MuscleNerd of the iPhone Dev-Team has revealed a video showing a successful jailbreak of the iPad. The new hack exploits a bug found on the 3.2 version of the iPad OS, however with the iPhone OS 4.0 being previewed on April 8th plans for a release of this jailbreak might be changed so that Apple can’t patch the bug. In a recent picture it shows Cydia running on the device.
ZodTTD today released his N64 emulator for the iPhone 3GS and iPod Touch 3G, a while before expected. A 14-year-old developer had begun work on a N64 emulator, slated for release in Spring but ZodTTD beat him to it.
It is a port of mupen64plus along with Ari64’s ARM Dynarec, and Adventus / Orkin’s OpenGLES GPU. Since the graphics processing unit (GPU) code is written with the OpenGL ES 2.0 specification, it limits the devices able to be used to the iPhone 3gs and iPod Touch 3rd Gen as of the current Apple lineup.
The current version sports:
- Support for the Wii Remote via Bluetooth;
- Emulation dynarec fast CPU;
- Emulation of sound;
- Download the ROM of games from the same;
- Using Open GL libraries | ES 2.0;
- Supports ROM:. N64 and. Z64 and archives. Zip and. Gz
n64iPhone is available now from Cydia.
In the past few months there have been multiple worms released into the wild that affected inadequately protected jailbroken iPhones. However a Swiss iPhone developer has published research that indicates that there are also security vulnerabilities affected un-jailbroken devices too. This doesn’t come as much of a surprise to most as it was only a matter of time.
The developer, Nicholas Seriot has created a proof of concept app called SpyPhone to demonstrate how Apple’s own APIs can be used to read and edit user’s address books, gain access to the user’s web surfing history or even recent location information. Although this is not as bad as what can be done with root permissions to the device, it can still effect users, especially when they think they are safe.
For the attacks to work, the application with the malicious code would need to get through the App Store approval system, however this wouldn’t be very hard as pointed out by many developers, as Apple doesn’t check source code but does have a kill switch on every app. The code would be delayed, so that it only beings to work so many weeks after the app is released or it could be an encrypted payload.
Nicholas Seriot detailed these possible iPhone privacy risks in a talk he delivered in Geneva, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications.
Developers of apps on the App Store worked out a way of stopping users from running cracked apps on their device but now the developer of the LockDown app on the Cydia store has stopped the application from running, if you’re blocking AdMob ad’s on the iPhone. Using the app AdMob BeGone on the device stops the app from running and requires you to remove it before it will work again.
It makes sense as LockDown is a free app from Cydia and so they rely on donations and Ad’s but will this be the beginning of all app’s doing this, or just a select few like cracked apps?
There has been news today of yet another iPhone worm that affects users who have unsecured SSH installed on their device.
Security Company, F-Secure, has unearthed this latest worm for the iPhone which targets people in the Netherlands, as it did before with the first exploit of unsecured SSH. It targets users who use their iPhone to online bank with ING. Much like a phishing attack, it redirects the bank’s users to a look-a-like website with a log-in screen.
The worm only affects jailbroken devices as before, and only devices with SSH that has the default password are affected. This latest worm is more serious than the ones prior, as they were created to warn people, that things such as this could happen. The security company, F-Secure, have also said that it can behave like a botnet and send itself to other un-secure devices on a local WiFi network.
The phone can be controlled by the hacker remotely without the knowledge or permission of the user. Hackers can ring people, text people, copy your contacts or what ever they wish with your device if it’s left open. At the moment it’s only spreading around the Netherlands, but soon enough malicious hackers will most likely take advantage of the users who don’t change the default password.
A spokesperson for ING Bank said that a warning was going to be put on the bank’s official website.
“We are also briefing call centre personnel,” she added. “It’s important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands.”
If your device is jailbroken and you believe SSH maybe, or is installed then please read this guide to secure your device. Many other guides will not fully protect you as they only change the mobile user password and not the root.
If you wish to read more from F-Secure on this issue click here.
iDashboard v1.0 has been released by WyndWarrior, it’s an iPhone utility which mimics the widget functionality of Mac OS X.
A multi page dashboard for your iPhone! Features a world clock, a calendar, a weather widget, a working calculator, lockscreen dashboard, and double-tap Dashboard. Also will have available widget packs for download in Cydia. Customization features include: wall-papers with auto-dim and the ability to change wallpapers through the photo app.
Steven Troughton-Smith is developing a similar application, which is not yet released.
Over the past week there has been a lot of news over unsecured SSH on iPhone. First about the Dutch hacker who wasscanning the network for jailbroken users who had not changed their default SSH password. Now a hacker who goes by the name of “ikee” from Australia, created a worm that changes the home screen background to Rick Astley.
As I’m sure your aware by now this only affects users who have jailbroken their phone and installed OpenSSH, not just general users or who have jailbroken their device. If you have jailbroken your device and have got OpenSSH installed please read this guide on how to change your default password to ensure none of these worms or hacks will affect you.
ikee says this is how the worm spread: “The code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra’s IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT’d) then a random 20 IP ranges. I’m guessing a few phones hit a range that another vulnerable phone was on.”
Once one phone is infected it searches for phones with the default password and then begins the process again.