Hacks

Charlie Miller, known for his continued research on iPhone vulnerabilities may have found an exploit in Safari that could run low level code in the OS.

Miller first gained notoriety for discovering the first iPhone exploit and another vulnerability in Safari during the Pwn2Own contest in which security researchers and hackers alike attempt to break in to various OS’s running on different platforms. The exploit enables the iPhone to run shell code and if this information were to gain traction, iPhone users could have their device broken in to and have their personal information readily available to an unknown third party. However, there has been no news on any iPhone suffering an attack from this exploit.

Via: Arstechnica

Phishing attacks and mobile scams are on the rise thanks to unsuspecting users and hackers employing more elaborate tricks. However, the newest version of Safari will let you know how secure a website is.

The newest Beta version of Safari for the iPhone will identify web pages that have a trusted user certificate ensuring your data is safe. Visiting popular online retailers will show the protected certificate available for the website automatically where as it remained out of site in earlier iPhone builds.

Screenshot courtesy of The iPhone Blog

Via: The iPhone Blog

Skype’s arrival in the App Store early Tuesday has been met with much praise now that a real VoIP App is finally available for the iPhone. Unfortunately, one of the key features that makes Skype so great, VoIP (Voice over Internet Protocol), failed to work over an active 3G connection and was restricted to a Wi-Fi connection. However, 3G connections are supported in the latest Beta version of the iPhone Firmware.

Firmware 3.0 is currently being Beta tested by developers and will arrive sometime this summer but already it’s throwing up surprises. When running Skype on Firmware 3.0, VoIP calls can be made over a 3G connection which goes against Apple’s commitment to cellular carriers that iPhone Apps will not hog their traffic. It will be interesting to see if this loophole makes it to the final release of Firmware 3.0.

Via: Gizmodo

In an ironic twist, Apple’s recently available iPhone patent for alternate authentication methods shows off a Jailbroken iPhone.

Apple has publicly shown its disapproval for Jailbreaking but a patent recently made available detailing authentication methods such as biometric scanning reveals a Jailbroken iPhone in one of the patents diagrams. The diagram shows off a customized home screen complete with a wallpaper (not allowable by Apple) and the older versions of Installer App and Summer Board which are only available exclusively to hacked iPhones.

Pictures after the break.

Via: iPhone Alley

RipDev has released Installer App for the Mac (Windows version available soon) that emulates the App Store for non-Apple sanctioned Apps. However, you will still have to Jailbreak your device, although the process is streamlined with the App.

Retailing at $7, Installer App is the desktop version of the popular iPhone App repository that made thousands of Jailbroken Apps available to eager crackers looking to side step Apple’s control of software distribution. The App comprises of the Jailbreaking utility (which is freely available as QuickPwn) and a directory that pulls Apps for you to install on your iPhone which mimics the long time available Installer App for the iPhone.

Via: Macworld

One of the cooler features in iPhone 3.0 is one of those not enabled out of the box: data tethering. Steven Troughton-Smith, an iPhone developer, has figured out how to enable the hard to come by feature but be wary, your carrier might not like it.

While Apple has been keen to integrate data tethering for some time, the only thing stopping it is how the carriers will react and will likely require you to fork over extra cash just for the privilege. For now, you can pipe your 3G connection (this won’t work on the first generation iPhone) to your computer over USB or Bluetooth by following a simple how to compiled by iPhone Alley.

1. Rename ATT_US.ipcc to ATT_US.zip and unzip
2. Located in the Payload folder, show package contents for ATT_US.bundle and replace the carrier.plist file with this one (make sure to rename)
3. Also in the ATT_US.bundle folder, replace the Info.plist file with this one (make sure to rename)
4. Zip the Payload folder and rename it to something like TETHERING.ipcc
5. Option-click (or Shift-click in Windows) on Update in iTunes and… more...

It goes without saying that Apple doesn’t take kindly to unlocked and jailbroken iPhones. That means those of you running the YellowSn0w unlock will have to hang tight until the Dev Team can craft a custom Firmware bundle of OS 3.0 that won’t brick your iPhone.

Hey, don’t just take our word for it, the Dev Team says on their Blog:

If you find yourself with access to the 3G IPSW for 3.0 via the iPhone Dev Center program, and you are using yellowsn0w, do not update or restore to that official IPSW. You will lose yellowsn0w and find yourself unable to revert the baseband to get it back.
And for those wondering, yes the 3.0 OS is jailbreakable on all devices. It’s just those using 3G yellowsn0w that have to show some restraint and wait for PwnageTool to create a custom IPSW that avoids the baseband update.

While OS 3.0 can still be jailbroken, those trigger fingers will likely corrupt your iPhone’s baseband making it near impossible to revert. Fortunately, a custom version which avoids loading the new Baseband or loading an unlock friendly Baseband… more...

Non Apple sanctioned App stores are becoming all the rage these days. Growing from the slightly clunky Installer.app to a more full fledged version and after friendly competition from the Cydia repository, underground developers are looking for a much easier way to load Apps on to iPhones: a desktop version of Installer.

The desktop version of Installer works much the same way it does on the iPhone in the sense that it installs Apps on to your device but running it on a computer allows much easier transfers and better management. Rip Dev talked about the desktop App very briefly.

“Practically, it is a desktop variant of our own Installer.app. It will allow you to view and install packages that are present in various Installer and Cydia repositories by downloading them to your computer and then synchronizing via the USB cable with your iPhone.”

While it seems a restore is need to actually complete the install, that will be little hindrance to those looking to transfer Apps deemed unfit for the App Store or developed exclusively for jailbroken iPhones.

Via: CNET

Out of the box you can sync your iPhone to one computer. That’s great if you have one computer but if you have multiple machines it would be better if you could sync your iPhone with whatever machine you are using. But if you try that you’ll end up erasing your iPhone’s library and replacing it with the library on the machine you are currently using. It can be a big inconvenience.

It doesn’t have to be that anymore. Thanks to a great hack at Andrewgrant.org you can sync your iPhone with as many computers as you’d like. You’ll need to mess with an XML file and a hex editor but the hack its self is really straightforward. Once the hack is complete you can sync your iPhone to any computer with the modified files. And no, there’s no jailbreaking or loss of functionality on any of the machines involved. Give it a try.

One of the pivotal features of the App Store and SDK for iPhone developers was the inclusion of Apple’s Fairplay DRM wrapper which would have prevented App piracy. Unfortunately, crackers found a way around it and allowed Apps to be pirated just like any other kind of Software. The developer behind Full Screen Browser, an App that sticks to its name, isn’t taking piracy lying down.

Developer Ben Chatelain has implemented a phone home component in his App that checks whether or not the user is running a legitimately paid version of his work by reporting the UUID number to his server. Users will have a 10 day grace period before Full Screen Browser will refuse to launch but not before showing a popup convincing pirates to pay for it out of guilt and having enough time to demo the App. While some users will object to having an App phone home, it will be interesting to see if more developers utilize this as another means to protect their work.

Via: iPhones Talk