Security researchers to unveil iPhone SMS vulnerability later today

Filed under: Security, iPhone

Two security researchers, Charlie Miller and Collin Mulliner, have discovered a serious security vulnerability affecting SMS messaging on the iPhone that will be unveiled later today at the Black Hat security conference in Las Vegas. This flaw affects all iPhones and can allow an attacker to gain complete control of an iPhone, including the ability to make calls, browse the web and access the camera. This exploit is caused by corruption in the iPhone's memory handling and is executed by sending a burst of text messages by using a uncommon text character or by sending a hidden message.

So far, Apple has been rumored to have a fix in the works, but there's been no confirmation yet when it will be available. The researchers also say that there's nothing you can do to protect your iPhone from this vulnerability, other than to turn off the phone. More details on this issue will be discussed later today at Black Hat, hopefully outlining a path to fix this issue.

Meanwhile, the two developers have already demonstrated this flaw in action to CNET's Elinor Mills, proving its existence and extent of the threat.

We'll be providing more coverage on this issue once it's unveiled, so stay tuned to TUAW.

Security researchers to unveil iPhone SMS vulnerability later today originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 30 Jul 2009 11:30:00 EST. Please see our terms for use of feeds.

Security researchers to unveil iPhone SMS vulnerability later today originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 30 Jul 2009 11:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Google voice developer goes “hacked” only

As Apple suggests dire consequences could come from users hacking the iPhone, one well-publicized former App Store program has made the jump to hacked hardware only. Developer Sean Kovacs was surprised on Monday to discover that his GV Mobile client for Google Voice was to be pulled from the App Store — even though it had [...]

SMS hack could potentially compromise the security of all iPhones

A single character sent by text message could allegedly compromise every iPhone released to date. This accordingy to security experts. Talking at the Black Hat security conference in Las Vegas, experts Charlie Miller and Collin Mulliner say they’ve discovered a bug in the iPhone’s approach to SMS that exposes it completely to remote control through a [...]

Apple launches MobileMe ‘iDisk’ app for iPhone/Touch

Apple’s free MobileMe iDisk application is now available on the App Store, allowing users to remotely access files saved online via the MobileMe service. “You can already access your iDisk online at me.com,” Apple’s Web site reads. “And now you can access it right from your iPhone. Free for MobileMe members, the iDisk app for iPhone [...]

Yeah, there’s an app for that. But for how long, and at what cost?

Filed under: iPod Family, Apple, iPhone, App Store

With the recent kerfuffle surrounding the removal and rejection of Google Voice apps from the App Store, many developers are beginning to question the trust they have placed in Apple to provide them with a reliable system for developing and distributing applications.

Generally, the major hurdle associated with iPhone development is getting approved by Apple. It's no secret that this process is often quite frustrating, and sometimes downright arduous. Developers often wait several weeks without any response before they are suddenly rejected, and then they must make the requested changes (if possible), resubmit their application, and again wait for a response.

But once they have put your app through the paces, and presumably have double and triple checked to ensure that you have complied with the terms, you're safe, right? Your hard work has paid off, Apple has accepted your app, and now you can move on.

Wrong.

As the developers of GV Mobile and VoiceCentral recently discovered, Apple can take an app that was previously given the all-clear, decide that it now duplicates native functionality of the iPhone, and yank it from the App Store in a matter of minutes. Needless to say, there are some serious flaws in this process. First, the functionality provided by both of these apps isn't actually provided by the iPhone, so there's really nothing to duplicate, unless Apple is going to start expecting developers to predict future features and avoid duplicating those too. Then you have the fact that the feature sets provided by the apps and the iPhone itself have not changed since Apple approved them in the first place, so if they truly are duplicating native functionality, they should have been rejected from the start, not months after they were approved.

