Frequently Asked Questions About Find My iPhone (and iPad)
I’ve been getting a lot of hits for my article on Protecting and Recovering Your iPhone and iPad from Loss and Theft, and the search queries I’m seeing in my logs, together with the visitor comments, have raised a number of recurring questions. I’ve decided to publish this one-stop-shop of answers for all of the different queries that I see people searching for when they arrive. Although my article addresses a number of these, I wanted to put them all in one post for easy reference. I’ll update this post as new questions crop up. Here goes, in no particular order:
Charlie Miller Discovers iOS Code-Signing Bypass Vulnerability
Security researcher Charlie Miller (@0xcharlie) has discovered a significant flaw in iOS which may allow a malicious app on the App Store to download and execute arbitrary unsigned code. What this means for iPhone, iPad and iPod Touch users is that installing a malicious app may allow an attacker to obtain shell access to your device, and download contacts or images.
Apple reviews every app submitted to the App Store, which has meant that iOS users have not had to worry about outright malware. Since this vulnerability allows the apps to fetch code remotely, they can perform actions not reviewed by the App Store staff. Charlie had submitted a proof-of-concept app that was approved (see video below), but has since been removed by Apple.
The reason this vulnerability works is based around some changes Apple made in iOS 4.3 last year, which allowed Mobile Safari to run javascript at a more privileged level on the devices. This change required Apple to make an exception for Safari to execute unsigned code in a particular area of memory. Charlie Miller’s bug is allegedly a very unique case that allows any app to take advantage of this, and hence run their own unsigned code.
Charlie will be presenting the vulnerability in detail at the SysCan conference in Taiwan next week. Apple has already released a developer beta of iOS 5.0.1 which patches the recent iPad Smart Cover lock screen bypass, but I would not be at all surprised if they release another beta which includes a fix for this bug. Until then, be careful to only install apps from developers you trust.
[Update] Apple has kicked Charlie out of the Developer program. At first I felt that this was an extremely bad reaction on Apple’s part. That said, Apple is probably most upset that Charlie’s proof-of-concept app could have been installed by legitimate users. Regardless of Charlie’s intentions, this could constitute malware, and he should have removed the app as soon as he saw the flaw existed. The posting of his video above probably didn’t help matters either.
iPad Lock Screen Bypass Vulnerability using Smart Cover [Patched]
Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device’s lockscreen. Anyone with an iPad Smart Cover (or fridge magnet) can gain access to the previously-open app (or the home screen if no app was open).
By holding the power button to bring up the ‘Power Off’ screen, closing the smart cover, re-opening it (or just sliding a fridge magnet along the right-hand side of the device), and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they’ll be able to see the installed apps, but won’t be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app.
Unlike Siri being available from the lock screen, which is not a security flaw (an unintended behaviour), this one actually is; and although an attacker does not get full control of the iPad, the severity depends on whether a sensitive app was being used before the device was locked.
Luckily it is possible to protect yourself against this bug in the interim by disabling Smart Covers in Settings > General > iPad Cover Lock/Unlock > Off. Expect Apple to patch this in iOS 5.0.1. Check out 9to5′s video below for a demonstration:
[Update] Apple did indeed patch this bug in iOS 5.0.1. Those of you who disabled your Smart Covers for security purposes can now re-enable them!
Apple Releases Slew of Security Updates (OSX, Safari, iTunes, iOS 5, aTV)
I wasn’t going to post about last week’s fairly significant iTunes update, but then Apple went and patched a whole bunch of vulnerabilities across the board. Some of these are fairly significant so I thought I would provide a short breakdown of the changes. Either way, you should definitely be patching all of your Apple devices and software tonight.
Hit the jump for a summary of the key vulnerabilities patched in Apple’s security updates.
