News tagged ‘security’

It looks like Apple has started banning iPhone hackers from the iTunes App Store.

A few day ago Sherif Hashim, the iPhone developer and hacker, tweeted that he had found an exploit in the latest iPhone OS 3.1.3, which could enable the unlock on 05.12.01 baseband for iPhone 3GS and iPhone 3G. Yesterday he has been banned by Apple for the so called "security reasons". It seems that Apple is quite angry! Here is what Sherif gets when he tries to access App Store from his iPhone:

Sherif Hashim’s Tweets:

"Your Apple ID was banned for security reasons", that's what i get when i try to go to the app store, they must be really angry ))))

and guess what my apple ID was, "sherif_hashim@yahoo.com", what a fool was me not to notice )), can't help laughing, they are babies ))

Another iPhone hacker named iH8sn0w, the developer of Sn0wbreeze (PwnageTool alternative for Windows), tweeted saying he was also banned by Apple right after he released an exploit known as XEMN:

@sherif_hashim lol, they did that to my ih8sn0wyday[@t]googmail.com too. (right after I posted XEMN)…

For now Apple isn’t banning Jailbreakers - they’re banning people who actively work to find exploits in the iPhone software to create Jailbreaks for the rest of us.

Apple has just released new firmware 3.1.3 (7E18) for iPhone 3GS, iPhone 3G, iPhone 2G, iPod touch, iPod touch 2G and iPod touch 3G.

The update includes:

• Improves accuracy of reported battery level on iPhone 3GS
• Resolves issue where third-party apps would not launch in some instances
• Fixes bug that may cause an app to crash when using the Japanese Kana keyboard
• Other security updates (more info)

So this is a minor update, which fixing only the accuracy of the 3GS battery meter and the stability of some third-party app launches. This update is avaliable via iTunes.

New firmware 3.1.3 also introduces a new version of the baseband, the 05.12.01. So if you need unlock do not update! DevTeam also warns us:

If you care about your jailbreak and unlock, don’t update your device - 3G and 3G(S) owners should pay particular attention to this warning.
PwnageTool and redsn0w are not yet compatible with 3.1.3

Experimenters show that the latest version of redsn0w 0.9.2 is able to jailbreak iPhone 2G, iPhone 3G and iPod touch 1G. Just point it at the 3.1.2 IPSW (download here) after doing update or restore to firmware 3.1.3. Sounds like DevTeam will release an updated version of redsn0w that will handle firmware 3.1.3 officially. They say iPod touch 2G with firmware 3.1.3 is also jailbreakable.

Users report that unlock software, blacksn0w and ultrasn0w, doesn;t work with the new baseband.

Newsworthy events are often targeted by hi-tech criminals. The iPad wasn’t the exception.

On the last week terms like “Apple” and “iPad” were among the most popular on different search sites and services because of the Steve Jobs’ presentation. That caused hi-tech scammers to tune their booby-trapped webpages to show up near the top of search results with that terms. So when the user enters such words as “Apple iPad rumor” or “Apple iPad size”, he has a probability to go to the sites that will peddle rogue security software to him.

Moreover, some sites were tuned in such way they could define user’s OS and choose a different type of attacking it. Other sites send users to web pages that pose Google’s search engine and manipulate the results people see. The only way to stay protected from these scammers is to be attentive to strange sites and links, to have an up to date security software installed and the latest OS system patches.

[Via BBC]

Next generation iPhone might have support for WiFi 802.11n. A recent Apple job posting shows that such software support might come soon:

Implementation of 802.11 a/b/g/n & related specifications.

802.11i/802.1x Security protocols

Good understanding of wireless RF technologies & co-existence issues of 802.11 PHYs with other Wireless interfaces like Bluetooth.

The addition of Wireless N capabilities and support are quite logical. Hope to see iPhone 4G soon.

Jack Dorsey, the founder of Twitter, launched the new service named Square (still in beta) that allows you to make or take payments using your iPhone.

All this happens through an accessory able to process credit cards that is connected to the the device.

User just need to enter the amount, the security code and the signature directly on the touchscreen. There are no charges of any kind, except a U.S. cent on every transition, which is donated to charity.

The system is able to display a bill with lots of information: the map, the amount, the number of times that we used this system of payments in that particular store, and much more.

The system is currently being tested in the US. Maybe one day we will all use it everywhere.

Agile Web Solutions is offering 1Password Pro free until December 1st for iPhone and iPod touch users.

1Password will securely store your important information and can automatically log you into websites with a single tap. There's no need to remember the username, password, or even the website address.

1Password Pro is normally $7.99 and can be installed from the AppStore (link).

Feature List:

• (pro) Special easy switching mode allows you to quickly copy-and-paste usernames and passwords to Mobile Safari.
• (pro) Support for copying multiple field values (for example, both username and password) from 1Password to Mobile Safari.
• (pro) Folders for better organization (in this version a desktop application required - sold separately)
• (pro) Features coming soon: Favorites, MobileMe/WebDAV syncing, and more.
• Securely store your website names and passwords so you never forget them again
• Save important information like credit cards and membership numbers
• Jot down other notes too sensitive for stickies or bar napkins
• Synchronize it all with 1Password for Mac via Wi-Fi (sold separately, available at http://1password.com)
• Automatically log into Web sites on iPhone and iPod touch to avoid remembering and typing usernames and passwords
• Hardware-accelerated AES encryption and Auto-Lock keep your data protected even if your iPhone is lost or stolen
• All cryptographic operations are performed using standard iPhone libraries to ensure there are no security gaps or backdoors
• Two-layer defense with Unlock Code and Master Password to combine security and convenience
• Data Backup & Restore option available on Mac, Windows and Linux.

