As with all new phones there invariably tends to be some unforseen “features”. Well, today news emerged that Droid too was susceptible to just such a feature. It turns out that there is a a rather simple way to bypass the screen lock on these phones by hitting the “back button”.
From Techcrunch:
Exploiting the bug is fairly simple: while receiving an incoming call on a Droid that has its Lock screen activated, you can simply hit the dedicated ‘Back’ button to bypass the lock and jump to the homescreen. This, of course, gives access to the owner’s Email account, cookied web pages, phone directory, and everything else stored on the phone. You can take a tiny bit of solace in the fact that the thief would have to know your phone number or wait for someone to call your phone to exploit the bug, but that’s not particularly reassuring.
Oops. But, there’s an app for that. Nothing really new here other than to point out that iPhone had it first.
Heh.
There is this damn breathing noise I hear on the line everytime I make a phone call from my cell.
What’s that? It was Paget and Nohl?
…oh!
From The Register:
At a hacker conference in Berlin that runs through Wednesday, the cryptographers said they’ve cracked the algorithm that determines the random channel hopping and have devised a practical means to capture entire calls using equipment that costs about $4,000. At the heart of the crack is open-source software for computer-controlled radios that makes the frequency changes at precisely the same time, and in the same order, that the cellphone and base station do.
“We now know this is possible,” said Karsten Nohl, a 28-year-old cryptographer and one of the members of an open-source project out to prove that GSM, the technical standard used by about 80 percent of the mobile market, can’t be counted on to keep calls private. The attack “is practical, and there are real vulnerabilities that people are exploiting.”
Ouch!
Yet another reason on the long list of “Why the hell am I not in Berlin?”.
For the full article read on.
Also, here’s where you can find a copy of the presentation at 26c3. And yes, the video of the preso is available on torrent sites. 1 2 and 3
There’s an app for that. Cisco has released an app for security alerts. The real rub is that this only appears to be an RSS feed. Albeit, a start.
From The Register:
Cisco has pushed out a new iPhone app that helps IT managers respond to newly-detected security threats by the seat (pocket) of their pants.
The Cisco SIO To Go iPhone application beams in data from the company’s Security Intelligence Operations (SIO) to show a customizable menagerie of security information that could potentially help defend a business network.
But, that’s not all. You can also follow…their Twitter & YouTube feeds.
So, potentially.
There are a couple of problems with the Android phone in the new this evening. The first of which concerns how Android processes SMS messages.
Hmm. Why does this one ring a bell?
From oCERT:
a specific malformed SMS message can be crafted to trigger a condition that disconnects the mobile phone from the cellular network. The malformed SMS message consists of a badly formatted WAP Push message which causes an Java ArrayIndexOutOfBoundsException in the phone application (android.com.phone).
The other problem involves a denial of service problem with the Dalvik API.
A specific malicious application can be crafted so that if it is downloaded and executed by the user, it would trigger the vulnerable API function and restart the system process. The same condition could occur if a developer unintentionally places the vulnerable function in a place where the execution path leads to that function call. Triggering this bug is considered a DoS condition.
Congrats to researchers Charlie Miller, Collin Mulliner and Emmanouel Kellinis. Patches have been released by the vendor for both of these issues.
From Wireless.FCC.gov:
Article Link (.pdf)
(Image used under CC from LordSchrammi’s Flickr stream)
The new code update (3.1) for the iPhone, to be honest, doesn’t seem to offer a lot of incentive to upgrade. Well, with the exception of the security fixes that are in the mix.
From ZDNet:
Apple has released security patches to cover serious security vulnerabilities in its iPhone, iPod Touch and QuickTime products.
The most serious of the vulnerabilities could lead to remote code execution attacks that give malicious hackers an easy way to hijack computers and mobile devices.
Then if you do update and are jailbroken, next comes the brick. Currently there is no jailbreak yet available for this revision of code.
