Skip to Content

WoW Insider is getting ready for BlizzCon!
AOL Tech

security posts

Viper Security launches SmartStart iPhone app for well-appointed whips

by Joseph L. Flatley posted Oct 13th 2009 @ 1:06PM


Jealous of the way those hipper-than-thou ZipCar people are always unlocking the doors to their rented Minis with an iPhone? We aren't either. But if you are looking to recreate that scenario with your Dodge Dart, have we got a gadget for you! If you already own a compatible Viper security system, the SmartStart module will let lock and unlock your car, arm and disarm your car alarm, pop the trunk, or fire off that panic alarm -- all from your cherished handset. There are two modules available, priced at $299 and $499, depending on which Viper system you've installed. You also need a SmartStart account which will run you $29 a year (the first year's free). But don't take our word for it -- check out the action-packed video below for a breathtaking recreation of the system's features.

Continue reading Viper Security launches SmartStart iPhone app for well-appointed whips

iPhone OS 3.0 bug allows deleted emails to rise from the dead

by Nilay Patel posted Aug 17th 2009 @ 5:31PM


Get ready for another big glitch in iPhone OS 3.0: it seems like the Spotlight search cache doesn't sync message status with the mail client, so you can still pull up old messages with Spotlight if you know the subject line. Yeah, that's not okay -- we just verified that the bug exists on our phones, using both POP and IMAP. We're not sure when the search cache finally deletes emails, but it doesn't appear to happen quickly: Matt Janssen, who discovered the bug, says he's been able to pull up emails three or four months old. We've heard whispers its fixed in iPhone OS 3.1, but until there's a confirmed fix we'll be using the Gmail web interface, thanks. Video after the break.

Continue reading iPhone OS 3.0 bug allows deleted emails to rise from the dead

iPhone OS 3.0.1 update released, fixes SMS vulnerability

by Nilay Patel posted Jul 31st 2009 @ 2:13PM Breaking News


Looks like Apple pulled the trigger on patching that nasty iPhone SMS vulnerability a little earlier than we expected -- the iPhone OS 3.0.1 update just hit iTunes. It's not some lightweight, either: you're looking at 280MB of love here, so get downloading, friends.

[Thanks to everyone who sent this in]

SMS vulnerability on iPhone to be revealed today, still isn't patched

by Chris Ziegler posted Jul 30th 2009 @ 3:29AM

Remember that alleged SMS-based security hole on the iPhone allowing evil-doers to execute arbitrary code and do all sorts of nasty crap like create an army of mobile zombies ready and willing to execute a DoS attack? The guy who found it, security expert Charlie Miller, said that he'd reveal the details of it at Black Hat -- and Black Hat's this week. Sure enough, Miller and his cohorts plan to unleash details of the hack today, and while they claim they informed Apple of the problem over a month ago, Cupertino's yet to make a move. We'd stop short of suggesting iPhone owners all turn off their handsets and take themselves firmly off the grid and into a completely disconnected underground bunker the moment the attack becomes public, but if it's as serious as Miller claims, it definitely bumps up the pressure on Apple to get a fix out on the double -- preferably before 3.1 drops.

Etisalat BlackBerry update was indeed spyware, RIM provides a solution

by Darren Murph posted Jul 21st 2009 @ 9:41AM


Um, yikes? An unexpected (and unwanted) surprise struck some 145,000 BlackBerry users in the UAE this time last week, when an official looking prompt coerced many of the aforesaid Etisalat customers to follow through with a software update. Rather than bringing about performance enhancements, the SS8-built app enabled the carrier to keep tabs on customers' messages. According to RIM:

"Etisalat appears to have distributed a telecommunications surveillance application... independent sources have concluded that it is possible that the installed software could then enable unauthorized access to private or confidential information stored on the user's smartphone. Independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server."

Like we said, yikes. The zaniest part is that Etisalat isn't backing down, still assuring the world that the upgrades were "required for service enhancements." At any rate, RIM has made remarkably clear that the update wasn't one authorized by the company, and it's even providing an app remover for those who'd prefer their BlackBerry to be in working order and, you know, not forwarding all their email to some dude in an Etisalat supply closet. Good on you, RIM. Bad on you, Etisalat.