New iCloud Webmail, Contacts, Calendar and Find My iPhone
Before making the switch from MobileMe to iCloud last week, I was looking around for posts about iCloud’s new webmail and didn’t find any. As I’d just installed the iOS 5 GM on my iPhone, I was eager to get iCloud going as well to get a head start, but wanted to investigate the iCloud services first. I didn’t find any useful posts, but made the switch anyway. Seeing as iCloud will be free to all users now, I thought I’d give you a heads up into what you can expect!
Key iOS Security Updates Patch PDF and Certificate Validation Vulnerabilities (4.3.4 and 4.3.5)
The two latest iOS updates are fairly significant in that they patch two critical vulnerabilities. iOS update 4.3.4 patched a number of bugs including comex’s PDF/FreeType vulnerability used to create the latest JailbreakMe exploit. If you’re a jailbreaker, it’s essential that you run comex’s ‘PDF Patcher 2′ within Cydia, in order to patch the underlying vulnerability. iOS update 4.3.5 released a couple days ago, patches a fairly significant bug in the way iOS validates SSL/TLS certificates. This vulnerability can allow an attacker to intercept and/or modify data protected within an SSL session without the user knowing it. This was possible to due the fact that iOS didn’t validate the basicContstrains parameter of SSL certificates in the chain.
If you’re only an occasional patcher – now is the time.
Jailbreak iOS 4.3.3 with JailbreakMe 3.0
JailbreakMe.com has been updated to allow easy untethered jailbreak of your iOS devices, just follow the instructions on the site. Thanks to a new PDF exploit from comex (with the help of chpwn), it is now possible to jailbreak iPhones, iPads (including iPad 2) and iPod Touches running iOS 4.3.3 (note this doesn’t yet include any versions below that). During the jailbreak, saurik’s Cydia app store is automatically installed.
Interestingly, users with jailbroken devices can protect themselves by patching the PDF vulnerability by using ‘PDF Patcher 2′ in Cydia. Normal users will have to wait for iOS 4.3.4 from Apple. Note, however, that having a jailbroken iPhone or iPad still makes you slightly more vulnerable to other attacks, as the iOS sandbox is essentially bypassed.
Locate Lost or Stolen Macs with ‘Find My Mac’ in Lion and iCloud
Apple’s popular Find My iPhone feature of MobileMe is being extended to Macs as well, as part of iCloud and Lion (10.7.2). It will also allow the person who found or stole the machine to login using a limited guest account (with only access to Safari), in order to allow your Mac to connect to the internet. As with the iOS version, Find My Mac will allow you to remotely send a message, lock or even wipe your computer.
I’m guessing the geolocation will be limited to triangulating local wireless networks, but I’m hoping it will also send back the public IP address of the network it’s currently connected to, which would help significantly when trying to recover a stolen device. I wonder how developers of commercial Mac tracking software are feeling right about now?
For more info and pictures check out this post at Cult of Mac. In other news, iOS 5 will finally bring the ability to delete entries from your call history.
Poll: What iOS 5 feature are you most looking forward to?
iOS 5 will be a major update to Apple’s portable OS, to be released in the Fall of 2011. It’s got a whole bunch of new features, which one are you interested in?
What iOS 5 feature are you most looking forward to?
- iMessage (31%)
- Notification Center (23%)
- iCloud Integration (21%)
- Wifi Sync and Backup (19%)
- Twitter Integration (4%)
- Location-based Reminders (2%)
Loading ...If your preferred option isn’t available, I’d be interested to hear what it is in the comments!
WWDC 2011 Reaction: Lion, iOS 5 and iCloud
I’ve been following Apple for pretty much my whole life, and I like to think that I have a good feel for how the company is going to behave. Every so often they actually manage to surprise me a little, which is always nice, and WWDC 2011 managed to do that. First off, it was nice to see Steve back in action, particularly as all the stuff he announced is essentially what he had been dreaming about and predicted as the future of technology back in WWDC ’97! Secondly, although it may not seem like it, this WWDC was different, and in my opinion is the starting point for something fairly major, both for Apple and the future of the way we use technology in general.
I don’t want this to be a long protracted post about what was announced, but here is a short recap. Read more
Loading ...
