i2 Security Blog

Keeping you upto date on the world of IT Security

i2 Security Blog - Keeping you upto date on the world of IT Security

App Store expels iOS hacker

Charlie Miller, a well known Apple hacker who has exposed a large number of vulnerabilities in Apples software has been ousted from the iOS Developer Programme by Apple.  This happened after he published an app that exposes a serious bug in new iPhones and iPads.

 

InstaStock app, which had been accepted and approved by the App Store back in September, is a program that tracks stock prices in real time.  However there is also a secret hack that bypassed protections built into iOS devices that prevent code from running on them unless it has been signed by Apple’s official cryptographic seal.  As a result the app is capable of other things including downloading pictures and contact details from iPhone’s and iPad’s.

Apparently a few hours after Miller revealed the ‘extra’ functionality of his app he received an email stating that Apple was terminating him from the iOS Developer Program for violation of a clause in the program’s license in which he agreed he wouldn’t “hide, misrepresent or obscure any features, content, services or functionality” of applications he submitted.

 

Miller’s code-signing bypass exploits a change introduced in iOS 4.3 that for the first time created a small region in iPhones and iPads where unsigned code downloaded from the internet could be executed. The exception was designed to improve the performance of Safari by allowing it to do just-in-time compiling. To prevent the exception from being abused, Apple tightly restricted it to Safari, and even then only in certain cases.  Miller discovered a flaw in the way the checks are run though.

 

Miller said he’s concerned that his excommunication will hinder his ability to find security bugs in Apple software until it has become publicly available. A case in point is iOS version 5.01, which is currently in beta testing.  Now no longer part of the developer program Miller no longer has access to beta code and therefore will have to wait until the code is publicly available before he can check for vulnerabilities.  By which time it will probably be too late.

Apple announces iPhone4S

Apple finally announce the release date for the iPhone4S, as it will be known. Rumours about the name have long been floating on the internet but it has finally been announced as iPhone4S and not iPhone5.

There will be an improved camera and significantly better battery life on the new model, which is set to go on sale on the 14th of October.
The new model has the same look and feel as the current iPhone4 and will be available as 16Gb, 32Gb and 64Gb versions in ether black or white.

Even though it has the same look and feel as the current iPhone4 the new version of iOS will boast 200 new features.

There will be a dual core A5 chip improving performance.
An 8 megapixel camera that will also shoot 1080p HD Video.
Siri, the intelligent assistant that you can ask questions and hear the answer.
The iPhone4S is also the first phone to switch intelligently between two antennas to transmit and receive calls, so call quality is better.

Full details can be found here

Rumours that Apple will launch iPhone 5 Today

Ok so not strictly a security feature but an interesting one none the less.

Rumours have begun and it is expected that Apple will launch its long awaited iPhone 5 today!!!

Journalist have been invited to a “Let’s talk iPhone” event at the California campus due to start at 18:00 BST.

As always rumours have been MASSIVE as to how different it will be from the predecessor, or in fact if there will be any differences actually worth writing about.  As ever with Apple launches, exact details of product features will not be known until the event.

The launch is scheduled to be hosted by Tim Cook, now Apple’s full time boss following Steve Jobs’ retirement in August.  However rumours are running that Steve Jobs may make an appearance at the event.

The director of research at analysts CCS Insight said they are expecting to see a ‘flagship’ device to cement the iPhones position as the ‘must have’ device.  However others think the iPhone will be named the iPhone 4S (rather than 5).

I guess we all have to wait until 18:00BST tonight to find out.