Posts tagged security

3.0.1 Firmware Does Not Update Baseband Security


After the tests undertaken by Andrew, we have just received confirmation via the IRC channel of Saurik that the new Firmware 3.0.1 does not update the Baseband for which Apple did not implement any new method of defense against the Jailbreak and dell’unlock . It follows that RedSn0w that PurpleRa1n should be able to unlock the new version of the operating system.

However we recommend not to do so, and wait for an update by the DevTeam and GeoHot that they need to add new tools to their Bundles. It holds your security and there is no particular reason to hurry because the changes in the new Firmware is practically zero.


iPhone 3GS Encryption Is ‘Useless’



iPhone 3GS Encryption is ‘Useless’ for businesses according to Jonathan Zdziarski, a well known iPhone developer and hacker.

In an article by Wired.com, Zdziarski reveals that the iPhone encryption is so weak that it can be cracked in under 2 minutes with a freeware application.

“It is kind of like storing all your secret messages right next to the secret decoder ring,” said Zdziarski. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.” An entire raw disk image of the phone can be made in about 45 minutes.

To demonstrate the phone’s weakness. Zdziarski established a screenshare with Wired.com and was easily able to bypass any encryption to access their data.

Since Apple’s encryption is so poor Zdziarski says its up to developers to add an extra level of security to their application.

“If they’re relying on Apple’s security, then their application is going to be terribly insecure,” he said. “Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it’s entirely useless toward security.”

Read More


Mobile Substrate 0.9.2966-1 – Update | Cydia


In addition to Veency, Cyntact and Five Icon Dock, Saurik has also updated the MobileSubstrate version that comes 0.9.2966-1. This is an extension of Springboard can support as many applications as SBSettings, etc Winterboard. The update is primarily targeted to security and look at the details below:

It was not issued any changelog so I addressed directly to Saurik, who explained to me that this new version allows you to select various daemons to the firmware version required, and consequently, once all the developers use this feature, not you run the most dangerous to install applications not compatible with your device.

Does not end here. Arrive in a few days a new update that will increase the capacity of mobilesubstrate and allow the installation of new extensions that come in Cydia on the same day. In particular, it refers to a recognition of the hardware device, which will install the new daemons or at least to run applications in a totally different sull’iPhone 3GS.

Clearly we will continue to keep you updated! To update the MobileSubstrate simply run Cydia and start the upgrade essential

GPush to Provide Push Notifications for Gmail


TiveriasApps has announced GPush, an iPhone application which will provide push notifications for Gmail.

GPush is the missing link between GMail and the iPhone. For the first time, using GPush, iPhone users will be able to receive their GMail new message notification instantly and no longer have to wait up to an hour to be notified of new email.

Features:
- Instantly receive Gmail new message notifications on the iPhone
- Set it and Forget it: All you have to do is download the app and decide how you want to be notified of new email. You never have to open the app again after that.
- Improved battery life: GPush uses less battery since it relies on push notifications rather than data fetching (“pulling”)
- Ability to see emails on the standby screen just like text messages
- SSL Security Certificate used to ensure password security for GPush users

GPush has been submitted to the App Store for review. If it is accepted it will be available for $.99.

Read More [via TechCrunch]

WSJ Profiles the Chronic Dev Team


The WSJ has published an article on AriX, Chronic, Geohot and the Chronic Dev Team.

The article focuses on Ari, the 15 year old hacker who originally wrote iJailbreak. It tells the story of how he became interested in hacking the iPhone and how he joined up with Chronic and others to form the Chronic Dev Team.

Earlier this year, Ari and his team tried to hack more efficiently by working with another group — iPhone Dev Team, an invitation-only bunch in their 20s and 30s who have typically been the first to roll out iPhone hacks.

Members of the iPhone Dev Team worried about working in a large group. In part, they were concerned that if information leaked out about the security holes they were probing, others could exploit them first. Or, Apple could plug the holes. In March, the two groups stopped communicating.

The article also notes that GeoHot has been helping the Chronic Dev Team and that they have released the purplera1n jailbreak in spite of the iPhone Dev-Team’s desire to wait for firmware 3.1.

Mr. Hotz, who took a paid internship with Google Inc. in April, joined the hackers in early June. In emails, he says he has done the project on his own time and was happy to help “a bunch of cool guys with a good attitude.”

More than a week ago, both Chronic Dev and iPhone Dev said they figured out how to jailbreak Apple’s new phone. The iPhone Dev Team wanted to wait to release its software so Apple can’t plug the security hole in the device immediately.

But Chronic Dev and Mr. Hotz released theirs as soon as it was ready. “A lot of people bought their phones expecting to jailbreak their phones, and now that we have the capability to do it, we should let them,” Ari says. “A lot of people have thanked us.”

Much more in the article linked below…

Read More [via TheiPhoneBlog]

GeoHot Says iPhone 3GS Owners Should Do This Now


Apple has added a new layer of security for the iPhone 3GS and steps need to be taken to prevent these measures from affecting future jailbreaks.

