backtop


Print 82 comment(s) - last by callmeroy.. on Jul 7 at 8:48 AM


  (Source: Attack of the Show)

A gaping hole in the iPhone 3G S's beefed up security, allows a packet of code to be fired into it via SMS and compromise the entire system. Apple says that it will fix the major flaw by the end of July.  (Source: AppleIPhoneReview)
IPhone SMS vulnerability could allow malicious users to install and execute malware

Recently, Apple has struggled with the security ramifications of a higher commercial profile, and seeing an increasing number of OS X malware.  Now another security flaw has been found, this time in the iPhone OS.  The flaw allows attackers to gain root access to the iPhone's underlying OS, allowing them to install and execute malicious programs at will.

The iPhone apparently automatically executes binary code sent in SMS messages.  Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles.  While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.

Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday introduced the vulnerability to the public.  He declined to go into specific details or offer his proof-of-concept code to the public, as he has entered under an agreement with Apple.  Mr. Miller did state, "SMS is a great vector to attack the iPhone."

He went on to describe several examples of how such an attack could prove beneficial to malicious parties.  Among his ideas were to use the phone's GPS technology to track people, to turn on the phone's microphone to snoop on meetings or conversations, and to use groups of the infected phones to form a botnet and launch distributed denial-of-service attacks.

Apple will have a fix ready by the end July, it says.  Mr. Miller says he will hold off on releasing details of his attack until then.  He will present the attack in its full glory at the Black Hat USA 2009 conference in Las Vegas.  Mr. Miller is the author of The Mac Hacker's Handbook, one of the leading resources for prospective Apple hackers.

He praises Apple's efforts with the iPhone saying that the stripped down version of OS X provides less attack opportunities.  He says that lack of support for Adobe Flash and Java while an annoyance to users actually aid security, as these are traditional attack vectors.  He also notes the phone's provisions to only run Apple-signed code and to provide hardware encryption as other promising features.  

Many of these features were added in the new iPhone 3G S, but were not present in the iPhone 3G leading the iPhone 3G to receive failing marks in a recent security study.  Mr. Miller concludes, "The iPhone is more secure than OS X, but SMS could be a critical vulnerability."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

fsardis and his iDick debacle
By Pirks on 7/2/2009 4:00:05 PM , Rating: -1
"lack of support for Adobe Flash and Java while an annoyance to users actually aid security, as these are traditional attack vectors"




RE: fsardis and his iDick debacle
By xDrift0rx on 7/2/2009 4:41:17 PM , Rating: 2
One right does not make up for the many other wrongs....


RE: fsardis and his iDick debacle
By Pirks on 7/2/2009 4:43:42 PM , Rating: 1
What "wrongs" exactly?


RE: fsardis and his iDick debacle
By xDrift0rx on 7/2/2009 5:02:54 PM , Rating: 2
Not making sure the phone can be used in "moderate" temperature zones. (i have never seen a phone give errors like this. only have i had my old Motorola KRZR have an extremely ghosted screen when it was in 15 degree weather during football season.)

The screen issue oh the Macs.

The SATA issue on the Macbooks.

Now who knows what this SMS loophole could bring.


By xDrift0rx on 7/2/2009 5:03:43 PM , Rating: 2
screen issue ON* the macs. sorry.


RE: fsardis and his iDick debacle
By Pirks on 7/2/09, Rating: -1
RE: fsardis and his iDick debacle
By Boze on 7/2/2009 6:38:20 PM , Rating: 3
Well if you've heard so much logic and fact, its about time to shut up and accept it I think.

If you like Apple products, more power to you. Lots of folks do, and having brand loyalty is not inherently a bad thing. Condoning bad practices and overlooking potential problems is where fanboyism becomes a serious issue.

My brother uses a MacBook Pro nowadays, instead of building his own computers. Reason? "I'm tired of having to build a machine and go through the installation and updates and headache of all that." That's understandable, but he doesn't for one minute disagree with me that I can't build a far superior machine in terms of performance and storage. Why? You can't argue facts, that's why.

As far as the SATA issue on Macbooks, why would they disable it anyway? Why disable a feature on your laptop that would, at best, help your laptop stand out from the crowd, and at worse, make your laptop look like its lagging behind technologically? Well I can guess a few reasons. Save battery life and make "tests" look better. "Hey may Macbook has xx hours of battery life!" It doesn't hurt that the average Apple user, as well as the user they target, have no clue what SATA 3.0 gbps means anyway, which is also really sad, because the more you understand about any technology, you more you can get out of it. That applies from computers to can openers.


