iPhone virus – avast!
Soooo... apparently Mac's can't catch viruses but the iPhone certainly can. There is a flaw in the iPhone's software that allows any attacker to gain complete control over your phone. Flaw which Apple is aware of but still hasn't patched. The details are simple and as such I will cut to the chase: if you receive an SMS with a single square in it, by the love of God - TURN OFF YOUR PHONE.
You have been warned, be safe, buy a Palm Pré.
[via Engadget]
iPhone OS 3.0 Spam Exploit
The good silly folks over at AppleInsider are reporting on a flaw that might open the iPhone OS 3.0 to mass spam. While there is some truth to their claims, they are also being unnecessarily alarmist and making false claims.
The specifics of this exploit is that when you hacktivate an iPhone (i.e. activate it using Jailbreak), your iPhone will be using a private/public key pair to register with Apple's PNS (Push Notification Service) that already exists, in other words, it will be using a key that was not generated to your iPhone but that will be common to everyone who hacktivates their iPhone.
As a result, when a notification comes addressed to that key, all of the iPhones in the world that have been hacktivated would in theory receive that message.
Still, at AppleInsider they claim:
Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an "unofficial activation" required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user's credentials for signing into Apple's PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer.
Whoa, whoa, whoa, little Timmy! Let's debunk this, shall we?
- An unofficial activation (read, hacktivation) is NOT required to use it with unofficial service providers. If an iPhone is already officially activated, the jailbreak will not reactivate it.
- Jailbreaking does NOT necessarily mean that you want to use your iPhone with unofficial service providers. Jailbreaking simply allows you to install third-party applications, such that aren't installed through the regular AppStore.
- You need to jailbreak to use the iPhone with an unofficial service provider, but jailbreaking does not have only that purpose. You can for instance jailbreak to run cracked games. Sure, it doesn't make it any more legitimate or legal, but it is not the same thing.
Finally, I must stress the notion: if you have an officially activated iPhone and if you jailbroke it afterwards, YOU ARE SAFE. Actually, I am not sure about the status of redsn0w right now, but when it was first released the push notifications would not even work for hacktivated iPhones! Still, if you would activate your iPhone normally and then jailbreak it, you would get your push notifications working. In a nutshell, if you have it officially activated, jailbreak will not put you at risk of being spammed.
As for hacktivated iPhones... well, tough luck guys. It seems like you are better off turning of the push notifications if you don't want to be spammed in a near future.
[via Engadget]
iPhone 3.0 Jailbreak and ultrasn0w? It is out!
It might be old news for some, but I am sure that not everyone is aware of this yet.
The good folks at the iPhone Dev Team did it again and after some days that just seemed too long, they released the new tool called redsn0w. This tool is meant to jailbreak the iPhone 3G only, and only with the firmware 3.0 - jailbreak for the 3GS still hasn't been released but since the flaw seems to exist in the 3G, it should only be a matter of days (and of the Dev Team getting their hands on a 3GS - feel free to chip in) until the jailbreak is released.
The process is pretty simple, just update to 3.0 normally through iTunes and when that's done, search for the correct IPSW in the following folder (if you're using Vista or 7):
C:\Users\<username>\AppData\Roaming\Apple Computer\iTunes\iPhone Software Updates
(For XP, search around the Application Data folders under Documents and Settings)
When you have this file, just feed it to redsn0w and follow the steps. In under 5 minutes you should be running a jailbroken 3.0.
After this is done, if you also want to operator-unlock your phone, you'll need ultrasn0w. This is the replacement for the long-lived yellowsn0w. In case you weren't aware of this fact, the new baseband has a hole again, which allows for it to be hacked. This way, we can all use different operator SIM cards without a problem.
To install ultrasn0w, you simply need to add the repo http://repo666.ultrasn0w.com and then search and install the application ultrasn0w on Cydia. Reboot your phone, and you're done. It really is THAT easy!
So what are you waiting for? Go for it!