All Your Apps Are Belong to Apple: The iPhone Developer Program License Agreement: Via EFF.org Updates.

The entire family of devices built on the iPhone OS (iPhone, iPod Touch, iPad) have been designed to run only software that is approved by Apple—a major shift from the norms of the personal computer market. Software developers who want Apple's approval must first agree to the iPhone Developer Program License Agreement.

So today we're posting the "iPhone Developer Program License Agreement"—the contract that every developer who writes software for the iTunes App Store must "sign." Though more than 100,000 app developers have clicked "I agree," public copies of the agreement are scarce, perhaps thanks to the prohibition on making any "public statements regarding this Agreement, its terms and conditions, or the relationship of the parties without Apple's express prior written approval." But when we saw the NASA App for iPhone, we used the Freedom of Information Act (FOIA) to ask NASA for a copy, so that the general public could see what rules conrolled the technology they could use with their phones. NASA responded with the Rev. 3-17-09 version of the agreement (it has reportedly been revised somewhat since—please send us the current version if you are able). [ Read more ... ]

Introducing the iKey – Apple's answer to the humble door key: Via Telegraph(UK).

Apple has already revolutionised the personal stereo and mobile phone, but now the computer firm behind the iPhone has its sights set on the humble front door key.

The computer giant, which manufactures the iPod and iPhone, has plans to replace the traditional door key with a hi-tech alternative.

It is developing technology, already being nicknamed the "iKey", which will mean that rather than carrying around a bunch of keys, people will be able to use a single electronic device to unlock their car, front door and gain access to their office.

Users would simply have to enter a pin code and wave the device over an electronic pad fitted beside a door to open it.

The technology is revealed in a newly published patent application, which has generated speculation that the next model of the iPhone will contain this feature. [ Read more ... ]

iPhone Privacy, Security Not What Apple Claims, Researcher Says: Via PCWorld.

Apple's claims about iPhone privacy and security are exaggerated, according to software engineer and security expert Nicolas Seriot, who gave a presentation yesterday about the iPhone at the Black Hat Conference in DC.

Apple's sandboxing technology restricts iPhone applications to operating system resources with a list of deny/allow rules at the kernel level, but these and other permissions are "way too loose," and "Apple should not claim that an application cannot access data from another application," said Seriot, who works as an iPhone programming trainer at a company called Sen:te. [ Read more ... ]

Terms of (Ab)Use: US and UK Consumers Dance to Different iTunes: Via EFF.org Updates.

Too often, online services draft their "Terms of Service" (TOS) agreements in ways that are one-sided and overreaching. In Europe, however, regulators are beginning to step in to protect consumers. In late November, the U.K.'s Office of Fair Trading (or OFT) announced that Apple, Inc. agreed to change the terms and conditions for its popular iTunes online music store in the United Kingdom. In particular, according to the statement from the OFT, the changes make the iTunes terms "clear, fair and easy to understand," and, more importantly, give consumers "clear and accurate information about their [] rights in case things go wrong." The OFT took action following a similar intervention by the Norwegian Consumer Council.

In the U.S., by contrast, there has been little regulatory attention paid to protecting consumers from overreaching TOS agreements. Thanks to a history of deference to "freedom of contract" in the U.S., along with a dearth of consumer protection laws that apply to online services, U.S. consumers often lack adequate protections from unfair "terms and conditions." [ Read more ... ]

Retrievable iPhone Numbers Raise Privacy Issue: Via Slashdot Your Rights Online .

TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. [ Read more ... ]

Apple betrays the iPhone's business hopes by InfoWorld: Yahoo! Tech: Via InfoWorld: Yahoo! Tech.

Thousands of users have been accessing e-mail, calendars, and contacts over Exchange connections through their iPhones or iPod Touches, not knowing they were compromising their corporate security. During that entire time, Apple has extolled its support of Exchange and convinced many businesses that the iPhone was a corporate-class device they should embrace or, at least, tolerate.

It also turns out that Apple had a similar issue -- with a similarly stealthy fix -- in its iPhone OS 3.0 update, which corrected misreporting about its VPN policy support. [ Read more ... ]

Apple to fix iPhone security flaw: Via BBC NEWS | Technology.

Apple is set to release a software patch to address a recently described security flaw in the iPhone, the UK network operator 02 has said.

Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network or hijacked altogether.

Phones incorporating the Windows Mobile and Google Android operating systems are also vulnerable, they said.

An O2 spokesperson said the patch would be available Saturday through iTunes. [ Read more ... ]

How To Hijack 'Every iPhone In The World': Via Forbes.com .

On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this." [ Read more ... ]

iPhone Jailbreaking Could Crash Cellphone Towers, Apple Claims: Via Threat Level.