Now one might also argue that some features offered by Google Voice do overlap with the iPhone, such as the SMS and voicemail functions. But even if you concede that point to Apple, couldn't they just ask the developers to remove those features and resubmit? What about the other apps -- like Skype, TextFree, or iCall -- that offer similar feature sets, are they going to disappear too? And if AT&T is really responsible for this, as has been suggested previously, why was the app pulled from the App Stores of other countries? Why not just honestly tell the developer that the app is being pulled at the request of the carrier?

Continue reading Yeah, there's an app for that. But for how long, and at what cost?

Yeah, there's an app for that. But for how long, and at what cost? originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 30 Jul 2009 11:00:00 EST. Please see our terms for use of feeds.

Yeah, there's an app for that. But for how long, and at what cost? originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 30 Jul 2009 11:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Review: B&N Bookstore for iPhone

This app from the book retailing has a lot going for it. But how does it measure up to Amazon's mobile offering?

Apple Finally Discontinues Shake? [Updated]

Alongside today's introduction of updated Time Capsule models, Apple appears to have finally discontinued Shake, its long-standing high-end digital compositing and visual effects software package. While Shake's product pages remain available on Appl...

Apple Finally Discontinues Shake?

Alongside today's introduction of updated Time Capsule models, Apple appears to have finally discontinued Shake, its long-standing high-end digital compositing and visual effects software package. While Shake's product pages remain available on Appl...

TiPb Presents: iPhone Live! #21 - Google Voiceless

• Our podcast feed
• Download Directly
• Subscribe via iTunes

Join Dieter, Chad, and Rene for iPhone 3.1 Beta 3, Google Voice rejection, iTablet and Verizon rumors, Palm/iTunes escalation, SMS exploits, and all the news and how-tos. Listen in!

Featured Accessory

• Jabra SP200 Bluetooth Speakerphone for Hands-Free iPhone 3G/3GS Action

News

iPhone 3.1 Watch

• Updated: Apple Release iPhone 3.1 Beta 3 to Developers (Beta 2 Expiring Tues, July 28!)
• iPhone 3.1: Augmented Reality Apps are a Go!

Apps and App Store

• UPDATED: Apple Rejects Removes all Google Voice Apps for iPhone from iTunes App Store
• GV Mobile Brings Google Voice to iPhone… via Cydia for Jailbreak
• Apple Reverses Decision, Allows Promo Codes for Apps Rated 17+
• Apple Improves iTunes App Store Search, Asks Developers for Keywords
• Quick App: Apple Releases MobileMe iDisk App for iPhone Amazon’s Jeff Bezos Apologizes to Kindle (and iPhone Kindle App) Users
• Google Finally Provides Latitude to iPhone Users — Yeah, it’s a WebApp

iTunes & iTablet

• iTablet: When Will it Ship and What Will it Run? now that Steve is finally happy with it, and Verizon is racing to get LTE ready…
• Apple and Record Labels Trying to Reignite Album Interest with “Cocktail”?

Carrier Talk

• CEOh-Snap! AT&T Says iPhone Exclusivity Will End… Eventually
• Verizon: iPhone 3GS Cost us Money, Helped Drive Innovation Rogers Canada Roundup: Q2 Financial Results, Out of Stock, and 21Mbps HSPA+ Testing
• Apple and China Unicom Finally Maybe Potentially Have an iPhone Deal. Possibly.

The Competition

• Palm Re-Hacks iTunes Sync, Shows They Care More About Ego and Press Than Pre Users, and files a complaint against Apple
• Palm’s Roger McNamee Wants to Know if You’re Still Using an iPhone?

In Other News

• iPhone 3GS Hardware Encryption “Useless”?
• 1GHz ARM Mobile CPU on the Horizon — but is it iPhone Bound?

Help and How To

• Pro Tips: How to Secure Your Jailbroken (or Regular) iPhone Against Hackers

Forums

• From the Forums: iPhone 3.0 Jailbreak Apps, Overheating, 3GS Photos, Battery Tips

Credits

Thanks to the the iPhone Blog Store for sponsoring the podcast, and to everyone who showed up for the live chat!

