iPhone augmented reality apps in OS 3.1 for the 3GS on the way!
Jul/092
"I knew that!", says the navigator.
Let’s face it: we’re all waiting for the day when our iPhones and iPod touches start identifying the hunk beside that bar or that chick walking on the street by just taking her photo with a camera. While that won’t be possible in the near future (though the Twitter app above allows a bit of room for that), there’s of course the augmented reality (AR) apps in the up-and-coming iPhone OS 3.1, slated to arrive this September.
To put it simply in the context of the iPhone, it combines the usage of the camera, the all-new magnetometer (a.k.a compass), GPS and an Internet connection to give you real-time information on what you see. For instance, you can point at one location and that will give you the nearest road. There are many uses for it, and the possibility is endless.
According to the LA Times post here:
Apple told Acrossair, developer of the Nearest Tube train finder, that the app will be approved for distribution after Apple releases version 3.1 of the iPhone software, which the developer expects will land in early September.
Augmented reality apps can only be used by iPhone 3GS users, though. Boo.
UDID causes security compromise? Tapulous products’ users in danger!
Jul/095
Revenge, indeed.
Thanks to the guys at iPod touch Fans and their post here!
People out there who have a Tapulous account, beware. If you don’t know what a Tapulous account is, basically it’s the profile generated from the UDID (unique device identifier) of your iPhone/iPod touch. Tapulous’ authorization system is COMPLETELY dependent on your UDID, as practically speaking, you’re the only one with the number. It’s called UNIQUE for a reason, right?
Apparently that can be abused, with the UDID Changer app from Cydia. What’s detrimental is that your Facebook and Twitter information is stored on Tapulous’ servers as well. Of course it’s encoded, but when a malicious user changes their UDID to yours, Facebook and Twitter account data is immediately stored into their iPod touches/iPhones.
So what does this mean? It means that people can now access your Twitter and Facebook accounts, as well as anything else they store in their servers. Applications produced by Tapulous are: Tap Tap Revenge (and all its variants), Twinkle, Fortune, Collage and FriendBook.
Your next question that comes into mind must be: “But how the *insert profanity here* can they get my UDID?” There are PLENTY of ways noted by iPod touch Fans, including, but not limited to:
- The malicious user may just ask you, and you may give it to them.
- The malicious user may give you screenshots for a fantastic application they are making and offer you a beta. Of course, they need your UDID for you to beta test.
- The malicious user may be someone you know that actually has access to your device.
- Installer applications, such as Installer and Cydia send requests to the server with the UDID in the request. The maicious user may set up a repo to collect UDIDs.
- Etc. There are so many ways, it’s ridiculous.
Tapulous is aware of the exploit and are working on a fix to it, but meanwhile, unless you want someone posting the unthinkable on whatever accounts compromised, delete your Tapulous account. Change your Facebook and Twitter password as well, if you’re the “better safe than sorry” type of person.
Welcome to the family, iPhone 3GS!
Jul/090
And the iPhone Dev Team has answered: redsn0w 0.8 now officially supports jailbreaking of the iPhone 3GS. saurik has also updated the MobileSubstrate and WinterBoard packages for use with the 3GS, according to the iPhone Dev Team’s post here. However, the same old warning applies to all 3GS users to obtain the iBEC and iBSS files. They are now looking for more holes to exploit considering 3.1 would probably have a fix, and that would mean (temporarily) bad news for soon-to-be owners of the 3GS. To quote the Dev Team, “For those of you without 3GS phones, it’s a race against the clock to use this particular hole. There’s nothing we can do about that, but we will always be looking for new holes.”
ultrasn0w 0.8 has also been released which will support the iPhone 3GS. However, it is crucial that you do not upgrade to anything beyond 3.0, including the 3.1 beta software. Quoth the Dev Team: “Apple has gotten very serious with the latest baseband — they’ve removed 180 (!) commands in an effort to cut down their exposure to holes. So please always stay away from stock Apple IPSWs and instead use our tools as we release them. These tools let you update your firmware without updating your baseband.”
And good news for those using Linux: redsn0w has also been released for you guys as well. (: Get your redsn0w while it’s, er, cold! And obtain ultrasn0w by adding repo666.ultrasnow.com to the list of repositories in Cydia.
New Apple iPhone Exploit Gives Attacker Root Access
Jul/090
It was bound to happen… Apple users have long enjoyed a relatively smooth ride with regard to virus’ and malicious attacks, but this morning xaminer.com posted info on this serious iPhone expoit, discovered Charlie Miller:
It’s well-known that binary code can be sent to mobile devices using SMS. Normally the sent code isn’t executed, but Miller found that the iPhone operating system automatically processes the code without any user intervention. Not good. Knowing this, Miller developed code using the principle of Sulley Fuzzing, a method of injecting random data into program after first forcing the operating system to trust the new code.
And they go on to confirm the worst:
Another vulnerability that Miller found was the ability to use the SMS function to gain root access to the iPhone, more or less giving an attacker the “keys to the kingdom”.
On a positive note, Apple appears to already be working on a patch for this serious security vulnerability. We all know Apple’s history with timely updates though, so don’t hold your breath.
Get the full scoop here: http://www.examiner.com/x-14651-Minneapolis-Information-Technology-Examiner~y2009m7d3-Apple-iPhone-SMS-exploit-allows-attacker-to-control-phone
So… who’s gonna beat Apple to the punch with a security patch that jail broken iPhone users can apply? :)
Surprise! iPhone 3GS Jailbreak for Software 3.0 released!
Jul/090
After the long and grueling wait, iPhone 3GS users can finally rejoice: the jailbreak for the iPhone 3GS has been released first by geohot with his software, purplera1n, which only runs on Windows for now (with the Mac version coming later). He was originally in the Dev Team before he got kicked out. According to his blog post dated today,
Normally I don’t make tools for the general public, and rather wait for the dev team to do it. But guys, whats up with waiting until 3.1? That isn’t how the game is played. We release, Apple fixes, we find new holes. It isn’t worth waiting because you might have the “last” hole in the iPhone. What last hole…this isn’t golf. I’ll find a new one next week. Also your purplera1nyday files ensure that you can always get back to a jailbroken state, so if you have it it’s just a matter of tools.
The iPhone Dev Team is still keeping mum on this issue. Whatever it is, the jailbreak program is posted here. Either that, or you can get the file from the official site. Apparently, it is “it’s smaller than C++ hello world” and there will be no need for the IPSW files. Kudos to you, geohot!
[UPDATE] According to saurik (one of the iPhone Dev Team members) in his few tweets, “The PurpleRa1n 3GS jailbreak (like the unofficial 3.0 beta QuickPwn jailbreaks) is missing critical patches required for WinterBoard (etc.)” He continued: “ADDITIONALLY, WinterBoard /will/ need work on the 3GS (new instructions), but I can’t even begin looking at that until we get fixed patches.”
So hold your horses folks! It’s better if the iPhone Dev Team makes an official release and we wait until 3.1 comes out. That’s when other developers will start developing and modifying code for the 3GS for several programs that might have compatibility issues with the 3GS.