Category: 3G


Apple Fixes “Fundamental” SSL Bug in iOS 7

Apple quietly released iOS 7.06 late Friday afternoon, fixing a problem in how iOS 7 validates SSL certificates. Attackers can exploit this issue to launch a man-in-the-middle attack and eavesdrop on all user activity, experts warned.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” Apple said in its advisory.

Users should update immediately.

Watch Out for Eavesdroppers
As usual, Apple didn’t provide a lot of information about the issue, but security experts familiar with the vulnerability warned that attackers on the same network as the victim would be able to read secure communications. In this case, the attacker could intercept, and even modify, the messages as they pass from the user’s iOS 7 device to secured sites, such as Gmail or Facebook, or even for online banking sessions. The issue is a “fundamental bug in Apple’s SSL implementation,” said Dmitri Alperovich, CTO of CrowdStrike.

The software update is available for the current version of iOS for iPhone 4 and later, 5th generation iPod Touch, and iPad 2 and later. iOS 7.06 and iOS 6.1.6. The same flaw exists in the latest version of Mac OS X but has not yet been patched, Adam Langley, a senior engineer at Google, wrote on his ImperialViolet blog. Langley confirmed the flaw was also in iOS 7.0.4 and OS X 10.9.1

Certificate validation is critical in establishing secure sessions, as this is how a site (or a device) verifies that the information is coming from a trusted source. By validating the certificate, the bank website knows that the request is coming from the user, and is not a spoofed request by an attacker. The user’s browser also relies on the certificate to verify the response came from the bank’s servers and not from an attacker sitting in the middle and intercepting sensitive communications.

Update Devices
It appears Chrome and Firefox, which uses NSS instead of SecureTransport, aren’t affected by the vulnerability even if the underlying OS is vulnerable, Langley said. He created a test site at https://www.imperialviolet.org:1266. “If you can load an HTTPS site on port 1266 then you have this bug,” Langley said

Users should update their Apple devices as soon as possible, and when the OS X update is available, to apply that patch as well. The updates should be applied while on a trusted network, and users should really avoid accessing secure sites while on untrusted networks (especially Wi-Fi) while traveling/

“On unpatched mobile and laptop devices, set ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks,” wrote Alex Radocea, a researcher from CrowdStrike.

Considering recent concerns about the possibility of government snooping, the fact that iPhones and iPads were not validating certificates correctly can be alarming for some. “I’m not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control,” Matthew Green, a cryptography professor at Johns Hopkins University, posted on Twitter.

Check out this video from News Loop:

 

Source: PC World Security Watch

Canada’s new wireless rules are great, but let’s not kid ourselves

The CRTC, determined to reform Canada’s usurious wireless phone cartel, has just issued a strict new “Code of Conduct.”

Effective this December, three-year phone contracts will be available, but unenforceable. If you’re stuck in one of these abusive long-term relationships, you’ll be able to sever it at the two-year mark without penalty.

You know those bill-shocker stories about customers getting hit with thousands of dollars in data overage fees after letting their kids watch YouTube on their iPhones while vacationing in Cuba? Roaming data overage will now be limited to $100 a month, domestic to $50.

You’ll be able to have your subsidized phone unlocked after 90 days, you’ll have a right to a simpler contract and you’ll be able to negotiate changes to that contract.

Hooray, right?

Yes and no. The CRTC’s new pro-consumer stance is, without question, a good thing. But our big three carriers (Bell, Rogers and Telus) still control 95 per cent of the mobile market. Canadians are not going to start using less mobile anytime soon, regardless of the terms we’re offered. In fact, a wireless industry lobby group just sponsored a major study which (they claim) proves that Canadians are actually willing to pay more than we already do for our smart phones. Industry lobbiests are already using the report to suggest that Canadian consumers are getting a bargain. I say charging $50 for an umbrella during a thunderstorm isn’t a good deal just because people would still buy them at $60.

The point is, if the big three can’t maintain their globally-envied RPUs (revenue per user) under the old rules, they’ll find other ways to keep profits up while colouring within the lines of the new ones.

What will that mean? You can expect monthly fees to climb, and new “bonus” add-ons to be fabricated  marketed. We already see carriers offering 4G speed-upgrades — for a fee. I predict that any new speed capacity will be chopped into separate products at separate price points, in a move akin to offering regular, premium and super-premium gasoline. That’s off the top of my head. If there are other ways to sneak new costs into our bills, wireless companies will find them.

The missing ingredient in Canadian wireless is not a tough regulator, but tough competition, backed by unrestrained foreign investment. However, even if Ottawa steps in to untangle the red tape and make this possible, our international reputation may be too tarnished. After the recent experiences of Mobilicity and Wind, who felt “left to the dogs” by Canada’s government once they were wooed in, the Canadian market may be a no-go zone for international mobile firms.

