Two iOS security breaches and how the hackers got those pictures of you

    Germany’s Federal Office for Information Security discovered a serious security vulnerability in Apple's iOS platform. The security hole allows a malicious user access to the root files of the phone, where they could see personal user information like passwords, call logs, messages, and and your location date if he hasn't done so already. Apple has acknowledged the problem and promises to issue a fix.

Speaking to the Associated Press, Apple spokesperson Bethan Lloyd said Apple is "aware of this reported issue and developing a fix that will be available to customers in an upcoming software update." She did not provide a date as to when the fix would be available.

     In other news, multiple frustrated iPhone 4 owners have complained this week that their device's front-side camera is taking pictures of them when it is supposed to be inactive.

Those photos then show up on the iPhone screen when the user tries to start a FaceTime video call. One angry owner said her FaceTime picture showed her in her office, despite never using the app while at work.

iOS vulnerability leaves Skype users open to address book theft

    If you are using Skype for iPhone or iPod Touch, the Address Book on your device can easily be stolen via a simple chat message.

    How does it work?: Javascript commands are entered into the user names Skype account, a chat message is sent to the user who is using the newest version of Skype for iPhone, and a program is loaded onto a web server to receive the Address Book content.

    The report claims there is two oversights that are allowing this to happen so easily:

• iOS allows address book contents accessible to every app installed
• Failure by Skype to sanitize potentially dangerous JavaScript commands from the text that gets sent in chat messages

Of course it will be Skype's responsibility to patch the hole as iOS security is currently a complete mess as apple still tries to figure out the hole that made them lose the US Army defense contract.
    Meanwhile any skilled hacker/developer can collect your and your friend's addresses with the simplest app or game imaginable.
Detailed instructions of the hack after the break.

Apple loses US Army contract, Russian govermnent wants to ban iProducts due to security concerns

    Apple has lost the U.S. Army defense contract in favor of Android for upcoming Army-approved smartphones and tablets, as well as  for apps that will be necessary for missions.
  There have been concerns about security for Android as compared to other mobile OS but most officials deemed Android the most secure, as the Army will be able to use the open source software as they choose, likely beefing up security even more. In terms of stability and connectivity, the OS is leaps and bounds above the competition.
    During combat, the devices will likely have to have satellite  phone-capabilities, meaning round-the-clock data and voice with no lapses. The Army wants every soldier to have one of the future Android devices, to ensure they are connected during missions. A prototype dubbed the Joint Battle Command-Platform is already being tested. Apps will include "critical messaging" for exchanging medevac requests and other emergencies, and A Blue Force Tracker program to make sure soldiers know where friendlies are. Finally, the phones will be able to withstand extreme wear-and-tear  and will likely be similar to the rugged "ToughBooks" created by Panasonic.

The Apple/iOS user tracking & privacy breaking roundup

    You’ve probably heard by now about the detailed log your iOS device keeps of your movements, but it's about time a roundup o the whole story was made. Now there’s a tool to prevent that plus some more clarity on the issue, which like all freedom on Apple products, requires jailbreaking.

    Apple's location services pinpoint your location using GPS, Cell-ID and Wi-Fi hotspots. Early devices used Google and Skyhook databases to do that, but since iOS 3.2 Apple has been building up their own database - you become their Guinea Pig (read: lab rat).

     A file kept unencrypted on your iProduct holds a record of all your movements from about an year ago and that file is copied to any computer you’ve synced it to and any backups you might have made.

As usual with Apple software, there's no security between anyone and your private data (called consolidated.db), either by copying it from a computer that contains a copy of the file or simply stealing the device itself, can easily extract a log of your whereabouts over the last year.(red more about Steve Jobs's opinion and Android below)

iOS and MACos destroyed (again) at Pwn2Own security conference

    The Pwn2Own event, held at the CanSecWest security conference in Vancouver, allows companies to challenge hackers to exploit their software, i.e. operating systems or web browsers.

iOS
    Charlie Miller and Dion Blazakis have managed to yet again hack iOS thanks to a security hole in the mobile version of Safari. They managed to access the contacts and inbox of an iPhone 4 (iOS 4.2.1) by simply loading a web page.
    The vulnerability isn't patched in iOS 4.3 and it looks like ASLR (Address Space Layout Randomization) won't be able to protect you from this one.

MACos
    This year French pen-testing firm VUPEN has hacked Apple’s Safari web browser using a zero-day flaw to win the coveted Pwn2Own hacker challenge.
    The exploited computer was a fully patched MacBook running Mac OS X (64-bit). Co-founder of VUPEN, Chaouki Beckar, lured the Mac to a fake website and managed to bypass the ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) execution procedures that were built into the OS. He then launched a calculator app successfully and wrote files to the machine.

October is the iOS security flaw month at the iPhone Fever!

     No, you're not reading an old story. There really is yet another serious iOS security flaw which allows someone to access information on your supposedly password-protected iPhone.

    As the Brazilian fellow in the video above shows, all that you need to do is grab a password-protected iPhone running iOS 4.1, pretend to make an emergency call but dial ### or some other nonsensical number instead, tap the lock button real quick, and tada! You'll have access to the device's contacts, voicemail, call history, voice control and phone features.

    I replicated this trick successfully on  iOS 4.1. When trying this on an iPhone iOS 4.2 Beta 3 I couldn't replicate the security hole. This could mean that Apple is already aware of the flaw and has the fix ready although  this is very similar to the security flaw discovered on the iPhone in 2008 allowed people to easily bypass the lock screen to access mail, contacts and bookmarks. Apple later acknowledged the bug and issued a software update patching the issue.

iOS 4 - as insecure as ever

Nicolas Seriot, Security Analyst,  created a proof-of-concept
"SpyPhone" app to show how easy it is to snoop on iPhone users.

     Lax security screening at Apple's App Store and a design flaw are putting iPhone users at risk of downloading malicious applications that could steal data and spy on them, a Swiss researcher warns.

     Apple's iPhone app review process is inadequate to stop malicious apps from getting distributed to millions of users, according to Nicolas Seriot, a software engineer and scientific collaborator at the Swiss University of Applied Sciences (HEIG-VD). Once they are downloaded, iPhone apps have unfettered access to a wide range of privacy-invasive information about the user's device, location, activities, interests, and friends, he said in an interview Tuesday.

     In a talk scheduled at the Black Hat DC security conference, Seriot will explain how an innocent-looking app could be designed to harvest personal data and send it to a remote server without the user knowing it.

      The rogue app could be hidden within an innocent-looking app, such as a game. Low-hanging fruit for rogue apps includes the mobile-phone number, address book data, and a notes section of the address book, where some people store bank account and other sensitive information, he said.

"It turns out that the full Address Book is readable without the user's knowledge or consent," Seriot wrote in a white paper (PDF) on the subject.