RE: fsardis and his iDick debacle
By Pirks on 7/2/09, Rating: -1
RE: fsardis and his iDick debacle
By Boze on 7/2/2009 10:08:30 PM , Rating: 2
No, every notebook manufacturer does not want to extend battery life and make tests look better. Ever heard of desktop replacements? Ever wonder why, when reviewed, they might get 90 minutes of battery life or less and they could care less? Probably because its called a desktop replacement, and its there to provide power in the smallest possible package.


RE: fsardis and his iDick debacle
By Pirks on 7/2/2009 10:22:04 PM , Rating: 2
If they were not caring about battery life, as you suggest, they would not provide a battery in those desktop replacements at all.


RE: fsardis and his iDick debacle
By FaaR on 7/3/2009 6:42:08 AM , Rating: 2
It's not a matter of "accepting facts" if your bro doesn't NEED your alledgedly far superior machine, any "facts" you want people to accept don't matter because these facts do not APPLY TO HIM, and people like him.

Seems you should take a couple doses of your own medicine.

You can't offer a farmer a Ferrari F50 when he needs to plow his fields. That it has a much more powerful engine, and goes much faster than a proper tractor isn't important to the farmer. See?


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 8:45:21 AM , Rating: 2
so why offer him a tractor with limited fuel line (sata1) and say nothing about it?
personally i would be very happy with it if apple actually mentioned it at least in the fine print.
you cannot advertise 9400 chipset from nvidia and limit people to sata1 with firmware and say nothing about it. it is just unethical. anyone who can use google and was curious to find out what sata version is in use, will find directly from nvidia that it is sata2. apple does not say otherwise and yet they sell me the machine without warning. this is bound to be illegal.

car analogy for Pirks because his brain only understands those:

Lexus makes a new car that uses a standard datsun engine. they tell you the model of the engine and no other details about it such as torque and hp. you use google to find out the specs of the model directly from datsun and they tell you that the engine produces 80hp for example. but lexus has limited the engine to 40hp and they told you nothing about it.
for the average driver in the city, using the automatic transmission, this makes no difference. lexus also sells for extra cash a racing exhaust that will make your car faster but still the engine is limited to 40hp so your money is a waste apart from minor benefits.
the problem is, that when you hit the motorway and you want to use the full power you will discover that something is wrong. you will also discover that your racing exhaust upgrade was a waste of money.

/pirks idiocy

i already feel dumber for falling to his level.


RE: fsardis and his iDick debacle
By fsardis on 7/2/2009 7:12:52 PM , Rating: 1
was the toshiba the same price as the iphone and did it force you to take 2 years contract? was the toshiba so hyped and did they market is as the hottest thing around that just works?

not a screen problem, but indeed a problem when you use an external screen. your point is invalid because the problem is still valid. an annoying problem made even more frustrating by a company that patches slower than a 2 legged tortoise.

the sata ssd offered as an upgrade for the mbp is infact capable of 220MB/s and it is being capped at 110MB/s due to the screw up. you once again demonstrate how clueless you are. thanks for the laugh.

i see you cannot even make a bait thread without failing hard. one day you will realise that when the majority thinks you are a wanker, they are not the jerks but you are.


RE: fsardis and his iDick debacle
By Pirks on 7/2/2009 8:05:24 PM , Rating: 2
Majority owns iPods as you know, this is why I piss on the majority, and on you especially ;)

P.S. You won't notice a real life difference between 150 MB/sec Samsung SSD and 200 MB/sec same SSD, even if you are a winzealot :P


RE: fsardis and his iDick debacle
By eddieroolz on 7/3/2009 1:14:23 AM , Rating: 2
Actually, only three of my friends own an iPod - and even then they all hate iTunes.

Oh yea, iTunes took 20 seconds to start on my friend's laptop. WMP took 2 seconds.

Where's your Lord?


