iPhone Security Issues Not Exclusive To Jailbroken Devices

In the past few months there have been multiple worms released into the wild that affected inadequately protected jailbroken iPhones. However a Swiss iPhone developer has published research that indicates that there are also security vulnerabilities affected un-jailbroken devices too. This doesn’t come as much of a surprise to most as it was only a matter of time.

The developer, Nicholas Seriot has created a proof of concept app called SpyPhone to demonstrate how Apple’s own APIs can be used to read and edit user’s address books, gain access to the user’s web surfing history or even recent location information. Although this is not as bad as what can be done with root permissions to the device, it can still effect users, especially when they think they are safe.

For the attacks to work, the application with the malicious code would need to get through the App Store approval system, however this wouldn’t be very hard as pointed out by many developers, as Apple doesn’t check source code but does have a kill switch on every app. The code would be delayed, so that it only beings to work so many weeks after the app is released or it could be an encrypted payload.

Nicholas Seriot detailed these possible iPhone privacy risks in a talk he delivered in Geneva, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications.

Developers Research

Second iPhone Worm Used For Malicious Purposes

There has been news today of yet another iPhone worm that affects users who have unsecured SSH installed on their device.

Security Company, F-Secure, has unearthed this latest worm for the iPhone which targets people in the Netherlands, as it did before with the first exploit of unsecured SSH. It targets users who use their iPhone to online bank with ING. Much like a phishing attack, it redirects the bank’s users to a look-a-like website with a log-in screen.

The worm only affects jailbroken devices as before, and only devices with SSH that has the default password are affected. This latest worm is more serious than the ones prior, as they were created to warn people, that things such as this could happen. The security company, F-Secure, have also said that it can behave like a botnet and send itself to other un-secure devices on a local WiFi network.

The phone can be controlled by the hacker remotely without the knowledge or permission of the user. Hackers can ring people, text people, copy your contacts or what ever they wish with your device if it’s left open. At the moment it’s only spreading around the Netherlands, but soon enough malicious hackers will most likely take advantage of the users who don’t change the default password.

A spokesperson for ING Bank said that a warning was going to be put on the bank’s official website.

“We are also briefing call centre personnel,” she added. “It’s important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands.”

If your device is jailbroken and you believe SSH maybe, or is installed then please read this guide to secure your device. Many other guides will not fully protect you as they only change the mobile user password and not the root.

If you wish to read more from F-Secure on this issue click here.

How To: Change Your iPhone’s SSH Password
Dutch Hacker Hack’s Into Jailbroken iPhone’s
iPhone Worm Rickrolls Jailbroken Devices

iPhone Worm Rickrolls Jailbroken Devices

Over the past week there has been a lot of news over unsecured SSH on iPhone. First about the Dutch hacker who wasscanning the network for jailbroken users who had not changed their default SSH password. Now a hacker who goes by the name of “ikee” from Australia, created a worm that changes the home screen background to Rick Astley.

As I’m sure your aware by now this only affects users who have jailbroken their phone and installed OpenSSH, not just general users or who have jailbroken their device. If you have jailbroken your device and have got OpenSSH installed please read this guide on how to change your default password to ensure none of these worms or hacks will affect you.

Rickroll iPhone Worm

ikee says this is how the worm spread: “The code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra’s IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT’d) then a random 20 IP ranges. I’m guessing a few phones hit a range that another vulnerable phone was on.”

Once one phone is infected it searches for phones with the default password and then begins the process again.

Dutch Hacker Hack’s Into Jailbroken iPhone’s

How To: Change Your iPhone’s SSH Password

iPhone 3G & iPod Touch Can Now Edit Video

Due to the recent 3.1 iPhone OS update, the iPhone 3G and iPod Touch are now able to edit video just like the iPhone 3GS. Both devices still can’t record video, unless jailbroken, so this may not come as a big tool for most people.

To get it to work, first you must get someone to email you a video file. Once you have it, you can open the email and select the arrow on the lower menu bar. This will give you five options: Reply, Reply All, Forward, Save Video and Cancel. Once you select Save Video, the video will get saved to your Camera Roll.

Go to the Camera Roll and select the video, you are then able to watch the video and edit it. To edit a video, tap on the timeline at the top of the page, you can then drag your finger to the start and end points on the video. When you select trim, you then have the option to trim the original video or save the trimmed potion as a new clip.

Numeric Battery On iPhone Killing Battery Life?