A second iPhone worm virus has been found by security company F-Secure. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.

It redirects the bank's customers to a site with a log-in screen (phishing). The worm attacks "jailbroken" phones - a modification which enables the user to run non-Apple approved software on their handset. Only handsets with installed SSH (secure shell) are at risk. SSH is a file-transfer program that enables users to remotely connect to their phones. It comes with a default password, 'alpine' which should be changed.

Here is a tutorial how to change the default SSH password and minimize the risk.

Apple has just announced that all iPhone developers can now use the In-App Purchase in free applications! In the past the use of these APIs was reserved only for commercial software.

This is great, because developers can completely eliminate the Lite version, creating only a limited free version with full function unlock through an in-app purchase. All this is also intended to provide greater security for developers.

A bug was found in firmware 3.0 that allows you to view hidden passwords. Here's the video demonstration:

As you can see it is easy, just erase a digit and shake the iPhone to see the number or character of the password. This bug had been fixed in firmware 3.1.

Sakhr is a translation company with big clients like the U.S. Department of Defense and Homeland Security. They specialize in English/Arabic translation, and this demo of their iPhone/Blackberry app (not publicly available) looks like the Holy Grail of translation software.

You hold a button, say a phrase and the software captures the information through speech recognition. The text is then translated into either Arabic or English (in the cloud, we believe) and then read aloud so mispronunciation is not an issue.

Voice recognition is a hard part. But if an app works even with 85% accuracy, that's close enough for most tourists—even if soldiers could find the mistakes a bit more costly.

via gizmodo

Here is an unofficial changelog of iPhone 3.0 beta2 firmware:

• Better Spotlight feature
• Better Copy-Cut-Paste
• Greater speed and overall stability
• MMS natively supported (without any hack) for a lot of new countries
• In-App Purchase first APIs released
• Push notifications first APIs released
• New APIs available to developers
• Bugs afflicting Beta 1 fixed
• Safari’s lower bar is no more transparent
• New “Store” entry in Settings App: it links to a blank page
• Contacts now divided in “All contacts”, “All contacts on My iPhone” and “All contacts (Mobile Me)”
• New Safari’s landscape mode when clicking on a image or a link
• Anti-phishing mode in Safari. Activate it in Settings App > Safari, switching Fraud alert ON. The green title bar on 3.0 firmware means a security certified and reliable website. The “htpps” protocol icon instead has been moved on the left of the title.
• SpringBoard has now up to 11 pages and 180 applications.

via ispazio

To create an iTunes App Store account without a credit card please follow the steps below.

Note: In order to create an account without a credit card, you must make sure you are in the App Store, not the iTunes Store.

1. Pick your country from the pop-up menu at the bottom of the iTunes Store homepage.
2. If your country also has an iTunes Store, you'll need to navigate to the App Store by clicking on the "App Store" link from the menu on the left.  If not, proceed to step 3.
   
   
   Read the rest of this entry »

Recently we talked about Apple's second patent about biometric security. The funny thing is that the images used in this patent show a jailbroken firmware 1.x iPhone, with installed Installer.app, SMBPrefs  and the iWood Realize theme from the iSpazio repository. There are also "Terminal", "Game", "VRecord", "Blocks" and others.

You can check yourself here. Here is a screenshot:

Apple filed a new patent that shows a new system of biometric recognition for the safety of iPhone and MacBook. Currently the only way to protect our devices is to use a security code, which is not safe enough. In the future Apple plans to integrate a sensor below the screen to scan our fingerprints when we execute the "slide to unlock" .

Other security methods may be that the voice recognition or facial recognition. This might include the future implementation of a front camera. Apple goes so far as to suggest the possibility of recognizing the user's distinctive voice or even collecting DNA samples to recognize a user's genetic sequence. Biometrics could also be context-sensitive and detect the shape of a user's ear before allowing a call to go through, for example.

Overall it still seems somewhat science fiction, but could be implemented in the next model of the iPhone this summer.

QlikView helps to improve supply, production and distribution. You can learn about QlikView solution manufacturing companies at 1bit.com.

You probably know about latest iPhone’s security issue. The good news is that there is a solution to fix it.

Jonathan Zdziarski has deviced a way to disable this writing to disk, so that screenshots cannot be recovered. On a jailbroken iPhone, you can disable these screenshots with the following commands in MobileTerminal or through SSH connection to iPhone:

# rm -rf /var/mobile/Library/Caches/Snapshots

# ln -s /dev/null /var/mobile/Library/Caches/Snapshots

Screenshots themselves actually get written to /var/mobile/Library/Caches/Snapshots. So these commands delete this folder and symlink it to /dev/null, so the screenshots don’t get written to disk.

The side effect to this is that when resuming an application, you’ll get the default screen in the zoom-in effect. Once the application resumes, however, you’ll have your application screen back. For example, your mail application will always zoom to the front as if you had an empty inbox, but will quickly correct itself once the application resumes.

“To return to the default behavior, just delete the symlink and the directory will get recreated. Mind you, this has no effect on the many other pieces of data stored on the iPhone, and therefore your iPhone will always be at risk for leaking private data, especially to seasoned forensic examiners. Use at your own risk.”

via iphoneatlas