iPhone/iPad iOS 4.3.3 Fixes Location Tracking Bugs
Following the recent over-hyped “location tracking scandal“, Apple has released iOS 4.3.3 which fixes bugs in the Location Services on iPhone and iPad devices that caused them to store excessive location information. As detailed by Apple’s Q&A on Location Data, the location data stored on iOS devices (and backed up by iTunes) are merely a subset of Apple’s crowd-sourced location database of Wifi hotspots and cell towers, used to facilitate Location Services when GPS is unavailable or unreliable. The bugs were causing iOS to download this location cache even if Location Services were turned off, and to store the cache indefinitely, instead of being regularly purged.
This update contains changes to the iOS crowd-sourced location database cache including:
- Reduces the size of the cache
- No longer backs the cache up to iTunes
- Deletes the cache entirely when Location Services is turned off
It’s nice to see Apple resolve this issue so swiftly, and these changes will help improve the privacy of iPhone and iPad users, regardless of whether they use Location Services. The only thing I would have added if I were Apple, is the ability for the user to clear the location cache in the device settings. It’s a button that could be easily added in Settings > Location Services. Just sayin’!
Everything You Need to Know About the iPhone Tracking ‘Scandal’ [Updated]
Seeing as I cover OSX/iOS security and privacy, I figured it’s about time I weighed in on this whole iPhone/iPad tracking ‘scandal’. I have to admit I was surprised when I first heard of the iPhone storing location data, especially that it does so with Location Services turned off. This issue is not new, however, and was described in a fair amount of depth by Alex Levinson several months ago. What has made it so popular this month is the release of the iPhoneTracker app, developed by Pete Warden and Alasdair Allan, that creates a visual map of your visited locations. I promptly tested iPhoneTracker, and sure enough it showed a bunch of areas that I’d visited. Upon closer inspection, however, I noticed that it didn’t specifically geolocate me in two places where I’d spent a lot of time; namely home and work. On top of that, there were a number of locations I’d never even been to.
[Updated] According to the info recently published by Apple, this stored location data is not the location of the iPhone itself, but rather a subset of crowd-sourced location information for local cell towers and wifi networks, which is only used to rapidly provide the user with location information. Full details at the bottom of this post. Read more
Updates: Mac OS X 2011-002, Safari 5.0.5, iOS 4.3.2
Apple has released several security updates which patch vulnerabilities in the way Mac OS X and iOS handle certificate trust. This comes off the back of the recent Comodo hack in which several fraudulent – yet valid – SSL certificates were created for a number of prominent websites, rendering users vulnerable to potential man-in-the-middle attacks. These updates (2011-002 and iOS 4.3.2/4.2.7) improve the way certificate verification is performed in OSX and iOS. The Safari 5.0.5 update patches two critical bugs which could result in remote code execution.
In other news: Updates to Safari in Mac OS X 10.7 “Lion” have shown that the browser will bring support for the new Do-Not-Track functionality, intended to give users the ability to opt-out from tracking by Third Party tracking and ad companies. Whether or not this functionality will be fully respected by third parties remains to be seen. Lastly, a tethered jailbreak for iOS 4.3.2 has already been released.
Browser and Smartphone Exploits Fly at Pwn2Own [Recap]
With Google offering $20,000 for a Chrome sandbox exploit, Apple releasing fresh security updates, and the organisers allowing researchers to target mobile phone basebands, it was sure make for an interesting Pwn2Own contest at CanSecWest this year.
For the fifth year running, Pwn2Own invited security researchers to discover vulnerabilities and develop exploits for the most popular browsers on Mac OS X and Windows (for some reason Linux is left out this year). Traditionally IE, Firefox and Safari have gotten exploited, with Chrome being the last browser standing at last year’s competition. Google upped the ante by making it significantly more attractive to target their browser this year.
In short: Safari, Internet Explorer, iPhone and Blackberry were all successfully compromised. Chrome and Firefox survive. Hit the jump for the full details! Read more
Apple Drops iOS 4.3 and Safari 5.0.4 Security Updates Ahead of Pwn2Own Contest
In awesome day-before-just-to-try-and-screw-with-your-exploits style, Apple has released significant security patches for iOS, Safari and Apple TV. Safari, which is one of the targets at CanSecWest’s Pwn2Own contest where hackers come to demonstrate 0day exploits, has received an update to 5.0.4, and fixes over 62 bugs including major vulnerabilities in WebKit (eg. Errorjacking) and the ImageIO and libxml libraries.
iOS 4.3 patches largely the same issues in MobileSafari, as well as a remote code execution vulnerability in CoreGraphics. iOS is expected to get a lot of attention at Pwn2Own, with at least four researchers having developed exploits. Charlie Miller and Dionysus Blazakis (@dionthegod) have one exploit which doesn’t work on update, although allegedly the vulnerability hasn’t been patched yet.
