An iPhone was used to defeat network security by mailing the phone to a fictitious employee
TG Daily reports on a network intrusion technique using the iPhone. The intrusion was explained by Robert Graham and David Maynor of Errata Security during the Defcon 16 security convention.
An iPhone was used as a wireless packet sniffer as it moved from location to location. The phone would pass along data packets sniffed using a prototype software developed by Graham's company. The data would then be passed to Graham through a remote connection over SSH. At the convention, Graham told the audience that the hacked phone "...would just sit in a receiving facility, usually a mailroom, for a long time... if the package is addressed to someone who doesn't work at the company, then employees will have no real urge to move it." Once the phone was inside a business, Graham said most of the wireless networks were "wide open".
Errata Security introduced this model of hacking as "data seepage", which they define as bits of benign data that people willingly broadcast to the world, as opposed to "leakage", which is data people want to hide from the world. As an example, when you power-on your computer, it will broadcast the list of WiFi access-points cached on your PC, the IP addresses previously requested by DHCP, your NetBIOS name, and so on. "Even if you then establish a VPN connection to hide everything else, you've already broadcasted this information to everyone on the local network", Errata suggests.
During the iPhone operation, the phone was powered using an APC extended battery pack. Maynor said their iPhone ploy can foil a company's expensive network security by "getting past all the firewalls and crap that they're buying."