The nation’s cellphone networks could suffer “potentially catastrophic” cyberattacks by iPhone-wielding hackers at home and abroad if iPhone owners are permitted to legally jailbreak their shiny wireless devices — that’s what Apple claims.

The Copyright Office is considering a request by the Electronic Frontier Foundation to legalize the widespread practice of jailbreaking, in which iPhone owners hack their devices to accept software that hasn’t been approved for distribution through the iPhone App Store. Apple made the claim in comments filed last week (.pdf) with the agency.

The company’s filing explained that jailbreaking could allow hackers to altering the iPhone’s BBP — the “baseband processor” software, which enables a connection to cell phone towers. [ Read more ... ]

Apple patching serious SMS vulnerability on iPhone: Via computerworld.

Apple may be working to fix an iPhone vulnerability that could possibly allow an attacker to remotely install and run unsigned software code with root access to the phone.

The theoretical attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said security researcher Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday. He didn't provide a detailed technical description of the SMS vulnerability.

Miller, the principal security analyst at Independent Security Evaluators, is an authority on MacOS X security, and is a co-author of The Mac Hacker's Handbook. He and another security researcher, Colin Mulliner, discovered the SMS vulnerability together.

An SMS flaw might allow an attacker to run software code on the phone that is sent by SMS over a mobile operator's network. In Miller's case, it appears he used the flaw he found to remotely crash an iPhone, a sign that a more serious attack might be possible.

"I don't have a working exploit for it, just a suspicious looking crash," Miller said. [ Read more ... ]

Beware of MobileMe phishing scam: Via The Unofficial Apple Weblog (TUAW).

Several TUAW readers have contacted us about a MobileMe phishing scam. These readers are getting an email that looks surprisingly official (see original psting). When they click on the Log In button, they're going to a page that has already been shut down. That might not always be the case.

Never, never, NEVER click on a link or button in an email asking for personal or financial information -- that's a sure way to become a victim of a phishing scam. [ Read more ... ]

Apple Rejects iPhone BitTorrent App: Via Threat Level.

Citing copyright infringement concerns, Apple won’t include a BitTorrent client in the App Store.

The Cupertino-based electronics company rejected Maza Digital’s Drivetrain, saying “this category of applications is often used for the purpose of infringing third-party rights. We have chosen to not publish this type of application to the App Store.” [ Read more ... ]

Apple v. EFF: The iPhone Jailbreaking Showdown: Via Threat Level.

PALO ALTO, California – To jailbreak or not to jailbreak the iPhone.

That was the heated topic of discussion late Friday between Apple’s iPhone marketing czar Greg Joswiak, Fred von Lohmann, the Electronic Frontier Foundation’s copyright genius, Copyright Office officials including registrar Marybeth Peters, the record labels, movie studios and software industry.

Apple vigorously opposed authorizing jailbreaking, saying copyright protections is what gave birth to the iPhone, the 1 billion app sales, 50,000 app developers and 35,000 apps. The EFF vigorously urged the Copyright Office to authorize jailbreaking, which in this case is hacking the phone’s OS, and hence allowing consumers to run any app on the phone they want, including those not authorized by Apple.

“It is my automobile at the end of the day,” von Lohmann said, a reference that iPhone users should be allowed to do what they want with their phones, just like car owners do. [ Read more ... ]

Apple proposes iPhone that calls the cops when stolen: Via AppleInsider.

In the latest installment of Apple's iPhone security-related patent filings, the Cupertino-based company describes the implementation of loss prevention software that would notify a security agency in the event the handset is lost or stolen, which could in turn lead to a police officer being dispatched to the current location of the device based on GPS coordinates.

Read Original Article (Via AppleInsider.)

Apple developing 'stealth' biometric security for iPhone: Via AppleInsider.

Apple has developed a new technique that would hide a biometric reader inside an iPhone or a Mac and let owners lock down their systems with fingerprints or even facial recognition -- all without ever having to break from their usual routine.

Published for the first time this week, a patent filing for the process reveals that Apple wants to provide a more secure method for preventing unauthorized access to a whole device -- or private information on that device -- than current techniques like passcodes; however, it also wants to avoid taking up the owner's time with a separate scan or consuming extra space with a distinct reader. [ Read more ... ]

New phishing scam targets MobileMe users: Via AppleInsider

In another attempt to con MobileMe users into providing their credit card information, a scammer has sent out spam spoofed to appear to come from Apple, which directs users to a fake site designed to look like Apple's. Users who follow the email link and enter their information on the poorly formatted, fake Apple web page will be sorry. [ Read more ... ]

Apple says jailbreaking is illegal : Via The Unofficial Apple Weblog (TUAW)

The Electronic Frontier Foundation has posted the news that Apple has filed comments with the US Copyright Office stating that the act of jailbreaking your iPhone is a copyright infringement and a DMCA violation, and therefore illegal. The EFF says that Apple is claiming that jailbreak apps still require modified versions of Apple's software, and Apple apparently believes that those versions are infringing on their copyrights. [ Read more ... ]

minilinks for 2009-01-28: Via EFF.org Updates

• ACLU Requests Bush-era Memos
  In a test of President Obama's commitment to transparency, the ACLU requested sensitive Bush administration memos on torture and wiretapping that have long been sought by privacy and human rights advocates.
  