Our music comes from the following sources:

• I Called You — iPhone Remix by Pete Leidy
via Sneakmove iPhone Ringtone Challenge

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

TiPb Presents: iPhone Live! #21 - Google Voiceless

Robot with iPhone 3GS head reminds us of a cuter, more magnanimous Steve Jobs

Continue reading Robot with iPhone 3GS head reminds us of a cuter, more magnanimous Steve Jobs

Filed under: Cellphones, Robots

Robot with iPhone 3GS head reminds us of a cuter, more magnanimous Steve Jobs originally appeared on Engadget on Thu, 30 Jul 2009 10:11:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

iPhone SMS Security Vulnerability to Be Disclosed Today

Forbes reports that cybersecurity researchers plan to publicize today at the Black Hat conference in Las Vegas a security vulnerability in the iPhone SMS messaging system that reportedly would allow hackers to in theory "take over every iPhone in the...

MSI Wind battery used as a not-exactly-portable, unreliable USB charger

Continue reading MSI Wind battery used as a not-exactly-portable, unreliable USB charger

Filed under: Cellphones, Laptops

MSI Wind battery used as a not-exactly-portable, unreliable USB charger originally appeared on Engadget on Thu, 30 Jul 2009 09:06:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Steve Jobs Pictured at Apple

TMZ caught Steve Jobs leaving the Apple campus. So now, yes, he’s been captured on film and all gadget perfectionists everywhere can sleep soundly.

So, our take away is that a) Steve Jobs is a paparazzi level technoceleb. Congrats? b) he was reportedly photographed with an iPhone. Ironic in a little-brother sort of way. And c) Jony Ive is not only the best designer on the planet, but an intimidating looking bodyguard. Multitasker!

Once again everyone here at TiPb wishes him well, and hopes that he’s enjoying whatever fourth or fifth gen iPhone is in his pocket and will be revealed to the rest of us in the years to come.

[Thanks to everyone who sent this in!]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Steve Jobs Pictured at Apple

Apple kicks out MobileMe iDisk app for iPhone

It still can't multitask, but as of today, it's finally capable of accessing and sharing iDisk files. Apple has at long last let loose a long-awaited application for iPhone OS 3.0 that enables iPhone and iPod touch users with MobileMe accounts to access the inner sanctums of their own iDisk. The app lets you login, view files (up to 20MB or so, sayeth Apple) and share files by sending others a link via email to whatever you deem appropriate. There's also an option to password protect those files and limit the amount of days the download is active, though viewing files is limited to iPhone-supported file types such as iWork, Office, QuickTime, PDF, etc. If you're a paying MobileMe user, go on and give this one a download -- it's free, you know?

Filed under: Software

Apple kicks out MobileMe iDisk app for iPhone originally appeared on Engadget on Thu, 30 Jul 2009 07:59:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Apple Time Capsule Dual-Band Routers + Storage Updated to 1TB/2TB

Stealth update time in Apple-land this morning, as Time Capsule has doubled in storage to 1TB/2TB configurations ($299/$499). The dual-band routers inside the Time Capsule, identical to those in the latest Airport Extremes, support both fast 802.11n networking for modern computers, and simultaneously, 802.11g for mobile devices like the iPhone and iPod touch.

If you’ve been wanting to go dual-band and have a hunkering for a 2TB hard drive to go with it, Apple now has a glossy white option just for you:

Back up a lifetime’s worth of memories with the Time Capsule, a wireless hard drive that works seamlessly with Time Machine in Mac OS X Leopard. It’s also a full-featured 802.11n Wi-Fi base station with simultaneous dual-band support.1 Choose from 1TB and 2TB models.