Apple has added a new layer of security to the iPhone 3GS. I mentioned it several posts earlier; it’s the ECID field. When iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It’s important you get these signatures for your phone before a new version of the software comes out. I had previously suggested doing this by dumping usb while the iPhone restores. But this is complicated.

Thanks to GeoHot purplera1n.com will help you generate a unique certificate for your phones iBSS. You will need to keep this certificate for possible use in the future.

Instructions can be found here: Windows, Mac

Read More

How to Generate a Unique Certificate for Your iPhone 3GS’ iBSS (Windows)


Instructions on how to generate a unique certificate for your iPhone 3GS’ iBSS using a Windows PC.

Apple has added a new layer of security to the iPhone 3GS called the ECID field. According to GeoHot when iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It’s important you get these signatures for your phone before a new version of the software comes out.

Step One
Put your iPhone into recovery mode. If you do not know how to do this then you can follow this tutorial.

Step Two
Launch the USBView application. If you do not already have this application you can download it here. It is a small free utility provided by Microsoft.

Step Three
Click to select Config Discriptors from the Options menu.

Step Four
Click to select Refresh from the File Menu.

Step Five
Select the Apple Recovery (iBoot) device from the USB Device Tree in the left panel then Copy (highlight and press Control+c) your ECID from the Descriptor fields on the right.

Step Six
Open your web browser and navigate to purplera1n.com. Paste (control+v) the ECID into the field provided and press the Enter key.

Step Seven
The site will generate a file and ask you whether you would like to save or open it. Click to Save the file and store it in case you need it in the future.

How to Generate a Unique Certificate for Your iPhone 3GS’ iBSS (Mac)


Instructions on how to generate a unique certificate for your iPhone 3GS’ iBSS using a Mac.

Apple has added a new layer of security to the iPhone 3GS called the ECID field. According to GeoHot when iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It’s important you get these signatures for your phone before a new version of the software comes out.

Step One
Put your iPhone into recovery mode. If you do not know how to do this then you can follow this tutorial.

Step Two
Click to select About This Mac from the Apple menu at the top left of your screen.

Step Three
Click the More Info… button from the window that appears.

Step Four
System Profiler will open. Select USB from the Hardware menu at the left.

Select Apple Mobile Device (Recovery Mode from the USB Device tree in the top right panel.

Step Five
Copy (highlight and press Command+c) your ECID from the Serial Number field.

Step Six
Open your web browser and navigate to purplera1n.com. Paste (command+v) the ECID into the field provided and press the Enter key.

Step Seven
The site will generate a file and ask you whether you would like to save or open it. Click to Save the file and store it in case you need it in the future.

Apple Releases iTunes 8.2. Avoid It. (For Now…)


Apple has released iTunes 8.2 for download; however, the iPhone Dev-Team recommends not installing it at this time.

iTunes 8.2 now supports iPhone or iPod touch with the iPhone 3.0 Software Update. iTunes 8.2 also includes many accessibility improvements and bug fixes.

For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222

MuscleNerd, an iPhone Dev-Team member writes, “Today?s iTunes 8.2 update changes the way your computer talks to the device. This affects things like QuickPwn and PwnageTool when they try to identify what?s connected. Also, ssh over usb breaks due to same reasons. Fixes are in the works but for now avoid 8.2. (These are probably *not* anti-jailbreak maneuvers, just Apple changing protocols that normally only Apple cares about.)”


iPhone 3G S Features!

With the announcement of the new iPhone 3G S, many of the new features has been announced along with it. Many of which we have all expected and have seen in rumors, but some were pretty unexpected.

Here is a list of whats new:

  • Accessibility Settings – settings for people with disabilities
  • Better Camera – 3.0 megapixel, auto-focus, and auto-macro
  • Better RAM – improved from the current 128MB to 256MB
  • Better Safari – HTML 5, HTTP streaming A/V, autofill, javascript improvements
  • Built-In Compass – digital compass
  • Cut, Copy & Paste – cut, copy and paste words, photos and videos
  • Hardware Encryption – security feature
  • Improved Battery Life – 15 to 20 percent more longer battery life
  • Internet Tethering – share your iPhone’s high-speed connection
  • Landscape Keyboard – keyboard in landscape mode
  • MMS – send MMS
  • More Storage – 16GB and 32GB
  • Movies, TV Shows, Audiobooks/iTunes U Direct Downloads – buy, download, and view all iTunes content directly on your device
  • Multilingual – support for over 30 languages
  • Nike+ Support – use Nike+ sensor in your shoes
  • Parental Control – restrict content
  • Shake to Undo – shake your iPhone to undo previous actions
  • Spotlight – search across your iPhone
  • Video Recording – 30 fps VGA video
  • Voice Control – use voice to play songs and even call

This is just a few of the features available in then new iPhone 3G S. Many more are still to be announced and even discovered.

Digg!