Storm8, a developer responsible for iMobsters, Vampires Live, and Zombies LIve, is the target of a class action lawsuit accusing them of secretly collecting the phone numbers of users who download and play their games. The company claims that their games have been downloaded more than 20 million times. Storm8 admitted to transferring users' phone numbers back in August, but shook it off as only a bug.
You may remember that in iPhone 3.0 a bug was discovered which kept email messages on POP accounts from being properly deleted. A demo of the bug can be seen here. At the time it was believed that Apple was aware of the issue and that a fix would likely appear in the 3.1 update. Just as we expected, several people we've talked to report that the bug seems to have been resolved in iPhone OS 3.1. In fact, the issue may have been fixed earlier on in developer preview builds of 3.1. Good news for those of you worried about the security implications of this bug!
According to The Mac Security Blog, the iPhone OS 3.1 update released earlier this week adds an anti-phishing feature in Mobile Safari similar to the one in it's desktop counterpart. The feature, which is not active in the update but still present, should warn users when they are visiting a known malicious website and asks if they want to continue.
Among the myriad of tiny improvements included in iPhone 3.1, Apple introduced a new feature to their "Find My iPhone" service. Introduced with 3.0, Find My iPhone allows users with MobileMe accounts to find and remotely wipe a lost or stolen iPhone. In 3.1, you can now remotely lock your iPhone with a four-digit passcode. Jump down for the how-to!
A potential security hole in the iPhone OS 3.0 and 3.0.1 firmware has just surfaced via a YouTube video in which the host describes how, by searching for the title of a deleted message, the resulting screen displays two copies of the message; when either is selected for the first time, Mail crashes. According to MacNN, when the messages are selected a second time however, an iPhone will either display the original text, or a warning saying "This message cannot be displayed because of the way it is formatted."
If you receive a text message in the near future containing nothing but a square character, Collin Mulliner and Charlie Miller suggest immediately turning off your iPhone, as this is the only clue you will get that someone has exploited the bug that could take over your iPhone completely. At today's Black Hat cybersecurity conference, they plan to publicize this bug, which, when exploited properly, can be used to gain control of all functions of someone's iPhone without their consent or even knowledge.
Jonathan Zdziarski is back, and now he says Apple's encryption on the iPhone for business users is not as good as it should be, and could potentially put company data at risk. According to him, the encryption is so weak that it could be cracked in two minutes using nothing more than some easily available freeware.
Yesterday we reported on a security vulnerability found in the iPhone OS that could potentially allow an attacker to gain access to your phone via a flaw in the SMS application/protocols. Today, the UK's Telegraph tells us that Apple is in the process of preparing a fix for this security risk.
Security researcher Charlie Miller claimed at the SyScan conference in Singapore that he has discovered a new significant exploit in the iPhone's SMS system. The flaw may "allow an attacker to remotely install and run unsigned software code with root access to the phone."
Charlie Miller, also known by some in the security community as "Safari Charlie" for his Safari exploits at the Pwn2Own hacking contest, has announced that he and Vincenzo Lozzo, a student at the University of Milan, have recently discovered a new exploit to trick the iPhone into running unsigned code, and will be revealing their findings at the Black Hat Security Conference in Las Vegas.