Tag Archive: Cell Phone Repair


Apple Is Beta-Testing A Fix For Evasi0n Jailbreak

All good jailbreaks must come to an end.

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang tells me that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

“If one of the vulnerabilities doesn’t work, evasi0n doesn’t work,” he says. “We could replace that part with a different vulnerability, but [Apple] will probably fix most if not all of the bugs we’ve used when 6.1.3 comes out.”

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Despite that frenzy, Apple has hardly scrambled to stop the jailbreaking.  Evasi0n has already gone unpatched for three weeks. That’s far longer, for instance, than the nine days it took Apple to release a fix for Jailbreakme 3.0, the jailbreak tool released in the summer of 2011 for the iPhone 4, which was by some measures the last jailbreak to approach Evasi0n’s popularity.

Apple’s slow response to Evasi0n is explained in part by the relatively low security risk that the tool poses. Unlike Jailbreakme, which allowed users to merely visit a website and have their device’s restrictions instantly broken, Evasi0n requires users to plug their gadget into a PC with a USB cable. That cable setup makes it far tougher for malicious hackers to borrow Evasi0n’s tricks to remotely install malware on a user’s phone or tablet.

Security researchers have nonetheless pointed out that Evasi0n could give criminals or spies some nasty ideas. The tool uses five distinct bugs in iOS, all of which might be appropriated and combined with other techniques for malicious ends. And F-Secure researcher Mikko Hypponen points out that if a hacker used a Mac or Windows exploit to compromise a user’s PC, he or she could simply wait for the target to plug in an iPhone or iPad and use evasi0n to take over that device as well.

More likely, perhaps, is a scenario described by German iPhone security researcher Stefan Esser. He argues that a hacker could use a secret exploit to gain access to an iPhone or iPad and then install evasi0n, using the jailbreaking tool to hide his or her tracks and keep the secret exploit technique undiscovered by Apple and unpatched. “That way they protect their investment and leave no exploit code that could be analyzed for origin,” Esser wrote on Twitter.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang tells me that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

But then again, Wang says he hasn’t yet been able to check Apple’s patch for every bug it might fix–either the ones evasi0n employs or those he and his fellow hackers had hoped to keep secret for their next jailbreak. “If they patch most of the bugs,” Wang says. “Then we’re starting from scratch.”

Ryan says:  We’re offering our customers the opportunity to Jailbreak their iPhone 5 for FREE until the end of March! – Call Ryan to book an appointment!

Source: Forbes

Blacklist created to fight smartphone theft

Canada’s wireless carriers are targeting smartphone theft by setting up a database that will blacklist lost or stolen phones to prevent them from being reactivated.

The move would also help protect personal data on such devices, the Canadian Wireless Telecommunications Association said Thursday.

Smartphones are worth $600 to $700 and can be resold on the black market, noted association president Bernard Lord.

“With this database, it makes that a lot less attractive because the buyer of the stolen phone will not be able to connect to any network in Canada,” Lord said from Ottawa.

“It eliminates the incentive for stealing a device.”

The idea is also to reduce the black market value of a smartphone in the eyes of criminals, Lord added.

Once consumers call their wireless carrier to report their smartphone lost or stolen, the device’s internal identification number goes on the electronic blacklist.

Lord said even though more smartphones are lost than stolen, law enforcement officials have raised concerns about the issue.

The database for the Canadian wireless industry will be up and running by September 2013 and Canada’s carriers will also be contributing to an international database to help prevent smartphone theft, he said.

However, consumers who have their smartphones lost or stolen are “not off the hook” for paying their smartphone contracts.

A website will also be set up by the association to help consumers protect their smartphone data and help protect themselves from theft.

Lord said the smartphone’s ID number — called the international mobile electronic number — will be verified by carriers to make sure the device has not been lost or stolen.

The Canadian Radio-television and Telecommunications Commission congratulated the wireless industry for the initiative, but would like the database running sooner rather than later.

“I would strongly encourage the industry to implement the database before September 2013 to ensure Canadians benefit from this added protection as soon as possible,” chairman Jean-Pierre Blais said in a statement.

The creation of a database and collaboration to make sure stolen or lost devices aren’t reactivated will help make them less desirable to thieves, Blais said.

“The CRTC has been concerned for some time about reports of an increase in crimes involving lost or stolen cellphones.”

Telus said while the wireless industry, law enforcement, and regulators all have a role to play, smartphone users need to think about where they’re buying their devices.

“We ask consumers to reconsider buying phones on sites like eBay, Craigslist, or Kijiji and instead buy their devices from a verified dealer,” Telus spokesman Shawn Hall said.

“If you buy a phone from Craig’s List it might be legitimate, but it could be stolen and then you will likely be unable to get it activated,” he said.

Smartphone use in Canada is among the highest in the world and penetration has exceeded 50 per cent, Lord said.

Canada’s wireless industry will spend about $20 million on the initiative, he said.

The United States is also taking steps and will have a similar database to fight the black market for smartphones in November 2013, Lord said.

Ryan says:  This should change the market in the way deals are made on classified for sale sites.  Phones will be checked first to see if they work properly before buying.  New tricks will be implemented ie. IMEI / IMSI masking so I do not see this as a long term solution for blacklisting phones but its a move in the right direction.

Source:  CTV News

Latest Java software opens PCs to hackers: experts

Computer security firms are urging PC users to disable Java software in their browsers, saying the widely installed, free software from Oracle Corp opens machines to hacker attacks and there is no way to defend against them.

The warnings, which began emerging over the weekend from Rapid7, AlienVault and other cyber security firms, are likely to unnerve a PC community scrambling to fend off growing security threats from hackers, viruses and malware.

Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java. Once in, a second piece of software called “Poison Ivy” is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.

Several security firms advised users to immediately disable Java software — installed in some form on the vast majority of personal computers around the world — in their Internet browsers. Oracle says that Java sits on 97 percent of enterprise desktops.

“If exploited, the attacker will be able to perform any action the victim can perform on the victim’s machine,” said Tod Beardsley, an engineering manager with Rapid7’s Metasploit division.

Computers can get infected without their users’ knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant.

Java is a computer language that enables programmers to write one set of code to run on virtually any type of machine. It is widely used on the Internet so that Web developers can make their sites accessible from multiple browsers running on Microsoft Windows PCs or Macs from Apple Inc.

An Oracle spokeswoman said she could not immediately comment on the matter.

Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems Inc

Rapid7 has set up a web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack: www.isjavaexploitable.com

Source: Reuters

Ryan says: I would recommend updating to the latest version of Java.  The latest version of Java Runtime Environment JRE-64-bit is here. For users with older computers, try downloading the latest version in 32-bit.

If You Have a Smart Phone, Anyone Can Now Track Your Every Move

Location services company Navizon has a new system, called Navizon I.T.S., that could allow tracking of visitors in malls, museums, offices, factories, secured areas and just about any other indoor space. It could be used to examine patterns of foot traffic in retail spaces, assure that a museum is empty of visitors at closing time, or even to pinpoint the location of any individual registered with the system. But let’s set all that aside for a minute while we freak out about the privacy implications.

Most of us leave Wi-Fi on by default, in part because our phones chastise us when we don’t. (Triangulation by Wi-Fi hotspots is important for making location services more accurate.) But you probably didn’t realize that, using proprietary new “nodes” from Navizon, any device with an active Wi-Fi radio can be seen by a system like Navizon’s.

Navizon’s technology is also reminiscent of the location data provided to retailers and marketers by Skyhook’s Spotrank system, which has a different set of pros and cons: That data is available for every point on the planet, but it only includes devices running Skyhook software.

The rollout of this technology means there are now at least three ways that users can track their locations indoors, where GPS is generally useless — bluetooth beacon, Spotrank (and proprietary vendor) databases of Wi-Fi hotspots, and Navizon’s I.T.S. nodes. It also marks the second way (that I know of) for you to be tracked via the location of your phone, whether you want to be or not. (The first requires access to your cell phone carrier, and is used for example to locate your position when you make a 911 call.)

It shouldn’t be surprising that carrying around a little RF transmitter in your pocket makes you visible to all sorts of tracking technology. Maybe it’s simply the (inevitable) commercialization of this fact that is somehow unnerving.

 

 

Source: Technology Review

WARNING: Factory Resetting your Android may leave private data on your device

It’s never fun to have to issue a warning, but a new study by the LA Times indicates that the Factory Reset function on Android devices may not work as advertised. The site worked with a security expert to run a test on BlackBerry, Android, and iOS devices as well as PCs. It discovered that important, sensitive data could be retrieved on a large portion of Android devices even after the Factory Reset feature had been properly used.

Robert Siciliano, an identity theft expert from McAfee performed the experiment, where he purchased 30 used devices (mostly smartphones and laptops) from random users on Craigslist. His goal was to see how smart people were about removing their personal information from phones, but as it turns out, even though a majority of owners did correctly Factory Reset their Android devices, he was still able to retrieve vital data like “Social Security numbers, child support documents, credit card account log-ins, and a host of other personal data.” This finding is all the more disturbing since he could find no problems with the way iPhones, iPads, or BlackBerry devices delete their data. The only other weak link was Windows XP, which is so old it’s almost expected.

We’ve reached out to Google’s Android team to try and learn more about this potential vulnerability, but have not heard back as of publication. We’ll update this article if and when we get some answers.

Until we learn more, we don’t recommend that you don’t sell your used Android devices to anyone that you don’t know or trust. It’s quite possible that personal information could be leaked from it.

Ryan: I’ve owned a couple Android phones and I also have the Galaxy Tab.. I am back to BlackBerry and using the 9900, I find Android Phones to drop calls and bug out with force close errors more often like I like when using a phone.  And I can’t seem to drop this keyboard.. emails are much quicker on a BlackBerry than other devices. It would be interesting if RIM decided to let other companies use their keyboard design.

Source: DigitalTrends

Apple wins ‘device destroying’ injunction against Motorola

Apple, which continues to disrupt the mobile space with its patent litigation, has successfully won a case against rival Motorola, in which a photo management patent was infringed.

The German court ruling said that the “zoomed in” mode for viewing photos on Motorola’s Android handsets infringed the Apple-held patent, but not the “zoomed out” mode. EU Patent No. EP2059868 originally derived from another patent, which allowed photos to ‘bounce’ when they are over-scrolled; because people will attempt to claim anything nowadays.

FOSS Patents author Florian Mueller understands that Apple could order the destruction of devices if it chooses so.

“If Apple enforces the ruling, it can even require Motorola to destroy any infringing products in its possession in Germany and recall, at MMI’s expense, any infringing products from German retailers in order to have them destroyed as well.”

Having said that, Motorola played down the fears that devices could be subject to such ghastly ends by saying that doesn’t expect the ruling to affect future sales, and that it has “implemented a new way to view photos”, reports Bloomberg with a spelling mistake.

While Motorola can continue selling the devices, it did not comment on Mueller’s comments that would lead to ultimately the mass graves of Motorola phones. Motorola has said that it has already sought a workaround to prevent its smartphones from infringing Apple’s patent, thus rendering the court’s judgement effectively useless.

It appears from this, that not only is Germany a hot bed of patent activity, litigation — and frankly, trolling — but while one company sues another, the defendant in each case is more often than not forced to simply modify the software of the phones.

If you thought the patent wars were all in Apple’s favour, you would be wrong. It was just over a week ago when Apple pulled the plug on its iCloud and MobileMe push email feature within the borders of Germany, after Motorola won a patent claim of its own.

Source: ZDNet