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 3:06:42 AM , Rating: 1
my lord uses either macs or itunes alternatives for windows, in either case startup time is same 2 seconds, my poor friend :P


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 5:42:47 AM , Rating: 2
majority owns ipods because it is indeed a good product that does exactly what it says on the tin. not everything from apple sucks. the majority means much. you have to accept that you are not smarter than everyone else and by the looks of things your intelligence is far below average. darwin says you should not have kids.

no difference on ssd in sata1 eh? not only did it add a couple of extra seconds but in large file operations it added a few extra minutes. and all that for nothing since the battery life is still 8 hours on my mbp after the firmware update.

by the way, you call me a winzealot but i am using linux, osx and windows vista/7. you are only using vista and still kissing iAss. you are the winzealot here and you are the iAsskisser too.

keep the comments coming. it is friday and we would like a few laughs at work. you have practically started a culture here.


RE: fsardis and his iDick debacle
By sbtech on 7/3/2009 8:49:44 AM , Rating: 3
Majority? Aha.

Well well well. What is the market share of Windows and what is the market share of Macs? That is majority right there for you Pirks.

Have a nice weekend :)


RE: fsardis and his iDick debacle
By amanojaku on 7/2/2009 5:10:21 PM , Rating: 3
1) Lack of cut and paste support for over two years on a product that debuted at $600
2) Poor text input quality, and general gesture inconsistency
3) Lack of a user replaceable battery
4) Poor battery life
5) Recently revealed intermittent 3G dropouts
6) Poor phone call quality, including dropouts
7) iTunes requirement
8) Industry-trailing climate tolerance
9) Fascist content restrictions in the App store

I could type more, but I don't see the point. One accidental positive (likely to be secured by competitors) does not outweigh the negatives.


RE: fsardis and his iDick debacle
By Pirks on 7/2/09, Rating: -1
RE: fsardis and his iDick debacle
By fsardis on 7/2/09, Rating: 0
RE: fsardis and his iDick debacle
By Pirks on 7/2/2009 8:15:57 PM , Rating: 2
quote:
approval from apple is MANDATORY if you have created software that runs on the mac NATIVELY. if you do not get that, your software is never published and even if it was, it would never install successfully on a mac
After reading this fsardis's nonsense, does anyone really believe he's trying to make a PhD in security? Maybe he meant mall security though ;o)


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 5:56:02 AM , Rating: 1
i am doing PhD in network protocols not network security you fuckwit. even so, it is unrelated to software programming for mac. i am not trying to make pretty interfaces for utterly useless software that does not even allow you to switch between windows of the same application if they are hidden behind others. such ease of use. i have to drag the focus window out of the way to reveal the window i want. there is no representation of how many windows i have open from a single app unless i use expose. i would say it is far worse than the simplicity and functionality of the windows task bar. at least with the task bar i an click to any windows i want from any application whether it is visible or not.

go back to your screwdrivers, you called a 9600 high end, and you said the code makes the cpu overheat. how could anyone be dumber than you? by the way, the office here would like more insight on how the code from one company can make the cpu overheat but code from the other makes it stay cool (which it does not)

oh you still don't know what native apps are eh? don't worry, for the job you have, you will never need to know. all your feeble mind need to know is how to use a screwdriver and change out parts. come argue again when you are a computer scientist and not a computer tech. and since you like car analogies, come back when you are a mechanical engineer and not a grease monkey changing oil and cleaning oil filters.


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 10:25:04 AM , Rating: 2
quote:
does not even allow you to switch between windows of the same application if they are hidden behind others
Ever tried to use alt-` shortcut, clown? :))))) hehehe
quote:
at least with the task bar i an click to any windows i want from any application whether it is visible or not
Same with the OS X dock, idiot :))
quote:
the office here would like more insight on how the code from one company can make the cpu overheat but code from the other makes it stay cool
Does "the office here" also would like more insight on how the code from one company can make battery work 5 hours but code from the other makes it work only 2.5 hours? ;)

BTW your "native Mac apps" drivel is the best part of your posts, that's what I call High Quality Lulz, keep it flowing man.


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 12:48:18 PM , Rating: 2
i dont want to use the keyboard dickwash
no the dock only lists the application but not the individual windows of an application. if you call up safari from example and it has 5 windows hidden behind the focus window, you will have to either use a gesture to enter expose, or click on the expose button, or press the expose key, or move the top window around to reveal the hidden ones. all of these actions take much longer than clicking directly on the windows button on the task bar.
even a monkey can understand that. are you still having trouble?


