|Home » Learning Curve » Red Hat Diaries
Your iPhone is Insecure!
Yep! It's another iPhone security bug.
Karl Kraft's been a NeXT programmer for twenty years. It shows. He's happy with his lot and holds down a number of assorted contracts to make ends meet. He's also got a twelve year old son who has lots of girlfriends.
Karl's been spying on his son. Not the most honourable of acts to be sure. He's done this at least in principle by figuring out how to circumvent iPhone security. He's filed a bug report but says he has little hope of seeing it fixed as he has another report filed from over a year back and there's little joy there yet.
Karl should look at some of the other bugs that have been open for years.
A lot of people have written about Karl's iPhone bug but true to form no one publishes his web address. But it's not hard to find. He comes up first in a Google search for his name.
Karl's site is extensive. And he has a blog. It's a WordPress blog but he's made it his own. In fact the formatting is so unusual it's immediately appealing. This is his view of how his blog should look. Take it for what it is but remember: this is personal. This is not just some typical 'bozo' as he calls them spewing out rubbish day after day.
Karl is a thinker. A patient thinker. He's just gone through the ordeal of getting an app approved by Apple's iPhone App Store. It's not going blazes but it's going a lot better than he expected. It's not enough to keep him in green and it certainly doesn't pay for itself but he was patient and he likes the idea. His account of the long winded process is enlightening reading.
Karl also has something he calls the 'Code Book' online. This is a selection of useful tips and some very interesting observations about computing science in general.
You might want to find out more about this latest iPhone bug; you might want to waste a day and get acquainted with a nice person and developer both; in either case take the time to pay him a visit.
Another iPhone Bug?A 12-year-old who uses his iPhone mostly for texting with his girlfriend has discovered what looks like a new vulnerability with the device.
The unnamed boy, son of blogger Karl Kraft, turns on the passcode lock and disables SMS Preview in order to prevent his parents from seeing any messages, Kraft wrote on his blog.
Those settings block the display of incoming text messages and show an alert saying 'New Text Message' if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.
'Thus all I need to do to intercept the messages from his girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message,' Kraft writes.
Apple representatives did not return e-mails seeking comment.
A different security hole related to password-protected iPhones was discovered in August, and last month a researcher disclosed that the iPhone captures all the activities of a user in order to enable the cool fading applications effect.
Security hole opens up password-protected iPhonesA serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.
Basically, clicking emergency call and double-clicking the 'home' button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.
Then, clicking on the blue arrows next to the names gives access to private information in a favorite entry, clicking in a mail address opens up the mail application, clicking on a URL in the contact information opens up Safari, and clicking on 'send a text message' in a contact gives full access to the text messages.
The report suggests using the 'home' setting so that double-clicking on the home button will take whoever is holding the phone to the unlock screen page.
Engadget reports that a fix for the hole will be included in the next firmware update, but it's not known when that update will come.
Representatives from Apple did not respond to e-mails seeking comment.
iPhone iSpy? Hacker says device captures it allThe iPhone is recording everything users see and do on their devices for caching purposes, an iPhone hacker says.
The device records screenshots of a user's most recent action so that it can achieve that cool effect of applications fading away when the home button is clicked, according to Jonathan Zdziarski, who wrote the forthcoming book iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets.
The screenshots are presumably deleted after the application is closed, but they can be recovered with forensics techniques just like data deleted from most any storage device can be reconstructed for purposes of law enforcement, he said in a Webcast on Thursday in which he demonstrated how to break into password-protected iPhones.
'There's no way to prevent it', Zdziarski said of the screenshot caching, according to a Wired report. 'I'm kind of divided on it. I hope Apple fixes it because it's a significant privacy leak, but at the same time it's been useful for investigating criminals.'
Meantime, breaking into a passcode-locked phone took him nearly an hour to demonstrate and required creating a custom firmware bundle, the report said. The issue is different from a security hole discovered last month that allowed people to get access to e-mail, text, and voice messages on password-protected phones.
Apple representatives did not respond to an e-mail seeking comment for this story.