit is now faster.

"The session backend required rewriting large portions of the backend code, some of which had not been touched in over five years," Moore said. "This replumbing process is tricky due to the sheer number of modules and libraries that depend on the previous functionality. Our QA team had the hardest job. "

The Metasploit project was acquired by security vendor Rapid7 in 2009. The acquisition has proven to be a benefit to Metasploit with new resources allocated to the project. "Prior to Rapid7, Metasploit had no full-time (or really part-time) staff," Moore said. "Being able to bring in dedicated software developers as well as exploit writers has accelerated the growth of the product and its overall coverage."

Moore added that the exploits going into the Metasploit products are a combination of community developed modules and those written by their two full-time exploit developers.

"We always try to hire from the Metasploit community when possible, and both bannedit and sinn3r were community developers who took a full-time position with Rapid7," Moore said.

Moving forward, Moore noted that there is a major release of Metasploit planned for this summer.

"Scalability is always a goal, but we also have a huge To Do list for making penetration testing smarter, faster, and more reliable," Moore said.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.