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 1:50:48 PM , Rating: 1
quote:
no the dock only lists the application but not the individual windows of an application
Ever tried to right click on an application's icon in a dock, stupid PhD clown? :)))


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 5:56:03 AM , Rating: 1
i am doing PhD in network protocols not network security you fuckwit. even so, it is unrelated to software programming for mac. i am not trying to make pretty interfaces for utterly useless software that does not even allow you to switch between windows of the same application if they are hidden behind others. such ease of use. i have to drag the focus window out of the way to reveal the window i want. there is no representation of how many windows i have open from a single app unless i use expose. i would say it is far worse than the simplicity and functionality of the windows task bar. at least with the task bar i an click to any windows i want from any application whether it is visible or not.

go back to your screwdrivers, you called a 9600 high end, and you said the code makes the cpu overheat. how could anyone be dumber than you? by the way, the office here would like more insight on how the code from one company can make the cpu overheat but code from the other makes it stay cool (which it does not)

oh you still don't know what native apps are eh? don't worry, for the job you have, you will never need to know. all your feeble mind need to know is how to use a screwdriver and change out parts. come argue again when you are a computer scientist and not a computer tech. and since you like car analogies, come back when you are a mechanical engineer and not a grease monkey changing oil and cleaning oil filters.


RE: fsardis and his iDick debacle
By ice456789 on 7/2/2009 7:49:30 PM , Rating: 2
quote:
Lexus lacked manual transmission too.
Missing cut and paste on a $600 phone is more like having a non-adjustable driver's seat on the Lexus. Sure, the car runs fine without it but it is quite inconvenient.
quote:
Compensated by longer internal battery life and external batteries.
Longer battery life than what? And I would say that external batteries are a poor solution to the many problems of a non-removable battery.
quote:
AT&T
Many reviews of the iPhone have echoed the statement that the call quality has been poor, especially at launch.
quote:
http://www.copytrans.net/copytransmanager.php
So now, 3 years after the phone comes out, someone makes another app capable of putting media on the phone. Bravo! How long do you give it before it's sued out of existence? Even if someone found out how to spoof iTunes, it is still far from universal.
quote:
Are you malware author? ;-)
Perhaps he's just someone who is not interested in Steve Jobs telling him what apps he's allowed to have on his phone. If you think the only apps that are blocked are malware, you've been living in a cave (which is probably a good thing so the sun won't melt your iPhone).

Still you only even debated 5 of the previous poster's 9 comments. Am I to assume you agree with the rest, or just that you need more time to figure out how to BS your way out of them? Or perhaps you live in the sunbelt and walked outside and your iPhone overheated?


RE: fsardis and his iDick debacle
By Pirks on 7/2/2009 8:26:32 PM , Rating: 1
quote:
Longer battery life than what?
Than that of a user-removable battery.
quote:
external batteries are a poor solution
No poorer than the internal ones.
quote:
you only even debated 5 of the previous poster's 9 comments
The rest are subjective thoughts/opinions, not worth debating. If a guy has some problems with his fingers - duh, tough luck buddy. What else can I say? ;-)


By Chocobollz on 7/4/2009 9:37:30 AM , Rating: 2
quote:
you've been living in a cave


Well if he is, I hope he can't make "it" with a box of scraps LOL


RE: fsardis and his iDick debacle
By eddieroolz on 7/3/2009 1:19:55 AM , Rating: 1
Oh lord, another Lexus analogy.

Are you just keeping it up to be comical now?


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 8:24:35 AM , Rating: 1
notice how he is stuck with lexus though. i wonder what that means. he does not compare it to a jaguar or aston martin or maybach. his brain is stuck on lexus like a fat kid who thinks chocolate all day.

it would at least make sense a tiny bit if he did not compare cut/paste with transmission (by the way, the lexus has semi-auto you fuckhead). he failed though to explain why the lexus has no sharp edges on the seats and why the steering does not get too hot to touch when you rev the engine.

Pirks, give us more, there is 10 of us in the office eagerly refreshing this page every minute. even computer illiterate peoplein the office are having a laugh at your idiocy and your obsession with lexus analogies.


RE: fsardis and his iDick debacle
By weskurtz0081 on 7/2/2009 5:01:42 PM , Rating: 2
What exactly are you getting at here?


