O'Grady's PowerPage » News

Security researcher Charlie Miller outs iOS code signing flaw, security hole

Posted by:
Date: Tuesday, November 8th, 2011, 05:46
Category: iOS, News, security, Software

It’s hard to say if it’s discouraging to see the iOS get spotted on assorted security failures or reassuring to see that security experts manage to notice these and bring them to the public’s attention.

According to Forbes, Mac hacker and researcher Charlie Miller has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device by exploiting a flaw in Apple’s restrictions on code signing, allowing the malware to steal user data and take control of certain iOS functions.

Miller explains that code signing restrictions allow only Apple’s approved commands to run in an iOS device’s memory, and submitted apps that violate these rules are not allowed on the App Store. However, he has found a method to bypass Apple’s security by exploiting a bug in iOS code signing that allows an app to download new unapproved commands from a remote computer.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller said. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

The flaw was introduced when Apple released iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a device’s memory than in previous iterations of the OS. Miller realized that in exchange for speed, Apple created a new exception for the web browser to run unapproved code. The researcher soon found a bug that allowed him to expand the flawed code beyond the browser, integrating it into apps downloaded from the App Store.

Miller created a proof-of-concept app called “Instastock” to showcase the vulnerability, which was submitted to and approved by Apple to be distributed via the App Store. The simple program appears to be an innocuous stock ticker, but it can leverage the code signing bug to communicate with Miller’s server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos and other files, as well as initiate certain iOS functions like vibrating alerts.

The app has since been pulled and according to his Twitter account, Miller has reportedly been banned from the App Store and kicked out of the iOS Developer Program.

Miller, a former NSA analyst who now works for computer security firm Accuvant, is a prominent Apple researcher who previously exposed the MacBook battery vulnerability and a security hole in the mobile version of Safari.

The researcher has refused to publicly reveal the exploit, reportedly giving Apple time to come up with a fix, though he will announce the specifics at the SysCan conference in Taiwan next week.

Stay tuned for additional details as they become available.

Hackers unlock hidden panorama camera mode in iOS 5, post instructions on accessing it

Posted by:
Date: Tuesday, November 8th, 2011, 05:19
Category: iPhone, News, security

It’s the hidden features that tend to make a gadget that much cooler.

Per iDownloadBlog, a group of hackers have discovered a hidden panorama mode embedded within Apple’s Camera application on iOS 5, though the feature does not appear to be completed.

iOS hacker Conrad Kramer, who goes by the alias Conradev, revealed via a tweet on Monday that he had discovered a way to enable the hidden Panorama mode within Apple’s own app, as noted by iDownloadBlog. The feature, which appears to be in ongoing development by Apple, offers settings for a grid and HDR when creating a panorama photo.

According to Kramer, the mode is activated by setting the “EnableFirebreak” key to YES in a preference file within the mobile operating system.

Fellow jailbreak hacker Grant Paul, also known as Chpwn, posted screenshots and examples of the panorama mode. He also announced that a tweak enabling the feature has been submitted to the Cydia application storefront for jailbroken iPhones and should arrive sometime on Tuesday.

‘Jailbreaking’ is a process that opens up an iOS device to run unauthorized code and applications. Though the U.S. government has legalized the procedure, it does still void Apple’s warranty.

With the release of the iPhone 4S, iCloud and iOS 5 last month, jailbreak hackers have been kept busy. Paul recently publicized a tweak that brought limited Siri voice assistant functionality to the iPhone 4 and the fourth-generation iPod touch. Siri is currently only officially available on Apple’s new iPhone 4S.

In addition, a “hidden” Drop Box-like syncing feature was discovered last week in Mac OS X Lion that can be used to sync files across multiple Macs.

In August, notorious jailbreak hacker “Comex” revealed that he would be starting an internship with Apple. It is not immediately clear whether he is working specifically on iOS security, but some have speculated that the iPhone maker will put him to use on locking down its software.

If you’ve tried the panorama hack and have any feedback about it, please let us know in the comments.

AT&T offers revised timeline for T-Mobile merger

Posted by:
Date: Monday, November 7th, 2011, 13:47
Category: Finance, iPhone, News


Sometimes you’ve just got to wait for your gigantic telecom merger to take place.