From C|Net:
If you’re one of the millions of iPhone users who’ve Jailbroken their iPhones or iPod Touches–the desktop hacking trick that allows you to use non-Apple approved apps, access the iPhone’s file system, and other tweaks–you’ll want to hold off on the latest software update (3.1) that Apple announced today. Updating your iPhone or Touch will break your Jailbreak, meaning any services and apps you’ve installed via Cydia will be gone, as well as Cydia itself.
So, until there is a “fix” be aware that you won’t be able to run Metasploit et cetera if you upgrade.
Otherwise…
Hmm. It appears that Palm is a little too interested in what its Palm Pre handset users are up to. A Sprint customer, Joey Hess, discovered that his phone had been happily chirping away sending his info to Palm.
From The Telegraph:
The software developer said that log files for the handset show that his phone has been sending data back to Palm on a regular basis.
Mr Hess said that although the data was sent over a secure link, it contained information about his location, and a list of the applications installed on his handset. It showed how long he spent using those applications, and sent back crash data whenever applications unexpectedly quit.
The information was sent to Palm over a secure channel. Which would mean something if he had consented to the aforementioned monitoring.
Now, I understand crash reports and the like but, this appears at least from the article and the buzz on the tubes to be more than that. At least with crash reports on Microsoft and Apple systems there is a go no go option presented to the user as to whether or not they want to send.
Palm said its privacy policy was similar to many others in the industry. “[It] includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience,” said the company in a statement. “For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust.”
The road to hell is paved with good intentions.
In a weird moment on my train ride home this evening I saw something from the future.
Perhaps.
It was odd. As I got up to get ready to get off at my stop I noticed a gent sitting just to my right with his feet propped on the stairs. What caused me to take notice was the black MacBook he was using.
Hmm, just like mine.
Then I noticed what was on his screen. He was writing copy for a Bell Canada advertising campaign. Nothing overly exciting. That is, until he hit F9 on his keyboard and brought a graphic into focus. It was an iPhone ad for Bell Canada that is apparently scheduled for Q4.
WTF?
Sure enough, there it was. As I knew that I’d not be believed I snapped a pic. Sadly, the screen is washed out. But, from conversations with our own James Arlen it appears that Bell and Telus have been ramping up for 4G in a hurry and the new device might make an appearance on Verizon as well.
Not sure if this is in fact the case but, I do know that I saw it on his screen. Should really make things interesting in the Canadian mobile market. Might actual have *gasp* competition. Damn three year lock in.
And for those of you travelling on trains, planes and automobiles buses, please use caution when you open your laptops. Be aware of your surroumdings. Get a bloody privacy screen for your laptops and FOR $DEITY SAKE DON’T PUT YOUR PASSWORD ON A POST-IT NOTE ON THE LID!
/rant off
Tags: Bell iPhone, iPhone 4G, iPhone 4G Canada
A few days ago the news came out that Apple is working to fix a new problem with the iPhone SMS that will permit code to be passed rather than simply text messages.
From Ars Technica:
Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone’s SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. Miller hasn’t yet detailed the flaw, citing an agreement with Apple, though he and partner Vincenzo Iozzo plan to detail their discovery later this month at the Black Hat Security Conference in Las Vegas.
During a presentation at the SyScan security conference in Singapore, Miller explained that a vulnerability in the iPhone’s handling of SMS messages makes it possible to send code instead of strictly text.
“(W)hen it executes the code it does so with root privileges”. As root? Um, whoops.
I am really looking forward to this preso at Black Hat.
A presentation that I will be keenly interested to see at Black Hat this year involves some iPhone hacking fun with Charles Miller and Vincenzo Iozzo.
From Technology Review:
Now two researchers hope to make things considerably easier for would-be iPhone hackers. Next month, Charles Miller, a principal analyst at Independent Security Evaluators, and Vincenzo Iozzo, a student at the University of Milan, in Italy, will present a way to run nonapproved code on Apple’s mobile device at the Black Hat Security Conference, in Las Vegas.
Researchers have previously found vulnerabilities in the security of the iPhone; Apple disclosed and issued a patch for a dozen such security holes in the device last November.
This will be an interesting one. Curious if Apple will lawyer up on this one. For the full article read on.