All around the world, smart phones are getting cheaper, wireless speeds are getting faster and people are doing more and more new things with their mobile devices. It’s happening here too. Just less so.

Ryan:  Having worked for the big 3 (Rogers, TELUS & Bell) I can speak on behalf of most Canadians by stating that this is a positive step in the right direction.  Now they just need to adjust the price fixing problems / incorrect roaming bills.  Why not just shut off service to phones when a certain point is reached? Why are we as Canadians still paying for Call Display / Voicemail?  

Source: Maclean’s

Most of you know about our PC repair services, but did you know we fix/repair/unlock cellphones & tablets? Did you also know that we offer the lowest prices in the Fraser Valley and will price match and BEAT any competitor price? Now you do.

We repair all Smartphones / iPhones for :

* Broken LCD Screens & Touch Screen Replacement
* Water and other Liquid Damage Repair / Corrosion Clean Up
* Phone Data Recovery – Photos, Music, Text Messages
* No Power / Phone does not turn on
* Charging Problems / Charging Controller / Charging Port Replacement
* Battery Replacement (200+ Batteries in stock)
* Staticky, Crackling Speakers & Microphones
* Home Button / Power Lock Button Replacement
* Malfunctioning button, Trackball, Trackpad and Keypad
* Malfunctioning SIM card readers / NO SIM Reading Fix
* Software problems, upgrades and reflashing (All Models)
* Language change
* JTAG Service (Android Phones)
* Unknown Baseband, IMEI missing
* Password Protected / Disabled Phones / Pattern Lock Reset (Samsung)
* Jailbreaking — iPhone, AppleTV 1 & 2 + FREE TV & MOVIES + FREE APPS
* Rooting — Most Android Models — Custom Rom Reflashing Available

We unlock ALL Smartphones For :

* iPhone 2G/3G/3GS (Most iOS Versions)
* iPhone 4/4S – Factory unlock Fido/Rogers/Telus/Koodo/AT&T/Bell
* iPhone 5 – Factory unlock Telus/Koodo/AT&T/Rogers/Fido
* iPhone 4S/5 unlocking for iOS 5.x, 6.1.3 and below!
* BlackBerry, Samsung, LG, HTC
* Nokia, Motorola, Sony Ericsson, Huawei, Alcatel and other Overseas Models.

– iPhone Factory unlock for USA, UK, Brazil, Australia, France, Spain, Ireland, Netherlands, Denmark, Norway, Chile, Switzerland, Sweden, Saudi Arabia, Norway, Romania, Japan, etc.

As always, we DO NOT charge for repairs that cannot be performed.

180 Warranty on ALL parts & Labour – We ONLY use OEM Factory Parts.

Call the shop if you need a price quote, make sure to ask for Ryan.

iOS 6.0.1 already jailbroken — for some devices

iOS 6.0.1 users can now jailbreak their devices, but there are some bumps in the road.

The latest version of the iPhone Dev Team’s Redsn0w can jailbreak iOS 6.0.1 devices, Redmond Pie confirmed today after testing the update.

However, not everyone can take advantage of the effort at this point.

The jailbreak works only on iOS devices powered by an A4 chip or lower. People who own the iPhone 5, the newest iPads, or the latest iPod Touch are out of luck. The jailbreak takes advantage of the Limera1n exploit, which can’t handle the A5 or later chips.

That leaves just the iPhone 3GS, iPhone 4, and the iPod Touch 4G as prime candidates. The iPod Touch 3G and the original iPad don’t support iOS 6.0 or higher.

The jailbreak is also a tethered one. So after you shut down or reboot your device, you’ll need to connect it to your computer to return it to a jailbroken state.

Apple, or course, isn’t too fond of jailbreaking, a process that allows device owners to unlock certain features and install apps not found in the App Store.

The iPhone maker once tried to argue that the action violates its copyright. The U.S. Copyright Office recently ruled that jailbreaking is illegal on tablets and gaming consoles but not on smartphones.

Source: CNET

iPhone 3G/3GS/4/4S Factory Unlock Now Available at Ryan’s Unlock Shop

Enjoy the freedom of switching carriers locally or while roaming in another country! Save money on roaming fees!

iPhone 3G/3GS/4/4S Factory Unlock starting @ $40 – Carrier Unlock – No SIM Tray / Interposer Required!

Permanent Unlock – Update to ANY iOS.

We can unlock your 3G/3GS/4/4S for most carriers worldwide, please select from the country the iPhone is originally locked to. Factory Unlocking starts @ $40 for AT&T. Call (778) 245-0780 if you have any questions about unlocking your iPhone.

The process for factory unlocking iPhone 4 and 4S models can take between 1 and 2 days depending on server wait times.

We can currently unlock ALL iPhone 3G/3GS/4/4S (GSM or WCDMA) iPhones from Koodo, TELUS, Rogers, Fido, AT&T & Sprint.

