Ever worry that someone is trying to spoof the origin of text messages on your iPhone? Well according to developer pod2g you should. Although the security flaw he cites is not capable of executing malicious code, it can be exploited to fake the origin of an SMS to an unsuspecting iPhone user.
Pod2g is hoping Apple fixes the problem before the final release of iOS 6. If iOS dealt with incoming text message information properly, the message would display the reply-to (spoofed) phone number as well as the actual originating phone number. As currently configured, iOS only shows the reply-to number.
Apple has started to prompt iOS users to enter security questions in an effort to increase security for Apple ID accounts. The dialog box that pops up on the home screen may look suspicious, but the process is legit. The box reads "Security Info Required" and explains that a password confirmation is necessary.
If you see the pop up, don't be alarmed, simply tap the Security Info button to make sure that Apple doesn't bother you again. This will forward you over to a Security Info screen, where you'll need to enter three separate security questions with answers.
Both Facebook and Dropbox raised eyebrows this week when a security flaw was discovered that could reveal iOS users' personal data. The good news is that both companies are working on a patch to correct the security hole. In addition, the threat of your information actually being stolen is low.
The flaw enables access to personal data only if the malicious person going after your data has physical access to your iPhone or iPad. When it comes to Facebook, the issue revolves around use of a plain text file known as a .plist to store sensitive login information. Copying the file to another iOS device enables access to the victim's account using the Facebook app.
Reports of iMessages being received on the wrong iPhone have resurfaced, this time with Gizmodo posting a slew of information not intended for their eyes. Apparently an Apple employee briefly inserted his personal SIM card into a customer's iPhone, and ever since his iMessages are being delivered to her device.
This is after the customer's iPhone was reset and her personal infomation including her AppleID was reentered on the handset. Similar reports of the problem have cropped up intermittently in the past, with Ars Technica weighing in on the issue. Support forum threads regarding the problem have sprung up at Apple and elsewhere as well.
Apple has released iOS 4.3.5 to patch another security hole. The last update released only a few weeks ago patched the PDF exploit used by hackers to release the latest jailbreaking tool. This update is to stop "an attacker with a privileged network position" from stealing your data while you're surfing the web. If your iPhone or iPad is jailbreak free, or you don't plan on jailbreaking it in the future, accepting the update is probably a good idea. However, the current redsn0w 0.9.8 jailbreak hack still works with the update.
Just connect your device to your computer and "check for updates" to download iOS 4.3.5 for your iPad, iPod touch (3rd generation), iPhone 4, iPod touch (4th generation), iPhone 3GS. The Verizon update is labeled 4.2.10.
Apple has finally addressed complaints that its mobile devices including the iPhone and iPad are tracking users by recording cellular tower triangulation data. The company issued a Q&A document to explain exactly what's happening on the devices they manufacture and how they plan to remedy the issues that even some members of Congress have expressed concerns over.
Apple is already facing lawsuits over the tracking issue, which was revealed by security researchers. Although individual devices have locally stored logs of location data going back as far as the installation of iOS 4.0, Apple insists that the company can't track individuals as any data it collects is anonymous and encrypted. According to the Q&A document, the purpose of these transmissions is to build better location based services and individual iPhones are never tracked at all.
Here's a surprise: no-jailbreak remote iPhone unlock services Cut Your Sim and others are out of business. Apparently their supplier couldn't continue making unauthorized changes to Apple's IMEI database and needs to postpone the service indefinitely. These services were charging a fee of $170 or more to unlock iPhones in a process they claim is permanent without violating the terms of Apple's warranty.
Luckily those who were in line to have their devices unlocked are getting their money refunded. It's not clear why the unlocking procedure had to be stopped, whether it was Apple getting involved or figuring out exactly where the leak was in their database security. What's interesting is that even the operators of Cut Your Sim aren't sure exactly how the iPhones are unlocked, just that the process originates from the UK.
Questions surrounding iPhone tracking have exploded recently thanks to the revelation that cellular-capable iOS 4 devices have been recording their location accurately and consistently since the firmware installation date. All of this location information is logged in a single file that can be parsed and mapped by the new iPhone Tracker application. Although some users don't care about this kind of thing, others are concerned and will want to stop their mobile device from logging location data.
As it turns out, turning off Location Services under Settings will not help, as this only controls the GPS chip inside the iPhone. Security researchers Pete Warden and Alasdair Allan have discovered the location data comes from cellular network tower triangulation, which doesn't require communication with satellite GPS.
Now there's another reason to update your iPhone when Apple releases the iOS 4.2 firmware this November. The company has stated they are aware of the passcode lock security flaw and will issue a fix with the update. It's not clear whether or not Apple had the fix on their radar before reports about the security hole hit the web this week.
A forum user posted the simple procedure which allows iPhones to be accessed even if passcode lock is engaged. With a simple button sequence at the right time the Phone app can be accessed along with all of the contact information stored on an iPhone. Contacts can be called, emailed or even sent an MMS once the iPhone has been accessed, completely avoiding the four-digit passcode.
Apple has released a security fix for iOS 4 and users now have to decide whether or not to install the update. There are pros and cons to installing the update, mostly revolving around whether or not you're interested in jailbreaking your device. The security problem was first discovered and used by the Dev-Team to hack iOS 4 and provide a simple way to jailbreak through the Safari browser.
Now that Apple has released a fix, the developer responsible for the JailbreakMe 2.0 in-browser jailbreak software has made the source code of his exploit public. Let's be clear, the iOS 4.0.2 update will make jailbreaking with JailbreakMe 2.0 impossible, however now that the source code of the jailbreak is public, security threats are bound to multiply.