There has been many reports that enabling the numeric battery feature on the iPhone actually kills the battery life quicker. Some people have reportedly found a massive increase in battery life after turning off this simple feature. Especially those with jailbroken phones who use SBSettings to turn on the feature.

Some people oriignally thought the battery died quicker, but thought it was a psychological thing and that you thought it was as you could see the percentage go down. However I’ve now turned off the numeric battery for good and hope I get better battery life as currently it’s not lasting a whole day with light use.

Dev-Team Confirm No Need For New Jailbreak Tools For 3.0.1

The iPhone Dev-Team have confirmed that there is no need for them to release new tools for jailbreaking the latest firmware 3.0.1.

They released this information:

The 3.0.1 release is a “branch” from 3.0 that occurs (code-wise) before all the 3.1 betas. The programs redsn0w needs to change for the jailbreak are identical when you compare the 3.0 and 3.0.1 versions. It seems pretty much the only changes Apple made were for the SMS bug, which affects programs that redsn0w doesn’t touch. That’s why you can re-use redsn0w 0.8 on 3.0.1 even though it was written for 3.0.

And since 3.0.1 doesn’t touch the baseband either, ultrasn0w 0.9 works for those needing the soft unlock. Just install it from the repo666.ultrasn0w.com repository using Cydia as usual.

We’ll at some point fix redsn0w to recognize both 3.0 and 3.0.1 IPSW’s, but really that’s the only change that would be made to it. Everything else would be identical, so there’s no need to wait for the “proper” version that recognizes the 3.0.1 IPSW as valid.

So to jailbreak the new firmware just use the old tools and you should have no problems.

Apple Releases iPhone OS 3.0.1

Apple earlier today released the latest iPhone OS, version 3.0.1. This update fixes the major SMS security issue that they have finally fixed.

There hasn’t been many changes in the latest firmware release that have been found other than the SMS fix, feel free to email them in if you find any.

If you want to jailbreak your device it has been reported that in most cases it works fine but maybe wait a while until everything gets checked out.

Ultrasn0w Version 0.9 Released

The Dev-Team have released ultrasn0w version 0.9 today. Its features include:

Works on both 3G and 3GS
Works on hacktivated devices
Works regardless of how you jailbroke your device
Doesn’t patch any mach-o binary whatsoever. (Doesn’t require a separate patch as each new firmware comes out).
Doesn’t install any additional daemon
Has no race conditions, no popups about “Missing SIM”, no network issues
Is almost 7000 times smaller than its nearest competition
Is available now via Cydia. Source repo is http://repo666.ultrasn0w.com (that last “0” in ultrasn0w is a zero!)

Geohot Releases His Own Soft Unlock For iPhone 3GS

Geohot has released his own unlocking software, like ultrasn0w, for the iPhone 3GS. Playing off the Dev-Team’s naming scheme he called it Purplesn0w. The user is required to have a jailbroken device so that the unlock can be downloaded through Cydia, like the Dev-Teams unlock.

Geohot also claims that his unlock is superior to the Dev-Teams unlock:

Wifi fails? Battery fails? Unlock fails? You need purplesn0w, the geohot 3GS unlock solution. Now I know you here a lot about different colors of sn0w, but I’m here to tell you why purplesn0w is the best. First off, what is purplesn0w? It’s a soft unlock for your 3GS that I’d actually use day to day. It’s not a daemon that takes any resources, and it doesn’t add a task to your baseband. It’s very close to a true unlock. All it does is patch three files, CommCenter, lockdownd, and your wildcard activation plist(which you need, activate w at&t sim first, no hacktivation support yet). That’s it, no other files are installed. Props to Oranav for the at+xlog exploit!
A full explanation is coming soon, but I think you clever reversers out there will see what it does, and see why it’s so pristine 🙂 The payload is radically different from other varieties of sn0w. beta as usual, back up first.

Be sure to have legit activated 3GS
Disable 3G if you don’t have it(like T-Mobile).
Add apt.geohot.com to Cydia
Install com.geohot.purplesn0w
Watch for success output in Cydia
Reboot, and enjoy your unlocked iPhone

WinterBoard Released for iPhone 3GS

The newly released 0.9.2958 versions of WinterBoard and MobileSubstrate, which have been upgraded to supportARM7/Thumb2, should now work on the iPhone 3GS.

Saurik, the developer, has said to upgrade even if you don’t have a 3GS as it includes bug fixes.

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31