The benefits to unlocking your iPhone permanently as opposed to keeping your iPhone unlocked via interposer chip are:

  • Update to any iOS version without losing your unlock.
  • No Modified SIM Tray / Interposer required.
  • No need for instructions to use unlock chip. (no chip required)
  • Higher re-sale value.
  • Use with any carrier that supports iPhone worldwide.

Purchase a factory unlock for your iPhone using our online unlocking website here.

iPhone 4S iOS 5.1.1 Unlock Now Available at Ryan’s Unlock Shop

The long awaited  iPhone 4S iOS 5.1.1 Unlock is now available for purchase off of our unlocking website.  The newest unlock on the market works flawlessly with easy to use function, no programming, no 112, no SIM cutting required!  This unlock has been fully tested and will work with every carrier in Canada!

We have a limited quantity of the newest iOS 5.1.1 unlock so if you need one, give us a call or checkout on the site (Free Shipping to anywhere in Canada is INCLUDED.)

What are the “Top 4” benefits of Unlocking and Jailbreaking an iPhone 4S?

More and better apps

The main reason for unlocking your iPhone is to be able to install as many apps as you wish. This cannot happen when you have your iPhone running on the software that you bought with it. Some of the most important apps that will serve you are normally restricted. Most of the times when you try to install them on your new iPhone you will receive an error message similar to this- the application is not from a trusted supplier.  The best way that you can avoid this is by unlocking the newly purchased iPhone. After all, you bought the phone so that it could serve you in the ways that you wish for.

Change your iPhone camera to perform video recording

Well, many of us who have been using the iPhone can bear witness that the mobile handset does not perform video recording as expected by most users. This is one disadvantage that the iPhone developers failed to consider. You can easily overcome this nightmare by trying out to unlock your iPhone. Once you have unlocked it you will be able to use the normal camera that the phone has to carry out video recording. This will require you to install other applications that will facilitate this.

Use the best themes

One thing that we are used to in the iPhones is the normal interface that they have on their handsets. Are you bored by this? Well, I am a victim that cannot bear having the same theme each year I get a new iPhone. Therefore the best way to solve this issue is to unlock my iphone. It is very easy to download and install the themes that you want once your iPhone is unlocked. You should try out the themes that are compatible with your iPhone I am sure that you will love it.

Feeling of being free

Last but not least, the most important reason that we decide to have our iPhones unlocked is to have the feeling of being free to do anything. It is very hard to carry out any function on the iPhone that you have before you get to unlock it. This is because everything is copyright protected. This means that you are limited to the usage of your device. This is why we look for options that will break us free from the carrier that we are using.

 

Apple patches serious security holes in iOS devices

Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here’s the skinny of this batch of updates:

  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine. These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google’s Pwnium contest at this year’s CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue was discovered and reported by Google’s security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  1. Navigate to Settings
  2. Select General
  3. Select About. The version after applying this update will be “5.1.1″.

Ryan says: As always, do not update to 5.1.1 if your iPhone is unlocked or jailbroken already or if you plan doing this in the future.

New iPhone app enables self-destructing sext messages

Sexting, or the act of sending sexually explicit messages or photographs between mobile phones, continues to grow increasingly popular. Mobile users often have private photos posted to the Internet without their permission, and politicians and celebrities alike have taken explicit photos that using mobile devices that were eventually leaked. Unfortunately for Anthony Weiner, the congressman wasn’t aware of an iPhone app by the name of Snapchat. The program is available for free in Apple’s App Store and allows users to send photos that self-destruct within 1-10 seconds. Images cannot be saved in the app, and Snapchat will even notify users if the recipient takes a screenshot — though there is no way to prevent screenshots from being taken, of course. It should also be noted that images are stored on the developer’s servers, and while the company “attempt(s) to delete image data as soon as possible after the message is transmitted,” it cannot guarantee messages will always be deleted. “Messages, therefore, are sent at the risk of the user,” the company’s privacy policy warns.

Source: Forbes / BGR

Samsung, You’re Doing It Wrong With Android 4.0

The No. 2 bestselling Samsung smartphone in history won’t officially see an upgrade to Android 4.0, leaving owners to decide among buying a newer phone, sticking with Android 2.3, or hacking on a custom build of Google’s latest mobile operating system. The reason Samsung won’t be offering such an upgrade? According to Samsung Tomorrow by way of the Verge, Samsung’s own customized TouchWiz user interface is the answer, which sounds more like a lame excuse than a valid explanation.

Samsung’s Galaxy Tab—a 7-in. slate I’ve been using daily for more than a year now—is also on the “won’t see Android 4.0″ list, says the Samsung Tomorrow blog. I can understand we’re looking at a smartphone and a tablet that made their debut in 2010, and there’s a limited shelf life for future updates on mobile devices. What I don’t understand, nor accept, is that the issue is Samsung’s user interface software. Even worse, I think Samsung is shooting itself in the foot. Here’s why.

