security

You might want to be careful with what you do on your iPhone over an unprotected Wi-Fi hot spot. A recent report from mobile security research firm SMobile Systems says iPhones and other smartphones connected to unencrypted Wi-Fi hotspots are easy targets for hackers with certain tools that are currently available to them. Their study used a laptop with software tools that intercepted communications between smartphones connecting to a Wi-Fi access point, and then to bypass SSL. The information was then used to access several email accounts, but could also be used for things like bank accounts.

The creator of the rickrolling worm Ikee created quite a stir the other weekend when his self-replicating software was discovered spreading around iPhones across Australia. Since then, he's been discovered, and he says he's recieved both death threats and even a job offer for what he's done.

Undercover for iPhone, Orbicule's app for recovering stolen iPhones and iPod touches, has been updated to now utilize push notifications to trick thieves into telling you where they have your iPhone. All savvy internet-goers these days are familiar with the classic phishing scam where a scammer will trick you into giving them sensitive information by pretending to be an organization you trust like a bank or credit card company. Undercover 1.5 lets you use this same principle to trick thieves into disclosing where they and your stolen iPhone are located.

Mac security firm Intego is now reporting its discovery of a piece of malware which affects many jailbroken iPhone. The malware appears to use the same vulnerability as the "ikee" exploit which we reported on earlier this week. This more nefarious software can be installed on any device and used to collect user data from any jailbroken iPhone or iPod touch which uses the default root password.

Unlike traditional computer viruses, this one, which Intego calls "iPhone/Privacy.A," instead simply runs on a Mac, PC, or even another iPhone and monitors for jailbroken devices. Once the software finds a vulnerable device, the hacker can then access and copy any information.

The first known actual iPhone worm has been spreading across jailbroken iPhones in Australia late last week. The worm seeks out jailbroken iPhones with SSH installed in which the default password has not been changed, and installs itself on the device. Once installed, it changes the background to an image of Rick Astley and looks for other phones on the network to install itself on, though it has the potential to be used for more malicious things.

Storm8, a developer responsible for iMobsters, Vampires Live, and Zombies LIve, is the target of a class action lawsuit accusing them of secretly collecting the phone numbers of users who download and play their games. The company claims that their games have been downloaded more than 20 million times. Storm8 admitted to transferring users' phone numbers back in August, but shook it off as only a bug.

You may remember that in iPhone 3.0 a bug was discovered which kept email messages on POP accounts from being properly deleted. A demo of the bug can be seen here. At the time it was believed that Apple was aware of the issue and that a fix would likely appear in the 3.1 update.

Just as we expected, several people we've talked to report that the bug seems to have been resolved in iPhone OS 3.1. In fact, the issue may have been fixed earlier on in developer preview builds of 3.1. Good news for those of you worried about the security implications of this bug!

According to The Mac Security Blog, the iPhone OS 3.1 update released earlier this week adds an anti-phishing feature in Mobile Safari similar to the one in it's desktop counterpart. The feature, which is not active in the update but still present, should warn users when they are visiting a known malicious website and asks if they want to continue.

A potential security hole in the iPhone OS 3.0 and 3.0.1 firmware has just surfaced via a YouTube video in which the host describes how, by searching for the title of a deleted message, the resulting screen displays two copies of the message; when either is selected for the first time, Mail crashes. According to MacNN, when the messages are selected a second time however, an iPhone will either display the original text, or a warning saying "This message cannot be displayed because of the way it is formatted."