[Thanks, Gerald]

Read - Confirmation of spyware
Read - RIM app remover

BlackBerry update in UAE reportedly surveillance software in disguise

by Donald Melanson posted Jul 14th 2009 @ 4:59PM


There's not much in the way of official statements on this one just yet, but itp.net is reporting that a recently pushed out update for all BlackBerry users on the UAE-based carrier Etisalat is not a "performance enhancement patch" as advertised, but rather some spyware that could potentially give Etisalat the ability to keep an eye on its customers' messages. The first suspicions about the update apparently arose when users noticed dramatically reduced battery life and slower than usual performance from their phones, which led to a bit of detective work from programmer Nigel Gourlay, who pegged the software down as coming from electronic surveillance company SS8. While it's not switched on by default, the software can reportedly let Etisalat flip the switch on phones one by one and monitor their emails and text messages -- or it could if it hadn't completely bogged down the network. Apparently, the software wasn't designed for such a large scale deployment, which resulted in the slowdown and battery drain as some 100,000 BlackBerrys constantly tried and failed to sign in to the one registration server for the software.

[Via The Register]

Apple patching nasty iPhone SMS vulnerability

by Darren Murph posted Jul 2nd 2009 @ 1:01PM


Given the hype surrounding Apple's iPhone, we're actually surprised that we haven't seen more holes to plug over the years. In fact, the last major iPhone exploit to take the world by storm happened right around this time two years ago, and now -- thanks to OS X security expert Charlie Miller -- we're seeing yet another come to light. Over at the SyScan conference in Singapore, Mr. Miller disclosed a hole that would let attackers "run software code on the phone that is sent by SMS over a mobile operator's network in order to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet." Charlie's planning to detail the vulnerability in full at the upcoming Black Hat conference, but Apple's hoping to have it all patched up by the end of this month.

[Via HotHardware]

T-Mobile tweaks data breach statement again, now says nothing was compromised

by Chris Ziegler posted Jun 9th 2009 @ 4:19PM

Once again, T-Mobile has released a statement regarding the alleged hack into its systems last weekend, and it's backtracked a bit from the last one -- now, it's starting to sound like no data was stolen at all. Here's what we've got this time around from a company spokesperson:

"Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible."

We're taking this as a good sign for customers at this point, but it's hard to say how many more statements we'll get before the matter's fully closed, so stay tuned.

Recent Apple patent filing speaks of stealth biometric security on iPhone, other insane insanity

by Laura June posted Mar 27th 2009 @ 10:09PM


Recent patent fillings by Apple that AppleInsider has dug up point to the company adding several new methods of insuring the security of its devices for users. The new filings cite biometric authentication methods that would excite Ethan Hunt -- including installation of a hidden sensor behind the screen that would recognize the user's fingerprint when touched, and / or a front-facing camera for retinal recognition. The filing also suggests further possibilities, such as the device being capable of recognizing the user's voice, or collecting DNA samples for recognition via genetic code. We've heard plenty of semi-speculative tech tales in the past, so we always take this stuff with a grain of salt, but Apple seems to be moving forward at least into the research phase of such endeavors. To the future we go! There's one more fantastic scribble after the break, hit the read link for more details.

Continue reading Recent Apple patent filing speaks of stealth biometric security on iPhone, other insane insanity

Security experts hating on Android browser until patch is released

by Chris Ziegler posted Feb 12th 2009 @ 3:44PM


Software vulnerabilities are no stranger to modern, highly-connected smartphones and feature phones alike, and fortunately, the big guys have been pretty good about staying on the ball and patching the serious stuff in a reasonable amount of time. The latest problem discovered in the Android browser's multimedia subsystem really sucks, though -- it's so bad, some security dudes are advising customers to "avoid" using the it altogether until it gets fixed -- and the most frustrating part about it is that it actually is fixed in the Android code trunk, it's just that no one's bothered to roll out an update to G1 users yet. In the meantime, the dude who discovered the problem is advising users to only visit trusted sites and avoid WiFi, so yeah, just don't browse or anything, okay?

