Skip to content

Posts tagged ‘bypass’

8
Jan

Mac App Store Simple Copy Protection Security Bypassed

The Mac App Store was released in the recent 10.6.6 update, allowing Mac users to buy and install apps in the same, easy, one-click fashion as iPhone and iPod Touch users. Over 1 million apps were downloaded in the first 24 hours. Although the Mac App Store doesn’t make use of a sandbox like the iOS App Store does, there are still several mechanisms developers can use to prevent their software from being copied and shared between different users.

Hackers have discovered that one of the simpler methods used to authenticate an app is actually stored as a separate plist file within the application bundle. This means that an app can be copied, and the authentication files within its bundle can be replaced with those from an app that was legally purchased (even if it’s a free app).

In order to resolve this, developers should not rely solely on the data found within the plist file external to the binary, and perform some checks against hard-coded values within the binary itself. Some simple tips are available here. Ultimately all software is crackable, Mac App Store or not, so my suggestion to application developers is: spend more time developing great new features, and less time worrying about anti-piracy. This is what itself Apple does. In the long run most people will follow the simplicity route and buy the app.

In related news: How not to store passwords in iOS (developers take heed)

23
Nov

iOS 4.2.1 Released with Free “Find My iPhone”

Apple has finally released the highly-anticipated iOS 4.2 (actual version is 4.2.1), bringing support for the iPad along with several other feature including AirPlay and AirPrint.

Along with this release, Apple has made the “Find My iPhone” functionality in MobileMe free to all iPhone, iPad and iPod Touch device owners. This service uses a combination of GPS, cell tower and wifi-network triangulation to obtain the location of the device, which can then be mapped. It also allows you to send messages, lock or completely wipe the remote device. To use this feature, you’ll need add a MobileMe account using your iTunes Apple ID by going to Settings > Mail, Contacts, Calendars > Add account. You can then track your device using the Find My iPhone app available in iTunes, or using the MobileMe web interface.

Users concerned about the privacy implications of this feature can easily disable it by going to Settings > Mail, Contacts, Calendar > Select your MobileMe account > Set ‘Find My iPhone’ to Off. Have a look at Apple’s KnowledgeBase article for more info on this feature.

iOS 4.2.1 brings with it a number of security updates (including Safari and numerous WebKit patches). Although it’s not mentioned in the update details, the previously-reported cool-but-deadly keylock bypass vulnerability has been fixed. Hit the jump for full details.

Related: Protecting and Recovering Your iPhone and iPad from Loss and Theft!

Read moreRead more

10
Nov

iPhones Make Automatic Skype Calls

A researcher has found that iPhones can be duped into making Skype calls without first prompting the user. This is due to the way that iOS handles URL Schemes, which are used by applications to launch other applications. Just like http:// tells safari to open the specified website, tel:// informs the phone app to call the specified number. For the key built-in calls, such as tel://, the user is prompted to make sure the action is intended.

Some applications define their own URL Schemes, and Skype is one such app. However these third party apps do not ask for permission before performing actions defined by that URL. This potentially allows websites to track iPhone users (via the Mobile Safari User Agent), and then embed an invisible iframe that forces Skype to open (if installed) and call the number.

<iframe src=”skype://1900expensivepremiumnumber?call”></iframe>

This is just one example of how this can be abused, and there are many other apps which may define their own URL Schemes.

There are two ways this should probably be fixed. Apple should prompt the user before switching to the app specified by the URL Scheme. So in the case of the iframe above, iOS would pop up a warning saying: “This website wants to open Skype”, and the user could click on Ok/Cancel. Secondly, but in some ways more urgent, third party app developers should prompt the user before performing actions based on a URL.

4
Nov

iOS 4.2 Update Fixes Passcode Bypass Bug

The upcoming iOS 4.2 update, recently seeded to developers, fixes the recently-discovered keylock/passcode bypass bug. The bug allows any user with access to a locked iPhone to make phone calls, view/modify contacts, and send/view emails, by exploiting a simple bug on the “Emergency Call” screen.

Full details of security patches in this update will be announced upon release.

[Update] iOS 4.2.1 has been released.

26
Oct

Making Calls Using Keylock Bypass Bug on iOS 4.1

A keylock bypass bug has been found in iOS 4.1 which allows unauthorised users circumvent the passcode screen to make calls. It’s a pretty simply trick which involves entering a number (eg. 1) on the ‘Emergency Call’ screen, pressing Call and then immediately pressing the lock button. This brings up the Phone app where the user can pick a name from the contact list, or enter a phone number of their choice. To return the phone to normal (without rebooting it), just hold down the Home button until the Voice screen comes up, press Cancel, and then the lock button.

You are able to add/delete contacts, and open the Mail app by sharing a contact where you can then create and send emails.

Here’s a demo:

I’m running 3.1.3 on an iPhone 2G, and for some reason I can make arbitrary calls directly from the Emergency Call screen without any fancy tricks. Go figure.

These kinds of vulnerabilities are not unique to iPhones however, with similar bypass bugs being found in some Android-based phones.

[Update] Thanks Andy for clarifying what an attacker can do using this technique.

[Update 2] This bug has been fixed in the iOS 4.2 update.

22
Oct

Vulnerability in FaceTime Beta (Quietly Patched?)

FaceTime IconA vulnerability has been found in FaceTime Beta whereby a logged-in user can view and change any of the account details (including the security question/answer) for that account, without first being re-authenticated. There is also an issue with the logout function, as the password remains in the password field after logout, even after the application is quit and reopened.

Although no updates have been officially released, there are reports that some users can no longer reproduce these issues. Quiet fix by Apple? To be safe, you can avoid logging into FaceTime Beta on a computer you don’t own/fully trust until an official update or final version are released.

css.php