Per Macworld, AT&T has pushed back the expected date of its proposed US$39 billion merger with T-Mobile USA, saying now that the deal will close in the first half of 2012.

When it announced the deal in April, AT&T said it expected to get regulatory approval within 12 months. But a lawsuit by the U.S. Department of Justice and seven states, filed on Aug. 31, made that forecast unrealistic. The suit isn’t even scheduled to go to trial until Feb. 13, 2012.

AT&T laid out the new timeline in a document filed with the U.S. Securities and Exchange Commission on Thursday.

The DOJ has argued that the merger would raise prices and stifle innovation by eliminating a low-price competitor. AT&T’s plans have also come under attack from some consumer groups and from Sprint Nextel and C-Spire Wireless, a smaller mobile operator. Earlier this week, a federal judge allowed a lawsuit by Sprint and C-Spire to go forward. Those carriers argue that the merger would make it harder for them to acquire new types of handsets because of exclusive deals that a combined AT&T and T-Mobile could make.

Stay tuned for additional details as they become available.

Rare 70-minute Steve Jobs interview to arrive in select theaters this month

Posted by:
Date: Monday, November 7th, 2011, 07:25
Category: News

This could be pretty interesting.

Per Movie city News, a 70-minute interview from 1995 featuring the late Steve Jobs and the journalist Robert Cringely that was presumed lost has since reappeared, and will be shown as a limited theatrical release in November.

The interview will screen at select Landmark Theatres locations at 19 U.S. cities on Nov. 16 and 17 as “Steve Jobs: The Lost Interview.” The Palo Alto Aquarius theater will feature an extended 7-day engagement from Nov. 16 to 22.

Originally filmed for the “Triumph of the Nerds” PBS miniseries, the interview was thought to have been lost after the master tapes went missing during shipping. Less than 10 minutes of footage were aired during the series. But, in October, a VHS copy of the interview was found in London and has since been enhanced and restored.

The footage is billed as the “best TV interview Jobs ever gave.” It is especially well-known for containing a section where the late Apple co-founder strongly criticizes Microsoft.

Mark Stephens, the journalist who is usually known by the pseudonym Robert Cringely, was one of the first employees at Apple after having met Jobs and Apple co-founder Steve Wozniak at the Homebrew Computer Club in the 1970s. The Cringely moniker began as a column in Infoworld in the 1980s.

Cringely describes the interview as “a moment in time” because it captures Jobs during his so-called ‘wilderness years.’ NeXT, the company that Jobs founded after being ousted from Apple, as well as Apple itself, were in trouble in 1995. In essence, the interview offers a snapshot of Jobs just before his now famous comeback at Apple.

In the wake of his death, Jobs has been the subject of several documentaries and TV specials, some of which contain unaired footage of him.

An authorized biography on him was also released last month. Culled from dozens of interviews with Jobs, the book offers numerous insights into Jobs’ life and philosophy. The title has already topped best-seller lists, selling 380,000 copies in the U.S. during its first week.

Sony is reportedly looking into producing a film based on the book. Screenwriter Aaron Sorkin, who wrote the script for Academy Award-winning “The Social Network,” is said to have been approached regarding the project.

Stay tuned for additional details as they become available.

VirtualBox updated to 4.1.6

Posted by:
Date: Monday, November 7th, 2011, 04:38
Category: News, Software


VirtualBox, an open source x86 virtualization project available for free has just hit version 4.1.6. The new version, a 88.9 megabyte download, sports an extensive list of changes that can be found here.

VirtualBox 4.1.4 is available for free and requires Mac OS X 10.4 or later and an Intel-based Mac to install and run.

If you’ve tried the new version and have any feedback, please let us know.

Apple releases second beta of iOS 5.0.1 to developer community, focuses on iPhone 4S battery fix

Posted by:
Date: Friday, November 4th, 2011, 11:16
Category: iPhone, News

The fix, it’s in the works…

Now it’s time for the developers to help out a bit.

Per AppleInsider, Apple is apparently working quickly to publicly release iOS 5.0.1, as evidenced by the company’s second beta in two days released on Friday.

Sources familiar with the latest build made available to iOS developers said it is known as “9A404.” It is available as a download from Apple’s developer site, or as an over-the-air update for those already running the first iOS 5.0.1 beta.

The first iOS 5.0.1 beta was issued on Wednesday with a few hiccups, as some developers said they were unable to activate their devices when updating to the pre-release software. Some developers were incorrectly given the message: “This device is not registered as part of the iPhone Developer Program.”

Apple is working quickly to issue iOS 5.0.1 publicly after the company acknowledged this week that flaws iOS 5 have cause battery life issues for some users. The company said that “a small number of customers” were experiencing the issue, which would be patched through the forthcoming software update.

The first beta of iOS 5.0.1 was labeled build “9A402.” It included a number of improvements listed by Apple:

– Fixes bugs affecting battery life.

– Resolves bugs with Documents in the Cloud.

– Improves voice recognition for Australian users during dictation.

– Contains security improvements.

– iOS 5.0.1 beta introduces a new way for developers to specify files that should remain on device, even in low storage situations.”

Stay tuned for additional details as they become available and if you’ve had a chance to play with the beta on your end, please let us know in the comments.

Taiwan en route to sell iPhone 4S before end of 2011

Posted by:
Date: Friday, November 4th, 2011, 06:34
Category: iPhone, News

If you’re heading to the far east soon, this might come in handy.

Per Electronista, Taiwan should get the iPhone 4S before the end of the year after the island’s National Communications Commission approved the device for sale. Clearing the technical hurdle should see the Apple device on sale by either late November or early December. Chungwa Telecom, FarEasTone, and Taiwan Mobile should all be in line to carry the updated iPhone.

Hong Kong is already due to get the phone on November 11. Apple hasn’t detailed which countries are getting the iPhone 4S beyond the known 44, but it has promised more than 70 by the end of 2011. Mainland China is believed to be one of them.

The rollout is Apple’s fastest for a new iPhone and is partly intended to curb the growth of Android. Taiwan is important for the strategy as it’s the home of HTC, Acer, and ASUS, the first two of which depend heavily on Android.

Stay tuned for additional details as they become available.

CBS exec describes turning down Apple TV offer after disagreement over revenue split

Posted by:
Date: Friday, November 4th, 2011, 05:53
Category: Apple TV, News

Sometimes you can reach a middle ground.

And sometimes the aforementioned middle ground is still a million miles away no matter what’s been said.

Per GigaOm, CBS boss Les Moonves revealed in an earnings call on Thursday that his company had been approached by Apple about a potential streaming TV service that would share ad revenues, but the network declined to strike a deal because it prefers to license its content.

Moonves, who serves as the company’s CEO, made the comments in response to an analyst question on whether CBS would pursue partnerships with “success-based or non-guaranteed” streaming players.

“We’ve even been against joining Apple TV, which was an advertiser split,” SeekingAlpha reported him as saying.

With the rise of online content, CBS has stuck to a strategy of upfront license fees for syndication, the report noted. That approach led the network to keep its distance from Hulu, a joint subscription venture by NBC, Fox and ABC. CBS did, however, recently agree to allow Hulu to air reruns from the CW network, a joint venture with Time Warner. It has also reached similar agreements with Netflix and Amazon.

The licensing route appears to be paying off for CBS for now, as Moonves said on Thursday that the network is already receiving “hundred of millions of dollars” annually from online streaming agreements with possibly even more deals to come. The executive is confident that online viewership will continue to bring in significant money over the years.

Rumors of an Apple subscription TV service have existed for years, but CBS’ comments come as the first public confirmation of it. The network reportedly considered a proposal from Apple as early as 2009.

Apple has gradually been adding channels and partners to its Apple TV set-top box. A recent software update added Wall Street Journal Live and National Hockey League content in addition to new features such as Photo Stream and AirPlay Mirroring.

Recent indications have pointed to an upcoming Apple television set with an innovative interface. The late Steve Jobs reportedly told biographer Walter Isaacson that he had “cracked” the concept for a “simple and elegant” connected TV.

Jobs’ comments have reignited speculation that Apple will enter the TV market. The New York Times noted late last month that, according to sources, such a device is definitely coming.

Stay tuned for additional details as they become available.

Sprint working to replicate slow iPhone 4S data speeds, states that carrier is aware of complaints

Posted by:
Date: Thursday, November 3rd, 2011, 09:06
Category: iPhone, News

The iPhone 4S is new to Sprint.

As such, perhaps growing pains aren’t to be unexpected.

Per CNET, a small but growing number of Sprint customers are complaining of slow data speeds. So slow that Siri and other network-sensitive features won’t work.

These complaints started the same day the iPhone 4S was released and continue until today. A thread at Sprint’s community forums that chronicles the problem has almost 248,000 views and over 1,300 replies and is one of the top forum posts on Sprint’s public message board.

Sprint’s head of product development, Fared Adib stated that the carrier is aware of the complaints, but has not been able to reproduce the slowed data connections some users are reporting. Sprint is reportedly working with Apple to track down the problem, if there is one, and find out whether it is hardware or software-related. Once they have identified a root cause, the two companies can work on a fix. When an update is available, Adib said Sprint will get it out quickly to users who are affected by this problem.

Stay tuned for additional details as they become available and if you’ve seen the shortcoming on your end, please let us know.

Apple patent points towards improved OLED displays in future iOS devices

Posted by:
Date: Thursday, November 3rd, 2011, 08:08
Category: iPad, iPhone, iPod, News, Patents


Uncertain about what’s coming down the pipe? Just check the recent patent applications.

Per freepatentsonline, Apple has shown interest in improving the technology behind organic light emitting diodes, or OLED displays, to provide even better battery life for devices like the iPhone and iPad.

Apple’s pursuit of better OLED technology was revealed this week in a new patent application that went public. Entitled “Power Efficient Organic Light Emitting Diode Display,” it describes ways in which an OLED screen could offer improved battery life, particularly when displaying the color white.

The filing notes that OLED screens can operate at lower voltages than traditional displays, like the LCD screens currently found on the iPhone and iPad. This is possible because OLED technology is light emissive rather than light transmissive.

But while OLED can offer some advantages over LCD — including darker blacks, higher contrast ratios, and improved power efficiency — those perks are diminished when an OLED display is used to generate large amounts of white display area.

In order to display a screen that is largely the color white, an OLED panel has to utilize a range of color channels for every pixel on the display. Doing this can be power intensive and make the device inefficient.

“The relative power inefficiency in display white spaces using an OLED display may be particularly problematic in certain contexts,” the filing notes. “For example, certain applications, such as word processing, spreadsheet design and use, database design and use, e-mail, and other business or productivity applications, typically utilize dark or black alphanumeric characters on a white background, such as to simulate writing or printing on a sheet of paper.

“As a result, these applications may cause the display of large expanses of white background with relatively little area devoted to the non-white alphanumeric characters. Such applications, therefore, may make the use of OLED displays unsuitable or undesirably power intensive for battery powered and/or portable electronic devices, such as handheld devices.”

Apple’s proposed solution to this problem would include a transparent OLED display panel positioned in front of a solid white background layer, like a white transflective sheet. The display would also feature an opacity switchable layer located between the OLED panel and the background layer.

“The switchable layer may be switched, in whole or in part, from an opaque or semi-opaque state to a transparent or semi-transparent state,” the application reads. “For example, in one embodiment, the switchable layer may be opaque, e.g. black, in the absence of a current. However, upon application of a current all or part of the switchable layer may be come transparent so that the underlying background layer is visible.”

The combination of a solid white background and an opaque layer that could be made transparent would allow a transparent OLED panel to avoid displaying the color white. By instead utilizing the white background, this could produce the color when appropriate, such as when reading black text on a white background, without consuming battery life to turn the individual OLED pixels white.

The white background could even be used for smaller elements on a screen, and applied even in situations where the entire background isn’t white. In one illustration, Apple shows a list of calendar events on an iPhone, with one tiny element — the selected “List” view — displayed against a white background.

Apple’s proposed invention, made public this week by the U.S. Patent and Trademark Office, was first filed in April of 2010. It is credited to Daniel William Jarvis, Albert John Golko, and Felix Jose Alvarez Rivera.

Stay tuned for additional details as they become available.