• Patriot Act Used to Punish Fliers
  Conflicts with airline staff have led to fliers facing federal terrorism charges. 
  
[ Read more ... ]
Bookmark/Search this post with:
• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo

Trojan Hides In Pirated Copies of Apple iWork '09: Via Slashdot

CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."

Read Original Article ( Via Slashdot. ) [ Read more ... ]

iTunes DRM-Free Files Contain Personal Info - Via Slashdot: Your Rights Online:

r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."

(Read Original Article - Via Slashdot: Your Rights Online.)

Calling All iPhone Developers: Support EFF's DMCA Exemption for Jailbreaking - Via EFF.org Updates:

iPhone application developers have until February 2, 2009 to submit comments to the Copyright Office in support of EFF's proposal for a DMCA exemption for iPhone owners who want to "jailbreak" their iPhones to gain the freedom to install applications of their choice. If you're an iPhone app developer, and you have a story about your frustration with Apple's chokehold over iPhone apps, please share it with the Copyright Office. Legalizing jailbreaking is a critical step in loosening Apple's grip and creating an open market for iPhone applications.

Apple uses "software locks" to prevent applications other than those sold from the iTunes App Store from running on the iPhone. The process of modifying an iPhone to run applications from other sources is known as "jailbreaking" (this is different from "unlocking," which generally refers to modifying an iPhone to operate with a different network carrier). [ Read more ... ]

Apple Shows Us DRM's True Colors - Via EFF.org Updates:

At this week's Macworld Expo, Apple announced that by April, music from the iTunes Store will no longer be shackled by digital rights management (DRM). Finally, DRM is good and fully dead for digital music -- gone from CDs, gone from downloads, and largely dead for streaming.

Apple's announcement comes nearly a year after Amazon.com's DRM-free MP3 deals went live, demonstrating that the record labels were holding the DRM card until they could wring business concessions from Apple (in the form of variable pricing). This just underscores that DRM is not really about stopping piracy, but rather about leverage over authorized distributors.

In fact, an inventory of Apple's remaining DRM armory makes it vividly clear that DRM (backed by the DMCA) is almost always about eliminating legitimate competition, hobbling interoperability, and creating de facto technology monopolies: [ Read more ... ]

Network Neutrality Defenders Quietly Backing Off?: Via Slashdot

SteveOHT writes "Google Inc. has approached major cable and phone companies that carry Internet traffic with a proposal to create a fast lane for its own content, according to documents reviewed by The Wall Street Journal. Google has traditionally been one of the loudest advocates of equal network access for all content providers. The story claims that Microsoft, Yahoo, and Amazon have quietly withdrawn from a coalition of companies and groups backing network neutrality (the coalition is not named), though Amazon's name is reportedly once again listed on the coalition's Web site. [ Read more ... ]

Huge iPhone Cut-and-Paste Tool Security Flaw: Via Slashdot

Harry writes "I'm using Pastebud, the new third-party copy-and-paste solution for the iPhone. It's extremely clever, using a Web-based clipboard to get around the fact that Apple doesn't provide one on the phone. Unfortunately, it seems to be giving users access to e-mails that other Pastebud users send to their clipboards. This has happened to me repeatedly and is being reported by other users in Pastebud's Get Satisfaction support forum. Pastebud is operational and still doing this as I write, even though a message at Get Satisfaction says they're working on the problem."

Read Original Article ( Via Slashdot. )

Apple Confuses Speech with a DMCA Violation: Via EFF.org Updates

Slashdot reports that Apple has sent a "cease and desist" email to bluwiki, a public wiki site, demanding the removal of postings there by those who are trying to figure out how to write software that can sync media to the latest versions of the iPhone and iPod Touch.

Short answer: Apple doesn't have a DMCA leg to stand on.

At the heart of this is the iTunesDB file, the index that the iPod operating system uses to keep track of what playable media is on the device. Unless an application can write new data to this file, it won't be able to "sync" music or other content to an iPod. The iTunesDB file has never been encrypted and is relatively well understood. In iPods released after September 2007, however, Apple introduced a checksum hash to make it difficult for applications other than iTunes to write new data to the iTunesDB file, thereby hindering an iPod owner's ability to use alternative software (like gtkpod, Winamp, or Songbird) to manage the files on her iPod. [ Read more ... ]