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Apple Time Capsule Dual-Band Routers + Storage Updated to 1TB/2TB

Apple Updates Time Capsule to 1 TB and 2 TB Capacities [Updated]

Apple this morning quietly updated its Time Capsule combination wireless router and network-attached storage drive to double the models' capacities at the same price points as the previous models: 1 TB for $299 and 2 TB for $499. While Apple...

Apple Updates Time Capsule to 1 TB and 2 TB Capacities

Apple this morning quietly updated its Time Capsule combination wireless router and network-attached storage drive to double the models' capacities at the same price points as the previous models: 1 TB for $299 and 2 TB for $499. While Apple...

Charlie Miller to Demonstrate iPhone SMS Hack at Black Hat Conference Today

Almost a month ago we linked to an Engadget report on Charlie Miller and his SMS exploit for the iPhone. Well, today is the day he intends to show it off at the Black Hat conference.

Thanks to some last minute media attention, however, the general iPhone user base seems to be getting a tad nervous. And rightly so. We’ve said it before and we’ll say it again, in an ideal world, NSA expert come iHacker Charlie, who’s claim to current fame is using Mac exploits to win Pwn2own contests and free laptops, would work with companies like Apple and Microsoft (yes, it looks like Windows Mobile has an exploit as well), and those companies would patch the exploits as immediately as possible, before any “research” was publicly disclosed and any bad guys decided to use them as attack vectors.

TiPb will update post-Miller’s Black Hack disclosure, and hopefully Apple will roll the security fix into a quick 3.0.2 firmware release, or hurry 3.1 out of the gate.

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Charlie Miller to Demonstrate iPhone SMS Hack at Black Hat Conference Today

Apple Going to CES 2010, Steve Jobs Asked to Keynote?

The Wall Street Journal is reporting, almost off-handedly, that Apple is planning to attend CES 2010, a trade show it has avoided up until now, and arguably eclipsed in 2007 when it announced the original iPhone at the then similarly timed Macworld Expo.

Apple pulled out of future Macworlds, causing the expo to change focus and time slots for 2010, but the idea of Apple actually showing up at CES instead? To quoth Dieter: Cats and dogs — living together!

The meat of the WSJ’s story is actually that Steve Jobs has been invited to Keynote at CES but isn’t returning their phone calls. While Jobs owned the spotlight at Macworld before handing the final show over to Phil Schiller in 2009, Jobs would be one of several Keynotes at CES, including lovable competitor Steve Ballmer of Microsoft.

Would Jobs settle for “one of”? Would Apple, after leaving Macworld and saying they prefer to set their own schedule for special events, and that they reach more people via the Apple Stores every week anyway, really want to return to almost exactly the same formula with CES?

We doubted it, and still don’t believe what our eyes are reading.

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Apple Going to CES 2010, Steve Jobs Asked to Keynote?

Nintendo finally sees Wii demand slowing, calls iPhone a DS / DSi competitor

While it seemed that all was going well for the Big N, it looks like those jovial times are finally coming to a (temporary) end. In an earnings report filed today, the company posted a 66 percent fall in quarterly operating profit on "slowing demand for its Wii console and a stronger yen." It's not so much the profit slide that's surprising, but the sudden admission that Wii demand has finally (finally!) slowed from a raging boil to simply piping hot definitely caught us off guard. Still, Nintendo maintained that it would sell 26 million Wii consoles before the year was out alongside 30 million DS handhelds, the latter of which has seen momentum slow due to "increased competition in the handheld business from Apple's iPhone." Now, we've known for some time that the suits in Cupertino have always viewed the iPhone as a game console, but to hear it called out as such from an entity not named Apple is another matter entirely. Maybe it should reconsider that whole "if you can't beat 'em, join 'em" thing? Nah.

[Image courtesy of QuiteCurious]

Filed under: Gaming, Handhelds

Nintendo finally sees Wii demand slowing, calls iPhone a DS / DSi competitor originally appeared on Engadget on Thu, 30 Jul 2009 04:39:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments