| Author |
Apple unveils the 3G iPhone |
RyaN
Joined: Jun 24, 2002
Posts: > 500
From: By the hill, Sussex
PM |
Yeah - damn... thought as much... Was looking around Mac related forums following a Google and I got the impression it wasn't going to be very soon 
And yes, having one in Brighton would be superb for both of us! Just wait until someone comes in here from the North of England hearing us moan about having to travel to London when they only have the option of Liverpool or across the border to Scotland to choose from 
Current phone: iPhone 3G Favourite  : S700 Follow me on Twitter!: Here |
|
|
anonymuser
Joined: Dec 17, 2002
Posts: > 500
PM |
Talking about imperfections, anyone had any issues with excahnge contacts or calendars disappearing under 3.0? Twice now, over the last couple of weeks, I've found names not appearing in messages or the phone log, checked the Contacts app and either found it completely empty, or (today) populated by one entry that I happened to edit on the PC today. After a restart everything resyncs eventually - fortunately they're not leaving the server as well. I thought it might be a misbehavng app at first, but can't pin it down..
|
carkitter
Joined: Apr 29, 2005
Posts: > 500
From: Auckland, NZ
PM |
iPhone wide open to hacks via txt.
Note the part that says "a side effect of jailbreaking an iPhone is that it removes about 80% of its security functions, and cautioned that users concerned about security should avoid jailbreaking."
Did the jailbreaking community fail to mention that?
I wonder why? 
|
RyaN
Joined: Jun 24, 2002
Posts: > 500
From: By the hill, Sussex
PM |
Alarming, I hope Apple get this cleared up. Hopefully sorted in the 3.1fw that is out to Devs in beta atm
Current phone: iPhone 3G Favourite : S700 Follow me on Twitter!: Here |
anonymuser
Joined: Dec 17, 2002
Posts: > 500
PM |
Is there any kind of quality control or gatekeeping for Cydia? I just wonder, given that jailbreaking removes most the phone's security against rogue code and obviously allows apps much greater access to the core functions, is there anything to stop a classic trojan horse being installed that way? A nice new desktop widget or whatever that waits till 2am and then silently dials the author's premium rate number in Barbados for a few hours in the background.. even if you were found out after the first night, how many thousands of trusting jailbreakers might you con out of serious money in the first hit?
Edit - I did some reading - and basically no there isn't anything to stop this happening, since Cydia will source apps from wherever you ask it to look. So if I, as a evil trojan developer, simply advertise the hosting address of my evil app effectively, people will use Cydia to download and install it from wherever I put it.
And as the receiving phone is jailbroken by definition, my app can then do pretty much whatever it wants.
Interesting, when you think of it like that really? Kind of puts a vulnerability to malicious SMS in perspective.
[ This Message was edited by: Boinng on 2009-07-06 15:05 ] |
Barachus
Joined: Sep 16, 2004
Posts: 240
PM |
Funny since all the years of jailbreaking there has never been a case trojans, malicious SMS's etc
well lets ignore all that and not let facts or experience get in the way of a good scare story  |
RyaN
Joined: Jun 24, 2002
Posts: > 500
From: By the hill, Sussex
PM |
Well I would've thought to a certain extent there's some form of quality control with Cydia. There are trusted Community sources that are preinstalled, but there are other repos that people can add via a package installation or by manual input. If something dodgy was upped, I reckon someone somewhere would note it and put the warning out to the community, or get the source taken down.
I guess to combat these kind of trojans, surely you'd just need to be 100% positive of what it is you're installing and which repo is being shared by. I would never install something I wasn't sure of, 99% of the time I'm installing something I'm searching for purposely and I know which source it's coming from. Young kids however could be fooled in to installing the latest 'Shiny new wallpaper' or something.
As @NoKia said though, after all the years that have gone by and not one issue like this has been raised before... I remain sceptical
Current phone: iPhone 3G Favourite : S700 Follow me on Twitter!: Here |
voda_jon
Joined: Nov 28, 2004
Posts: > 500
PM |
there is a quality control over some repos... if u add the hakulous repo u get a cydia warning so they must monitor usage in some sort of way otherwise this message wouldnt appear would it...
It goes along the lines of... 'apps downloaded from this source may damage your handset and/or contain copyright material'
J. |
anonymuser
Joined: Dec 17, 2002
Posts: > 500
PM |
"All the years that have gone by" - lol! The iPhone's only existed for a maximum of 2 years, and jailbreaking the first one took about 6 months, that's all of a year and a half of jailbreaking at my count! And of course for the first year or so iPhone jailbreakers were a pretty small, determined, and clued up bunch - it was only with the 3G and now the 3GS that the iPhone got really popular, and jailbreaking at the same time got really easy more recently with the newer dev tools, so pretty much anyone could do it.
The market for exploiting some unsuspecting users seems pretty rich to me. From what I understand, all it takes to "publish" an app through Cydia is to post the app somewhere - anywhere - on the web, and simply have the client enter that address in their iPhone. So a google ad for "cydia-hot-babes.com/iphone" is pretty much all it takes.
Or for maximum impact you could go straight to a repository, maybe post a few different rogue apps from seemingly different authors but with the same underlying money-making code, the "community" might remove them/get the word out eventually but how many would be installed and cashing in, in the meantime? The point is, even at the repositories, there's nobody checking or testing those apps before they're live - and any jailbroken phone is completely defenceless to them once installed.
You can call it a scare story, but surely this is just a basic truth of jailbreaking, isn't it? The very nature of the beast?
[ This Message was edited by: Boinng on 2009-07-06 16:17 ] |
RyaN
Joined: Jun 24, 2002
Posts: > 500
From: By the hill, Sussex
PM |
What point are you trying to prove exactly? We read the article that said that 80% of the iPhone when jailbroken is vulnerable. Tell us something we don't know.
In the meantime I sure as hell wont be installing stuff willy nilly, especially the likes of ''cydia-hot-babes.com/iphone''
Current phone: iPhone 3G Favourite : S700 Follow me on Twitter!: Here |
anonymuser
Joined: Dec 17, 2002
Posts: > 500
PM |
I think my point's pretty clear Ryan, why are you so hostile to it?
The jailbroken software you're using, btw - do you know what's in it? Exactly what it does and where it came from? Whose word are you taking that it's safe, and how do you know that they fully understand everything that software does?
I mentioned an extreme example before - an app that secretly dialled a premium rate number - but that's a difficult thing to hide and would be apparent the first time somebody checked their online billing. What about an app that whilst it was doing something completely innocent and useful on the face of it, was quietly uploading users contacts to a server somewhere. Think how much money you could make from illicit spammers with a list of email addresses culled from every jailbroken iPhone user out there. How much of that kind of info could you harvest from thousands of users before that code was spotted?
|
carkitter
Joined: Apr 29, 2005
Posts: > 500
From: Auckland, NZ
PM |
The SMS vulnerability exists for all iPhones because the SMS app provides access to the root user and code can take control of the device by having admin priviliges. Other apps are sandboxed so no vulnerablity here but jailbreaking bypasses most of Apples security so a potential exists and the jailbreaking community should be upfront about it.
I doubt there are enough jailbroken iPhones to take advantage of for a malicious app to be worthwile. Certainly it's creator could be traced and hackers don't usually hack other hackers anyway.
I would like to see Apple fix this SMS vulerabily pretty quickly considering the potential for misuse.
[ This Message was edited by: carkitter on 2009-07-06 20:58 ] |
Barachus
Joined: Sep 16, 2004
Posts: 240
PM |
Lol so makes u guys think that the 'jailbreaking community' are not aware of these issues before u kindly brought it to our attention? It's just like owning a pc, if u click the wrong link or install the wrong software ur can compromise it, or would u suggest we all give up pcs bcus ppl write viruses? It's all about common sense |
RyaN
Joined: Jun 24, 2002
Posts: > 500
From: By the hill, Sussex
PM |
On 2009-07-06 21:43:25, carkitter wrote:
I doubt there are enough jailbroken iPhones to take advantage of for a malicious app to be worthwile. Certainly it's creator could be traced and hackers don't usually hack other hackers anyway.
Nail on head there mate.
Current phone: iPhone 3G Favourite : S700 Follow me on Twitter!: Here |
anonymuser
Joined: Dec 17, 2002
Posts: > 500
PM |
If "hackers don't usually hack other hackers" why is virtually every other warez download a trojan or virus?
Sorry, but this just seems to be an exploit waiting to happen. With trusting attitudes like these (it's never happened in "all these years" and all) the average jailbreaker, who these days is basically any kid who's applied an easy two minute software tweak provided to them by the dev team, is wide open to an attack like this.
Easy pickings.
[ This Message was edited by: Boinng on 2009-07-07 09:35 ] |
|
|
Posted: 2009-07-02 14:51
: S700
