Second lockscreen bypass exploit discovered in iOS 6.1, data vulnerable via USB connection

Posted by:
Date: Tuesday, February 26th, 2013, 07:07
Category: Hack, iOS, News, security, Software

Apple either needs to assign its iOS security people some business hammocks or take their current ones away…

A second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to more user data when the phone is plugged into a computer.

Per MacRumors and Kaspersky’s Threatpost, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.

Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.

Stay tuned for additional details as they become available.

Apple’s iOS 6.1.3 beta could fix security holes, disable Evasi0n jailbreak

Posted by:
Date: Tuesday, February 26th, 2013, 07:02
Category: Hack, iOS, News, security, Software

evasi0n-icon

It was awesome while it lasted.

Per Forbes,

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang has stated that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang has stated that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

Stay tuned for additional details as they become available.

Google opens Maps API to entire developer base

Posted by:
Date: Friday, February 22nd, 2013, 08:04
Category: News, Software

Google-Maps-Logo

Well, this is one pretty definite way to win the GPS app war…

Per The Unofficial Apple Weblog, Google has expanded its Google maps SDK for iOS developers. The SDK, which was quietly launched back in December, allowed developers to do two things: first, they can embed Google Maps in their apps instead of Apple Maps, and second, they could specify in their apps if an address or directions should be opened in Apple Maps, or the Google Maps app. However, in order to access the SDK, iOS developers had to register their interest and wait in line to be approved, which led to a limited amount of third-party apps bringing Google maps back.

Google has now released version 1.1 of Google Maps SDK for iOS. Not only does the updated SDK include support for ground overlays, gesture control and geodesic polylines, it makes the Google Maps API immediately available to all developers that want it. Now a developer simply needs to grab their keys from the Google API Console.

With the release of Google Maps SDK for iOS version 1.1 users can expect to see a quick uptick in the number of iOS apps that are using Google Maps again.

If you’ve had a chance to play with the new SDK, please let us know.

Apple releases iOS 6.1.3 beta 2 build to developer community, looks to resolve recently-discovered lock screen security hole

Posted by:
Date: Friday, February 22nd, 2013, 07:21
Category: iOS, News, security, Software

This could be useful.

Per MacNN, Apple on Thursday pushed a new beta build to the developer community of its iOS mobile operating system designed to address a bug that can allow users to get past an iPhone lock screen even when a secure passcode is enabled.

iOS 6.1.3 beta 2 is available to members of Apple’s development community for testing prior to the software’s official release. Sources familiar with the latest build indicated it addresses the security hole discovered last week that could allow anyone to bypass an iPhone lock screen.

Those with access to the new software indicated it is identified as “Build 10B318.”

The software also reportedly includes a number of improvements related to the Maps application in Japan. Specifically, they are:
- Improved pronunciation of roads during turn-by-turn navigation.

- Optimized directions to more strongly prefer highways over narrower roads.

- Now indicates upcoming toll roads during turn-by-turn navigation.

- Added labels for junctions, interchanges, on-ramps, off-ramps, and intersections.

- Added indicators for transit station buildings, subway lines, and traffic lights.

- Updated freeway color to green.

- Updated icons for some location categories including fire stations, hospitals, and post offices Added 3D buildings including Tokyo Station, Japan Imperial Palace, and Tokyo Tower.

The new beta comes only two days after Apple released iOS 6.1.2 to the public, addressing a bug related to Exchange calendars that could drain a device’s battery.

Apple first began testing its planned improvements for iOS Maps in Japan with the first beta of iOS 6.1.1 earlier this month. But that software number was quickly used for an update issued to iPhone 4S owners that addressed issues related to battery life and 3G connectivity.

Thursday’s beta software release was renamed iOS 6.1.3 for developers because the iOS 6.1.2 identifier was also used this week in the latest public update.

Stay tuned for additional details as they become available.

Sony unveils upcoming PlayStation 4 architecture, announces “PlayStation App” to extend second screen functionality to iOS devices

Posted by:
Date: Thursday, February 21st, 2013, 07:39
Category: iOS, News, Software

ps4controller

This could lead to something nifty.

In a follow-up to Sony’s PS4 announcement on Wednesday, the company released a statement regarding the platform’s “second screen” abilities, noting that Apple’s iOS devices will be supported.

Per AppleInsider, the “PlayStation App” will allow iPhone, iPad and Android device owners to use their devices with the upcoming PlayStation 4 console. While second screen apps were touched on in the platform unveiling, specific device support went unmentioned.

Information regarding the app’s capabilities is scarce, and it is unclear how feature-rich Sony is willing to make the second screen experience given that the company is pushing hard to incorporate its own handheld, the PS Vita, as part of the PS4 ecosystem.

A new application from SCE called “PlayStation®App” will enable iPhone, iPad, and Android-based smartphones and tablets to become second screens. Once installed on these devices, users can, for example, see maps on their second screens when playing an adventure game, purchase PS4 games while away from home and download it directly to the console at home, or remotely watch other gamers playing on their devices.

During the keynote, Gaikai founder David Perry noted users will be able to purchase game content from mobile devices and have it downloaded to their consoles at home. Another possibility for the app is live streaming to friends’ devices through the PS4′s “Share” option, though this feature was mentioned in regard to the PS Vita.

Microsoft currently offers its own app, called Xbox SmartGlass, for the Xbox 360, though the title’s feature set offers little more than controlling basic console functions.

Stay tuned for additional details as they become available.

Evasi0n hack updated, new version offers iOS 6.1.2 support

Posted by:
Date: Wednesday, February 20th, 2013, 08:34
Category: iOS, News, security, Software

evasi0n-icon

It’s hard to knock a hack that’s also updated frequently.

Per MacNN, the Evasi0n iOS jailbreak tool has been released enabling support for the new 6.1.2 OS update. No bug fixes are noted for the release, or specific notes on what the group had to modify to enable the hack.

Problems such as app instability, battery drain or other minor issues are common with jailbreaks, as they rely on injecting new code to overwrite portions of the original Apple code. Other potential hazards, according to Apple, include security issues as the jailbreak relies on an exploit, which could be found and misused by others to serve malware or foster hacking attacks as seen on the Android platform.

Apple has also warned that iOS devices that are jailbroken may in some cases be refused warranty or extra-warranty service, particularly if there is any chance that the jailbreaking is related to the complaint. Most devices can be easily un-jailbroken and returned to normal service if they are still operable, but if they are nonfunctional as a result of the process (known as “bricked’) then the jailbreak cannot be removed before servicing.

If you’ve tried the updated version of Evasi0n and have any feedback to offer, please let us know in the comments.

Apple releases iOS 6.1.2 update

Posted by:
Date: Tuesday, February 19th, 2013, 12:42
Category: iOS, iPad, iPad mini, iPhone, iPhone 3GS, iPod Touch, News, security, Software

Never doubt the speed of a fix in the wake of bad PR…

On Tuesday, Apple released iOS 6.1.2, a 107 megabyte download offering the following fixes for its supported iOS devices:

- Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life.

iOS 6.1.2 is available via iTunes or Over-The-Air updating and requires an iPhone 3GS, 4, 4S, 5, iPad 2, third or fourth-gen iPad, iPod Touch 4th Gen or iPad Mini to install and run.

disableEmergency app available through jailbreak, helps bypass iOS 6.1 lockscreen exploit

Posted by:
Date: Monday, February 18th, 2013, 08:52
Category: Hack, News, security, Software

The hackers get the last laugh this time around.

Per The Mac Observer, the jailbreak community has beat Apple to the punch with its own solution to an iOS 6.1 bug that could give someone access to your iPhone without knowing your passcode. The app, dubbed “disableEmergency”, removes the Emergency Call button from the lock screen, which effectively removes one of the steps needed to break into your iPhone.

The security flaw requires several steps involving swipes, taps and button presses in the right order, afterwhich your contacts, schedule, and email are acessible.

Removing the Emergency Call button from the lock screen means calling for police or fire assistance will require dialing the emergency number yourself, so hacking your iPhone just to avoid a difficult to perform process may be a little extreme, especially since Apple has promised that a fix is on the way.

disableEmergency is free and available through the Cedia installer.

If you’ve tried the disableEmergency app and have any feedback to offer, please let us know in the comments.

Rumor: Apple working on quick fix for lockscreen exploit in iOS 6.1.2

Posted by:
Date: Monday, February 18th, 2013, 08:56
Category: iOS, Rumor, security, Software

When in doubt, work on a fix.

Per German web blog iFun and AppleInsider, Apple is already working on an update to iOS 6 to address a dangerous passcode vulnerability discovered earlier in the week, with one report claiming that the company anticipated issuing the update as early as next week.

The article presently states that iOS 6.1.2 will arrive early next week, and likely before February 20. iFun accurately predicted the launch of iOS 6.1.1, relying on the same sources that tell them 6.1.2 is on the way.

News of the lockscreen exploit hit the Internet last Wednesday. Using the bypass method, one can view and modify an iPhone owner’s contacts, listen to voicemail, and browse through their photos. The exploit does not, though, appear to grant access to email or the web.

Apple on Thursday acknowledged the vulnerability. The company, representatives said to the media, is hard at work on a patch, though they provided no hard details on when users could expect one.

Stay tuned for additional details as they become available.

Lockscreen bypass available in iOS 6.1, contacts vulnerable through hack

Posted by:
Date: Thursday, February 14th, 2013, 05:54
Category: Hack, iOS, News, security, Software

Ok, they’re probably going to need to fix this.

Per The Verge, a security flaw in Apple’s iOS 6.1 lets anyone bypass your iPhone password lock and access your phone app, view or modify contacts, check your voicemail, and look through your photos (by attempting to add a photo to a contact).

The method, as detailed by YouTube user videosdebarraquito, involves making (and immediately canceling) an emergency call and holding down the power button twice. Tests confirmed that the hack worked on two UK iPhone 5s running iOS 6.1 and can be seen below:



Similar instances had occurred – and were patched – in iOS 4.1, and was fixed in iOS 4.2.

Apple has yet to reply to requests for comment regarding this situation.