Recently MuscleNerd, the member of DevTeam, reported the presence of an interesting security bug in Safari for the iPhone. It will probably allow a quick remote jailbreak of iPhone or iPod Touch simply by connecting the device to an external website created for this purpose.
The bug was discovered by two hackers Ralph Phillip and Vincenzo Iozzo, who won the prize of $15 000 during CanSecWest. Their initial idea was to use a web portal to do the exploit of the SMS database and retrieve it's content.
Steve Jobs called Flash technology a 'CPU hog ' and an "old technology" with numerous “security holes.” On the iPad demo with the Wall Street Journal that took place in New York Apple CEO attempted to persuade the WSJ honchos to bring the issue to the iPad.
The parties discussed one of the stumbling rocks- the inability of iPad to support Flash technology. The point is that the Journal invested a great deal of money in Flash enabling to deploy videos, slides and other interactive media.
The annual Pwn2Own hacking contest is coming up next month. During the event competitors will be given the chance to win cash prizes.
The competition will start on March 24 at the CanSecWest security conference in Vancouver, British Columbia. This year, hackers will take on an iPhone 3GS, a Blackberry Bold 9700, an unspecified Nokia smartphone running the Symbian S60 platform and a Motorola, most likely a Droid, powered by Google 's Android. A successful hack must result in code execution with little to no user-interaction. Any exploited phone wins its attacker $10,000 in cash.
It looks like Apple has started banning iPhone hackers from the iTunes App Store.
A few day ago Sherif Hashim, the iPhone developer and hacker, tweeted that he had found an exploit in the latest iPhone OS 3.1.3, which could enable the unlock on 05.12.01 baseband for iPhone 3GS and iPhone 3G. Yesterday he has been banned by Apple for the so called "security reasons". It seems that Apple is quite angry! Here is what Sherif gets when he tries to access App Store from his iPhone:
Sherif Hashim’s Tweets:
"Your Apple ID was banned for security reasons", that's what i get when i try to go to the app store, they must be really angry ))))
and guess what my apple ID was, "email@example.com", what a fool was me not to notice )), can't help laughing, they are babies ))
Another iPhone hacker named iH8sn0w, the developer of Sn0wbreeze (PwnageTool alternative for Windows), tweeted saying he was also banned by Apple right after he released an exploit known as XEMN:
@sherif_hashim lol, they did that to my ih8sn0wyday[@t]googmail.com too. (right after I posted XEMN)…
For now Apple isn’t banning Jailbreakers - they’re banning people who actively work to find exploits in the iPhone software to create Jailbreaks for the rest of us.
So this is a minor update, which fixing only the accuracy of the 3GS battery meter and the stability of some third-party app launches. This update is avaliable via iTunes.
New firmware 3.1.3 also introduces a new version of the baseband, the 05.12.01. So if you need unlock do not update! DevTeam also warns us:
If you care about your jailbreak and unlock, don’t update your device - 3G and 3G(S) owners should pay particular attention to this warning.
PwnageTool and redsn0w are not yet compatible with 3.1.3
Experimenters show that the latest version of redsn0w 0.9.2 is able to jailbreak iPhone 2G, iPhone 3G and iPod touch 1G. Just point it at the 3.1.2 IPSW (download here) after doing update or restore to firmware 3.1.3. Sounds like DevTeam will release an updated version of redsn0w that will handle firmware 3.1.3 officially. They say iPod touch 2G with firmware 3.1.3 is also jailbreakable.
Users report that unlock software, blacksn0w and ultrasn0w, doesn;t work with the new baseband.
Newsworthy events are often targeted by hi-tech criminals. The iPad wasn’t the exception.
On the last week terms like “Apple” and “iPad” were among the most popular on different search sites and services because of the Steve Jobs’ presentation. That caused hi-tech scammers to tune their booby-trapped webpages to show up near the top of search results with that terms. So when the user enters such words as “Apple iPad rumor” or “Apple iPad size”, he has a probability to go to the sites that will peddle rogue security software to him.
Moreover, some sites were tuned in such way they could define user’s OS and choose a different type of attacking it. Other sites send users to web pages that pose Google’s search engine and manipulate the results people see. The only way to stay protected from these scammers is to be attentive to strange sites and links, to have an up to date security software installed and the latest OS system patches.
Jack Dorsey, the founder of Twitter, launched the new service named Square (still in beta) that allows you to make or take payments using your iPhone.
All this happens through an accessory able to process credit cards that is connected to the the device.
User just need to enter the amount, the security code and the signature directly on the touchscreen. There are no charges of any kind, except a U.S. cent on every transition, which is donated to charity.
The system is able to display a bill with lots of information: the map, the amount, the number of times that we used this system of payments in that particular store, and much more.
The system is currently being tested in the US. Maybe one day we will all use it everywhere.
A second iPhone worm virus has been found by security company F-Secure. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.
It redirects the bank's customers to a site with a log-in screen (phishing). The worm attacks "jailbroken" phones - a modification which enables the user to run non-Apple approved software on their handset. Only handsets with installed SSH (secure shell) are at risk. SSH is a file-transfer program that enables users to remotely connect to their phones. It comes with a default password, 'alpine' which should be changed.
Here is a tutorial how to change the default SSH password and minimize the risk.
Apple has just announced that all iPhone developers can now use the In-App Purchase in free applications! In the past the use of these APIs was reserved only for commercial software.
This is great, because developers can completely eliminate the Lite version, creating only a limited free version with full function unlock through an in-app purchase. All this is also intended to provide greater security for developers.
Sakhr is a translation company with big clients like the U.S. Department of Defense and Homeland Security. They specialize in English/Arabic translation, and this demo of their iPhone/Blackberry app (not publicly available) looks like the Holy Grail of translation software.
You hold a button, say a phrase and the software captures the information through speech recognition. The text is then translated into either Arabic or English (in the cloud, we believe) and then read aloud so mispronunciation is not an issue.
Voice recognition is a hard part. But if an app works even with 85% accuracy, that's close enough for most tourists—even if soldiers could find the mistakes a bit more costly.
New “Store” entry in Settings App: it links to a blank page
Contacts now divided in “All contacts”, “All contacts on My iPhone” and “All contacts (Mobile Me)”
New Safari’s landscape mode when clicking on a image or a link
Anti-phishing mode in Safari. Activate it in Settings App > Safari, switching Fraud alert ON. The green title bar on 3.0 firmware means a security certified and reliable website. The “htpps” protocol icon instead has been moved on the left of the title.