RE: fsardis and his iDick debacle
RE: fsardis and his iDick debacle
By fsardis on 7/2/2009 7:34:05 PM , Rating: 2
awww look at poor pirks being all butt hurt.

you still do not understand what a native app is, do you, you chimp?


RE: fsardis and his iDick debacle
By Pirks on 7/2/2009 8:54:42 PM , Rating: 2
answer this first:

http://www.dailytech.com/article.aspx?newsid=15552...

coward :))) you think you escaped from answering this one last time? haha, what an idiot :)))


By dark matter on 7/3/2009 3:04:51 AM , Rating: 2
Oh Pirks, you do make me laugh you know. You're such a tool. It's great, as I sit here eating my breakfast prior to setting off to work I imagine you to be some really fat guy sat in his underpants surrounded by discarded pizza and cola bottles in a basement somewhere. A film of persperation covering your top lip as you furiously type away. But hey, we are all individuals and personally I am glad the world has people like you for it makes the place a far more colourful and interesting place. Some people may think you're a prick, but I love you.


RE: fsardis and his iDick debacle
By themaster08 on 7/3/2009 3:40:23 AM , Rating: 3
quote:
coward :))) you think you escaped from answering this one last time? haha, what an idiot :)))

Says the person who avoids answering peoples' questions, and instead replies with further questions based on car analogies?


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 10:13:26 AM , Rating: 1
Well, Master08, the guy seriously claims that you can't publish native Mac apps without Apple's approval.

Think about it for a sec.

Now, would you consider seriously answering all silly questions of a guy who claims that Earth is flat?

No? Then why should I?

fsardis here is just for lulz, he's not worth a serious discussion ans you know it ;) Look at his "native Mac apps" lunacy again. Got it now? :)


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 10:26:34 AM , Rating: 2
i got an off topic question for you.

do you enjoy getting humiliated here? there is not a single person here supporting you. even other fanboys do not come to your rescue. does that not hint you that you have made a total idiot out of you? maybe you placed a bet on how long it will take you to get banned for trolling here?


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 10:40:45 AM , Rating: 2
I enjoy sharing good laughs with my office buddies, reading your funny posts about native Mac apps. Are you satisfied now, clown? ;)


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 12:33:10 PM , Rating: 2
however you have already admitted you work in a pc repair shop, therefore you just lied.
not only are you a clueless blind sheep, you are a liar too.


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 2:09:27 PM , Rating: 1
and you have admitted that you clean toilet bowls for a living, therefore you lied about your PhD too :)))


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 8:14:02 AM , Rating: 2
no, i replied to it and you are still an idiot who does not understand what a native up is and what a non-native app is. post whatever links you like, you just make us laugh more.

go back to your screw driver. go replace some dead sound card or something, you are out of your league here.


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 8:33:06 AM , Rating: 2
sorry for the "up" typo. been going for a day without sleep here.

by the way, my understanding of your first post is that you endorse cutting off java and flash in the name of security. am i correct? please say yes so we can get some laughs.


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 9:55:49 AM , Rating: 2
I wonder where did you get that "native Mac apps require sucking iDick before publishing" lunacy? Can I read your source? I know it exists solely in your imagination, but it may got started after reading a post of similarly ill person ot something? So, will you provide a link or any other kind of proof? Anything?


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 10:22:32 AM , Rating: 2
learn about native apps and then argue. native apps on osx go through the same process that iphone apps go through. this does not prevent malware in any way and it just gives monopolistic control on the platform.

so for instance, open office runs on the mac just fine and it does not require approval because it is java based and it is not a native app. similarly anyone who can write malware takes a similar route, whether that be scripts or trojan apps or anything else.

sorry i cannot come up with a car analogy for you.


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 10:35:00 AM , Rating: 2
So if I make you a native Mac app in XCode that displays window with a sign saying "Jobs sucks my balls and fsardis too" - will you shut up then? ;-) You do know that Apple would never approve such an app, so there must be a contradiction, right?


RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 12:42:25 PM , Rating: 2
so then, can you explain to me how the content restrictions aid in malware prevention?
this is what you claimed before and now you are claiming something else.
if you can indeed do such an app, you have proven that you are wrong and content restrictions do not prevent malware. you will also prove that i am wrong about the authorisation. knock your self out champ.


RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 2:04:54 PM , Rating: 2
There are no content restrictions for a Mac, stop smoking crack :)


"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki