Members
Stats
  • Total Posts: 28498
  • Total Topics: 8238
  • Online Today: 842
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Hackers race to unlock iPhone  (Read 7212 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Hackers race to unlock iPhone
« on: 03. July 2007., 14:10:47 »
Now that Appleā€™s iPhone is finally on sale, the race is on to see who can unlock it.

Locked phones can only be used with cellular service from one carrier, a move designed to guarantee carriers recover the cost of subsidising a handset through monthly service charges. But the cost of the iPhone, which is priced in the US at either $499 or $599 depending on the model, is not being subsidised by AT&T.

Users must pay full price for the handset and sign a two-year contract, which requires them to pay from $59.99 to $99.99 per month for cellular service.

Unlocking the iPhone will enable the handset to be used with any cellular provider with a GSM or EDGE network, not just AT&T's network. That's an attractive proposition for users who already have a cellular contract with another carrier, or users outside the US who can't wait to get their hands on Apple's new handset.

Efforts to unlock the iPhone are being tracked on several websites, including Hackint0sh and the iPhone Dev Wiki.

Initial signs look promising, although the iPhone remained locked at the time of writing.

Like other GSM phones, the iPhone uses a SIM card, a removable smart card that contains a user's phone number as well as limited storage space for contacts and messages. SIM cards are designed to be swapped between phones, allowing users to change handsets while using their cellular service. They can also be switched when users travel, allowing them to avoid international roaming charges with the purchase of a pre-paid, local SIM card.

A removable SIM card is a good sign for hackers, because it indicates the phone is locked using firmware, which can likely be cracked.

Of course, unlocking the iPhone requires more than simply changing the SIM card. Swapping the AT&T SIM card used with the iPhone for a SIM card from another carrier results in an error message that reads, "Incorrect SIM. This iPhone must be used with an approved SIM."

To unlock the iPhone, hackers must first circumvent the handset's activation process. New iPhone users are required to activate their handset using the latest version of iTunes, released on Friday, before they can use the phone. Without activation, which requires users to sign up for an AT&T service plan, none of the iPhone's functions, including the camera and music player, can be accessed.

If hackers can circumvent the activation process, the next challenge will be to unlock the SIM card itself.

TechWorld

Samker's Computer Forum - SCforum.info

Hackers race to unlock iPhone
« on: 03. July 2007., 14:10:47 »




Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
iPhone hack enables wireless without AT&T
« Reply #1 on: 24. July 2007., 17:05:39 »
Continue to covering this story, Part 2:

iPhone hack enables wireless without AT&T

Norwegian researcher Jon Lech Johansen, aka DVD Jon, has found a way to activate the iPhone via Windows without subscribing to an AT&T wireless plan. After using the hack, some Internet features, such as YouTube, may still not work. What you do get is use of the wide-screen iPod and Internet access through the Safari browser.

Details can be found on Johansen's So sue me blog. There, Johansen lists several values and offsets that he says must be entered in the itunes.exe file. This requires the use of a hex editor. A new host entry must also be added to Windows. In addition, Johansen provides an application that spoofs the Apple activation center.

DVD Jon gained notoriety in 1999 for releasing the code DeCSS that decodes the content scrambling system used in DVD copy protection. As a result, Johansen was prosecuted but acquitted of charges of computer hacking even though at least two other authors of DeCSS are suspected. Johansen now lives in Norway.

CNET


Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
iPhone Hack Highlights Windows-like Security Risk
« Reply #2 on: 24. July 2007., 17:07:55 »
Part 3:

iPhone Hack Highlights Windows-like Security Risk

The iPhone reportedly contains a serious vulnerability in its Safari Web browser that can hand over control of the device to an attacker if the user browses a poisoned Web site. It's a critical flaw made worse by poor design.

Apple chose to allow everything on the iPhone, including the browser, to run as the same user. It's a common tactic for smartphones, but when Microsoft went that route with XP it had to spend a huge amount of effort trying to fix it with things like UAC in Vista. In an ironic twist, Apple started with a good model in Mac OS X, but ditched it for the iPhone.

Though ISE, the research group that found the flaw, isn't yet providing full details, the description for the iPhone hole sounds much the same as vulnerabilities that have plagued various browsers for years. If an attacker can get you to visit a hacked Web site, by getting you to use a malicious WiFi network or click a link in an e-mail, for example, then attack code on that site can force Safari to execute a command of the attacker's choosing.


That command might be to install a virus, or, as in the demonstration described in a New York Times article, collect personal data and send it back to the attacker.

Microsoft engineers are nodding their heads at that description, because they've been battling similar-sounding flaws in IE for years. Having one pop up for the iPhone only underscores the point that the device really is a handheld computer. And the one great inescapable truth for any computer connected to the Internet is that it's vulnerable to attack.

The sane approach is to try and mitigate the potential damage for when - not if - someone breaks into the computer. One very important part of that damage mitigation is user privileges.

In any operating system, whether it's on a phone or a desktop, all programs run with some sort of user privileges. Microsoft has taken plenty of heat because in the usual XP setup, everything runs with full administrator privileges. Which means that if an attacker managed to break IE (not a difficult thing by any means), they had free reign on your computer, instead of being restricted in what they could access. I wrote about the problem and some software solutions for XP a while back.

Microsoft wised up with Vista, sort of. UAC is annoying as hell, but it's meant to mitigate this access-to-everything user security hole. And Protected Mode for IE 7 cordons off the browser so that if and when it gets hacked, the attacker can't fully run amok.

Apple started with a good user security model, with Mac OS X's unix-like arrangement. And then they scrapped it for the iPhone. According to security vendor Sophos, in the interests of simplicity, Apple made the same mistake that Microsoft has spent so much time trying to fix, and lets everything on the iPhone run as the same user.

So just like with IE on Windows XP, if an attacker busts Safari on the iPhone with this new attack, he can do anything he wants.

In fairness, most (maybe all) PDAs and smartphones are set up the same way to favor simplicity over security, and people might very well get confused if their phone asked them for a password. Also, I sincerely doubt that online attackers will be distracted from their Windows feast long enough to set up actual iPhone attack sites.

But still, when Apple was working on its forward-looking multi-touch display, I wish it would have spent a little time moving security forward as well. I suspect that it will wish the same before too long.


PC World

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
How to hack an iPhone
« Reply #3 on: 24. July 2007., 17:11:42 »
Part 4 of continuos covering this story about iPhone:

How to hack an iPhone

The iPhone and Apple's desktop computers may be vulnerable to hackers due to a flaw in their web browser, according to a security firm, which said it found a way to hack into the iPhone.

Baltimore-based Independent Security Evaluators, which tests its clients' computer security by hacking it, said on Monday that three employees found a way to take control of iPhones through a Wi-Fi link or by tricking users into going to a Web site.

Charles Miller, principal security analyst at the firm, said a security weakness allows someone to take control of Apple's Safari Web browser and see other applications on the device at the same time, which could potentially make users of Macintosh desktop computers vulnerable to attacks.

"The same problem actually exists on Apple's desktops," said Miller. But he added that while his firm had identified the risk for both desktops and phones, it had written only the code necessary to hack into the iPhone.

The security consultants, who took about a week and a half to work out the move, said they were able to take control of an iPhone and make calls or send text messages, as well as access e-mails, voice-mail, address books and call and web browsing history.

Miller said his company gave details about the hack and a potential security patch to Apple, but did not publicly release the details.

"We're looking into the report submitted by (Integrated Security Evaluators) and we always welcome feedback on how to improve our security," Apple spokeswoman Lynn Fox said.

Miller said Apple could have avoided the risk by eliminating links between the browser and other applications.

"It turns out that on the iPhone there are probably some basic things they could have done that would have made it better," said Miller.

The claim comes almost two months after Apple and AT&T Inc

started selling Apple's first cell phone, which includes a music and video player as well as a Web browser.

As many as 700,000 iPhones were sold on the first weekend after the June 29 launch, according to analyst estimates.

Days after launch, a well-known hacker Jon Johansen, claimed to have overcome restrictions on the iPhone, allowing highly technical users to bypass AT&T's network to use the phone's Internet and music features.

While cell phones have not historically been as vulnerable to attack as desktop computers, some experts worry that phones take on greater risks as they add more computer-like features.

Miller said he had not looked into security on other mobile phones to see how they compare to the iPhone, but said the more complex a system is, the greater the likelihood is that it will have problems.

Reuters


Security l33t

  • SCF Member
  • **
  • Posts: 62
  • KARMA: 2
  • Gender: Male
  • SCforum's Security Manager o.0
    • Security Central Forum
Re: Hackers race to unlock iPhone
« Reply #4 on: 24. July 2007., 23:46:18 »
Seriously i am a little proud to live in Norway since "Jon Lech Johansen" is from here :P

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
    • SCforum.info
Re: Hackers race to unlock iPhone
« Reply #5 on: 24. July 2007., 23:55:00 »
Yeah, you have a reason DVD John is a great Hacker. Bravo to Norway. ;) ;) ;)
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

FurnaceZer

  • SCF Newbie
  • *
  • Posts: 1
  • KARMA: 0
Re: Hackers race to unlock iPhone
« Reply #6 on: 02. June 2009., 15:38:40 »
I really don't what did this Hackers get's after it hacks something.,


_________________
Furnace Filter

redjge

  • SCF Member
  • **
  • Posts: 30
  • KARMA: 2
Re: Hackers race to unlock iPhone
« Reply #7 on: 28. October 2009., 19:22:53 »
what they get is their sense of fulfillment once they make it into the limelight from hacking those things.

their curiosity fuels them to hack


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising