• Our podcast feed
• Download Directly
• Subscribe via iTunes

Join Rene, Chad, Dieter, and the Cell Phone Junkie, Mickey Papillion, for iPhone vs. Droid, AT&T vs. Verizon, Jailbreak SSH attacks, the week in apps, and your questions live! Listen in!

Credits

Thanks to the the iPhone Blog Store for sponsoring the podcast, and to everyone who showed up for the live chat!

Our music comes from the following sources:

• I Called You — iPhone Remix by Pete Leidy
via Sneakmove iPhone Ringtone Challenge

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

TiPb Presents: iPhone Live! #75 — DROIDed!

So if you’ve jailbroken your iPhone, installed SSH, and still haven’t changed your password from the default despite our previous warnings about Dutch Ransomers and Australian Rickrollers? Maybe you thought those were just funny (as seen in this video from iPhoneMVP) and not worth worrying about? Well now things have gotten more serious — there’s a new attack making the rounds that just plain steals your data.

Same method of attack, the bad guy scans the local network for insecure SSH on Jailbroken iPhones, and when it finds it, begins to copy your contacts, messages, email, events, photos, media, etc. This could, of course, include passwords, financial data, and those pics you never got around to deleting…

If you haven’t already, go change your SSH password now. If you need help, go to the TiPb iPhone Forums and get it. Just secure your iPhone.

[Intego, thanks to everyone who sent this in]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Jailbroken, Installed SSH, Didn’t Change Password? New Attack Aims to Steal Your Data

For iPhone Jailbreakers using SSH to access their devices — without changing the default password — getting Rickrolled by a worm may be annoying (no worse than getting held for ransom by a hacker) but it’s a sign that far more insidious and malicious attacks are possible — so change those passwords now!

Back to the Rickroll. TUAW reports:

A hacker, going by the name “ikee,” created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.

And the new background is, of course, Rick Astley. While removal details are included in an interview with the hacker, it’s better to be safe than sorry. So, check our iMuggle’s tutorial on how to change your SSH password, and change it right away.

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Jailbreakers Who Don’t Change SSH Password — There’s a Rickroll for That

Apple is currently hiring and is in search of an iPhone OS platform security manager. What does the particular job consist of? Here is the low down:

The team is responsible for secure booting and installation of the OS, partitioning and hardening of security domains within the OS, cryptographic services, and risk analysis of security threats. The team is made up of a variety of security experts with backgrounds in system security and reverse engineering.

The more secure Apple makes the OS the harder it will become to find and use a particular exploit — for good, like our beloved jailbreak, or for evil, like we’ve seen with computer viruses, malware, etc.

Now don’t get us wrong, we are pretty sure that one person will not do away with our beloved jailbreak but this does raise some questions. Is Apple really concerned popular mobile devices will get attacked the way PCs do today? Or are they just done putting the practice of preventing jailbreaking (and the unlocking and app piracy that sometimes goes with it) on the back burner?

What do you think this may mean for the future of the jailbreak if anything? Sound off in the comments below!

[Job listing via Ars]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Apple Seeking iPhone OS Platform Security Manager: What does this mean for Jailbreaking?

We’ve warned you previously about some of the security vulnerabilities that come with jailbreaking your iPhone. Turns out a Dutch hacker has gone and made a point to a countless number of jailbroken devices by using a port scanning technique along with some networking smarts. Then after he gained access to the jailbroken iPhones the rest was easy. All of the devices that were hacked had unchanged root passwords along with SSH enabled. You’d know if you were hacked if the following message popped up on your screen:

If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.

Like promised, no harm was done or will be done. It turns out the hacker just wanted to teach people a simple lesson – change your root passwords and disable SSH. He’s even been nice enough to post directions on how to make sure your jailbroken iPhone is not at risk.

[Via Gizmodo]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Dutch Hacker Held Jailbroken iPhones Hostage Via Security Vulnerability

iPhone hacker extraordinaire, Geohot, blaming successful initial testing, has moved up the release for blacksn0w, his new iPhone 05.11.07 unlock tool, to… today! More specifically, noon today (Eastern time). And it looks slick:

If you are a loyal blackra1n user who kept the blackra1n.app on your iPhone, run it. You will see Icy replaced by an option “ra1n”. Install this to upgrade your app. After upgrading, run blackra1n.app again. You will see “sn0w”. Install this, and enjoy your unlocked iPhone.

He has notes up for new jailbreakers, pwnagetool users, and iPhone 2G owners as well (who don’t need blacksn0w but rather BootNeuter, as always).

(If you’re a Twitter user, show him love by helping #blacksn0w trend.) Lastly, a warning:

Also, a note. This may be the best iPhone users ever have it. Be sure, if you have a 3GS or iPod Touch 3, to use Cydia’s “On File” or Firmware Umbrella in order to be able to restore to 3.1.2 in the future. And as always, the baseband cannot be downgraded, so be super careful with updates if you need the unlock.

For more, head on over to TiPb’s Jailbreak and Unlock Forums, and happy sn0w day!

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

blacksn0w iPhone Unlock Day Moved To — Today

iPhone hacker, geohot, has released blackra1n RC2 for your enjoyment. It corrects a few small bugs from the first release and can be downloaded here.

• Fixed 3G issues
• Tethered jailbreak for 3.1 OOTB ipt 8GB and new 3GSes
• Fixed icy issues
• Both Windows and Mac
• If you used RC1 with success, no need to rerun

So nothing earth shattering but it is worth a mention and on the unlock side, geohot is not working on that but the Dev Teams MuscleNerd is. So rest be assured an unlock is being worked on, we just have to be patient.

[Via TiPb Forums]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Blackra1n RC2 iPhone Jailbreak Tool Released and Unlock Update

• Our podcast feed
• Download Directly
• Subscribe via iTunes

Join Dieter, Chad, and Rene for iPhone 3.1.2, iPhone 3GS Jailbreak pros and woes, the latest apps, Wi-Fi Direct, and all the latest news! Listen in!

Credits

Thanks to the the iPhone Blog Store for sponsoring the podcast, and to everyone who showed up for the live chat!

Our music comes from the following sources:

• I Called You — iPhone Remix by Pete Leidy
via Sneakmove iPhone Ringtone Challenge

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

TiPb Presents: iPhone Live! #71 — Jailbreak Broken!

It seems like just the other day TiPb linked to a concept rendering of what Apple’s Mac Exposé might look like for the iPhone, and now Steve Troughton-Smith, creator of Stacks for iPhone, has gone and brought it to Jailbreak.

It’s not publicly available yet, not via Cydia much less via Apple. But do we want?

[Slashgear via Engadget Mobile]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

iPhone “Exposé” Shown Off for Jailbreak!

Did Apple close the 24kpwn exploit in the latest shipments of the iPhone 3GS due to app piracy? MobileCrunch thinks it’s certainly a factor:

While jailbreaking allows for countless wonderful (but otherwise disallowed) apps to run on the iPhone, it also allows cracked versions of paid applications to be installed. As a result, piracy is mind-blowingly, soul-crushingly rampant on the iPhone. Many iPhone developers – such as those behind the popular IM client, Beejive – are reporting that 80 percent of their users are pirates. Yep. For every 10 users on Beejive, 8 of them didn’t pay for it. I’m no saint myself, and all of us here fully understand that a download does not equal a lost sale – but when 80% of the people using your app (and in Beejive’s case, your servers) aren’t paying to keep the lights on, it’s likely seen as a big issue.

As Jeremy posted yesterday, Apple has begun shipping iPhone 3GS with new boot ROMs patched against the longstanding 24kpwn exploit commonly used to Jailbreak the devices. We also saw some reports on the state of app piracy from Pinch Media.

What do you think? Would Apple turn a blinder eye towards Jailbreaking if app piracy wasn’t a factor? Or is Apple duty bound to patch known security exploits no matter what?

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Apple Closed Jailbreak Exploit Due to App Piracy?