You have to treat current customers well. On the one hand, I can see Samsung’s stance if it chooses not to bring Ice Cream Sandwich (ICS) to these older devices. From a financial standpoint, those handsets and tablets are already sold, and Samsung has earned all the income it’s going to from the sale of such devices. To bring Android 4.0 to the Galaxy S and Galaxy Tab, the company would have to invest time, effort, and money to deliver the software. It has no financial incentive to do so. But customers don’t care about that and could decide to buy a competing product if they feel slighted.

Software add-ons should never stop product advances. Some people like TouchWiz, and some don’t. The same could be said for HTC’s Sense. Both are user interface add-ons atop Google Android, and neither should be the primary cause of stopping an Android update. HTC once fell into this same trap with Gingerbread on its Desire handset and eventually compromised by removing some custom apps to make room for the update.

This isn’t a technical issue, it’s a bad decision. My first thought about this situation was that perhaps the Galaxy S and Galaxy Tab didn’t have the horsepower to run Android 4.0. Yet the Nexus S, made by Samsung, will get the ICS software, and it has very similar specifications to the Galaxy S in terms of memory, storage capacity, and processor. And I’m willing to bet the Android enthusiast community will have a custom build of Android 4.0 for both devices, if it doesn’t already. How sad is it that external developers can make this happen, when Samsung can’t?

Will most people who own a Samsung Galaxy S or Galaxy Tab be in an uproar over this? Probably not, as they’ll likely never know about Samsung’s decision, nor will they be thinking about Android 4.0 for devices that are 18 months old. But the decision sets a bad precedent and suggests that Samsung is more concerned with selling newer hardware than supporting existing customers and their current devices.

My suggestion would be a compromise of sorts: Offer a stock version of Android 4.0 for these devices with the customer understanding and accepting the fact that the TouchWiz interface will no longer be available after the upgrade. Unless there’s a real technical reason for the lack of an Android 4.0 upgrade—something Samsung should make clear—this might be the best answer. It wouldn’t cost nearly as much for Samsung to develop and test, while consumers thinking Samsung has let them down might be more accepting of the situation.

Ryan:  Samsung needs to seriously get their &%#* together.  I would like to update my Samsung Galaxy Tab, I find it buggy and it force closes way too much, too bad I will be forced to workaround this to put 4.0 on myself manually.

 

Source: BusinessWeek

Apple releases iOS 4.3.4 update

Apple has released a security update for iOS that fixes the exploit used for easy jailbreaking of devices.

This update fixes the PDF vulnerability used on the JailbreakMe.com site to easily  jailbreak the device via the Safari mobile browser. This update means that hackers won’t be able to use the same vulnerability to compromise iOS devices.

Apple took nine days to plug this hole.

If you want to be protected, fire up iTunes, connect your iOS device and download this update. If you want to jailbreak your device, do so and then install the third-party patch created by the jailbreak community to plug the hole.

iOS update 4.3.4 is for GSM iPhone 4, iPhone 3GS, iPad 2, iPad, and third- and fourth-generation iPod touch. If you have a Verizon CDMA iPhone 4 then you need iOS 4.2.9.

Ryan Says:  Those of you still wanting to use the Jailbreakme.com website to download cydia should avoid the latest 4.3.4 Apple iTunes update.

Source: ZDNet

iPad 2 Will Come Carrier Unlocked

If you plan to buy a brand new iPad 2 this coming Friday, good news, as the 3G version of the upcoming device will come carrier unlocked, just like the first generation iPad. In other words, nothing will prevent iPad 2 owners, from using a SIM card from another wireless provider, in order to use the device on another 3G network.

The news comes from the folks over at iPadinCanada, who had the chance to talk to their local 3G providers, namely Rogers Wireless, Bell Mobility and Telus Mobility.

To be able to swap carriers, users will need to obtain – or fashion – a Micro-SIM card from their wireless carrier of choice, swap the SIM card that comes with the iPad, and fire up iTunes, to complete the switch. This news should come as a relief to international buyers eager to buy an iPad 2 via gray market channels, before the device is released in their respective countries, as the tablet will not need to be carrier unlocked via any specific tool to work out of the box. As for the U.S., T-Mobile fans will be able to use the device on their favorite network as well, but note that since T-Mobile uses non-standard 3G frequencies, the device may not be able to connect to T-Mobile’s 3G network in all markets.

One main caveat, the SIM card swap will only work with GSM/UMTS providers, as CDMA/EVDO providers do not use SIM cards, and use a completely different method to allow mobile devices to run on their network – if you were planning to buy a Verizon-compatible iPad 2 to use it on Sprint’s network, you’re out of luck.

Source: TechSnoops