Whether or not these updates thwart some of the exploits developed for Pwn2Own remains to be seen. It’ll be cool if it prevents at least one. Either way, good job to Apple for trying.
Update: Just found out that target iPhones at Pwn2Own won’t be running the latest iOS 4.3 which does indeed prevent a number of exploits. Here’s a recap of the Pwn2Own action.
Lastly, Apple TV has been updated to 4.2 to patch a couple not-so-critical vulnerabilities in libfreetype and libtiff that could allow code execution if a malicious image were opened.
Hi the jump for the long list of issues fixed in iOS 4.3. Read more
Understanding Apple’s Approach to Security
With Apple’s growing market share in desktop computers, and relative dominance in mobile computing, the security of Mac OS X and iOS are increasingly becoming talking points. Apple continues to tout the security of OSX, whilst the iOS hacker community keeps looking for (and finding) exploits that will allow them to jailbreak iPhones and iPads. This article is my own look into Apple’s history and strategy, and how this translates into the company’s focus on security today. Read more
Researchers Extract iPhone Data and Passwords in Minutes
A group of German security researchers from the Fraunhofer Institute for Secure Information Technology have discovered a way of extracting personal information and stored credentials from a locked iPhone, by way of a jailbreak. By gaining physical access to an iPhone (or iPad/iTouch), an attacker is able to reboot it into recovery mode, thus allowing them to upload their own jailbroken firmware onto the device. As part of this process SSH is enabled and a script can then be uploaded to the device which uses built-in system calls to extract encrypted data (including credentials in the keychain) from the device. See the video below for a demo of their attack, which can take as little as six minutes.
This attack would not be possible without existing jailbreak mechanisms, which effectively bypass the iPhone’s sandbox and allow unsigned code to be executed. The second issue is the way that iOS handles stored data and credentials, allowing any application to request the information. This is actually a prime example of the dangers of having a jailbroken iPhone or iPad, as it makes it much easier for an attacker to execute malicious code on your device.
These kinds of issues are not isolated to iOS devices, and the same would exist on other devices that could be made to run custom scripts. This will be a tricky issue for Apple to resolve, as much of its security relies on a strong sandbox. Their best chance is to try to identify and patch as many of the vulnerabilities that could be used for a jailbreak. They will also need to review the way iOS handles encrypted data, and ensure that data cannot be extracted by arbitrary applications.
Luckily there is not yet a publicly available automated tool to perform this attack, so it is unlikely that a random thief will be obtaining your data. If you’re really worried, you can use Apple’s free Find My iPhone service to remotely wipe your iOS device should it be lost or stolen. Check out my article on protecting and recovering your iPhone from loss and theft for more information.
The team’s original research paper is available here (PDF).
Chronic Dev Team Release Updated ‘greenpois0n’ Untethered iOS 4.2.1 Jailbreak
The Chronic Dev Team have released (site currently down) the Mac and Windows versions of their latest iOS 4.2.1 ‘greenpois0n’ jailbreak. The Linux version is still listed as “Coming Soon”. Jailbreak users are warned to keep their devices on iOS 4.2.1 when version 4.3 is released later in the week, corresponding with the announcement of the Verizon iPhone, as the exploit used in this jailbreak has already been patched.
iOS 4.3 is expected to bring a number of bug fixes, including the addition of “personal hotspot” functionality which will allow users to share their iPhone’s 3G connection with other computers and devices over Wifi.
[Updated 5/2/2011] Windows version released.
Protecting and Recovering Your iPhone and iPad from Loss and Theft
My sister recently had her iPhone stolen, and it occurred to me that not enough people know how to help protect their iPhone/iPad from theft, what to do if it gets lost or stolen, and the steps to take even if they’re unable to get it back. Using a combination of security tips and geolocation, using Find My iPhone, you should have a much higher chance of recovering your device. Note that although this article is iPhone/iPad-centric… the principles apply to any smartphone!
NEW! Please refer to my Find My iPhone FAQ for the answers to some frequently asked questions (especially before asking a question in the comments). Read more
XBMC Comes to Apple TV 2, iPad and iPhone
The XBMC team have announced an ARM-based release of their open source media player and entertainment hub for the Aple TV 2, iPad and iPhone. The software, that requires a jailbroken device, allows users to stream and play any audio and video format from local network stores. Your Apple TV also retains its normal functionality, and you can still watch/purchase content off iTunes.
Instructions are available for installing on the Apple TV 2 and the iPhone/iPad. Here are two videos of XBMC running on an Apple TV and an iPad.
XMBC is a great piece of software, and I have it installed on my original Apple TV streaming media from my 2TB ReadyNAS NV+.
Loading ...