[Via ReadWriteWeb]

G1's browser getting hijacked like a cab in Liberty City?

by Chris Ziegler posted Nov 24th 2008 @ 7:17PM


There's already been a G1 firmware pushed out to patch up a browser security issue, but you know how it goes with those -- two flaws seem to magically sprout up in place of every one that's snuffed out. It's unclear exactly what's going on here, but some G1 users are reporting that attempting to visit Yahoo!'s home page is intermittently redirecting them to a totally legit-looking page imploring them to download some bogus Microsoft AntiSpyware crap -- and while we're thinking that this fake site was intended to target slightly larger computers of the Windows variety, it's disturbing that this redirect somehow managed to filter down to Android. It could be a DNS hack or a problem with T-Mobile's proxies, in which case the G1's own defenses are absolved for the time being, but that's not much comfort for Joe Yahoo-User, now is it?

[Via Android Community, thanks Dooosthy]

Nokia warns that KIRF phones are a threat to personal safety, national security

by Darren Murph posted Nov 24th 2008 @ 12:33AM


Over the years, Nokia handsets have fallen victim to the infamous KIRFing process time, and time, and time again. Evidently the suits up in Espoo have had enough, as evidenced by a new marketing campaign urging bargain hunters in India to avoid unbranded / duplicate handsets. The ad, which was spotted in the Mumbai Mirror, is comical in a number of ways. For starters, the notion that "originals last forever" is obviously misleading untrue, and secondly, the whole "instilling fear" tactic is severely unnecessary. Nokia asserts that all KIRF handsets lack an IMEI number, and thus owning one "could be a threat to your safety and national security." Or is that longhand for "a threat to Nokia's bottom line?"

Apple acknowledges iPhone passcode flaw, promises fix next month

by Chris Ziegler posted Aug 28th 2008 @ 5:04PM

Apple's taking a pretty lackadaisical attitude toward one of the most easily avoided security flaws in recent memory, calling the iPhone's passcode lock bypass a "minor iPhone security issue" and saying that a fix will be rolled out in September. Thanks, Apple; we suppose it'd be a little too much trouble to ask for a fix sooner, even though you already fixed it once in 1.1.4. For what it's worth, a company spokeswoman is quick to point out that the flaw can easily be hidden by changing the home button double-click functionality to take you to the home screen, but most users don't know that, now do they? Way to show some hustle, guys -- cookies and gold stars all around.

iPhone security flaw bypasses passcode lock

by Chris Ziegler posted Aug 27th 2008 @ 1:28PM

Let's be real: a four-digit code isn't very much separating a determined bandit from your data, which is all that the iPhone affords. Granted, the phone locks up after a few attempts to slow your arch-nemeses down a notch or two, but if your code is your birthday or the last four digits of your phone number -- and you know it is, so just admit it -- they'll eventually figure it out anyway. On second thought, though, never mind, because it turns out there's a pretty effective way around these formalities -- 2.0.1 and 2.0.2 have both been confirmed to let you around the passcode lock simply by hitting Emergency Call and double-clicking the home button. At this point, the user will have access to your Favorites list, which is pretty bad as-is, but from here, they'll be able to click on an arrow and use links within your contacts to get out to the SMS, Maps, or Safari apps. If you change the home button functionality from the default (Favorites) to Home, then nothing will happen at the Emergency Call screen -- your phone is safe from prying eyes, we guess. The iPod option will kick the user into the iPod app, though, which we think is almost as bad as the Favorites exploit, because we'd really rather not our thieves know that we listen to Hannah Montana. MacRumors is reporting that it may have already been fixed for a future firmware release, so yeah, any minute now would be just great, Apple.

[Thanks to everyone who sent this in]

RIM finds security flaw in BlackBerry Enterprise Server

by Sean Cooper posted Jul 27th 2008 @ 11:18PM

RIM has issued a security warning to BES admins about a problem with the BlackBerry Attachment Service and PDF files. The flaw apparently allows would-be hackers to execute malicious code with a specially crafted PDF file. The Waterloo messaging behemoth has listed BES versions 4.1 SP 3 through 4.1 SP5, and BlackBerry Unite! as affected and rated the severity as 9 out of a possible 10 -- with 10 being the highest level of fail. Thankfully a workaround is available on RIM's site involving disabling the processing of PDF files until RIM can issue a fix for the misery. Hit the read link for the dirty details.

[Via PCWorld]




AOL News

Joystiq

Download Squad

TUAW

Daily Finance

Urlesque

Autoblog