Author Archive | Jason Meserve

iPhone SMS Vulnerability: Should You be Scared?

iPhone ScreamRun for the hills! That’s the message iPhone owners are receiving after multiple reports say security researchers will tomorrow unveil an iPhone vulnerability that could allow the popular device to be taken over via simple SMS (or text) message.

The bug, discovered by iPhone hacker Charlie Miller, will be outlined during a presentation at the Black Hat security conference in Las Vegas on Thursday. Miller’s presentation will supposedly show, as Forbes’ headline screams, “How To Hijack ‘Every iPhone In The World’”. To do so, attackers only need to send a series of specially-formatted SMS messages to an iPhone in order to take over functions such as dialing and turning on the camera and microphone, as well spreading the attack via an affected iPhone’s contact list.

Apple, which Miller notified about the bug six weeks ago, has not commented on the vulnerability and as of this writing has not released a patch for the problem. What can iPhone owners do in the meantime? Miller tells Forbes about the only thing that will surely protect the device is to turn it off.

Miller’s talk isn’t the only centered around SMS vulnerabilities. Other talks will show a somewhat similar flaw in Windows Mobile that would allow for complete control of a device to be achieved through a SMS hack. A third Black Hat talk will center around how an SMS flaw that affects both iPhone and Google Android devices could be used to knock impacted phones off a carrier network for upwards of ten seconds via a blast of SMS messages.

Should you be scared of these newest flaws and really turn off your iPhone in anticipation of an attack? I don’t think so. The SMS attack vector is not all that new. This past spring, CSO Online did a video demonstration of such an attack against various smart phones (see parts one and two of the video).

While the various Black Hat presentations this week will show SMS as being a newer vector for attacking popular smartphone platforms, the odds are still relatively low that any one device will be hit. Most likely (or hopefully), device makers like Apple and carriers will come up with a patch for the SMS flaws well before any mainstream attacks occur. You have a greater chance of being bitten by a Twitter-based hack than an SMS attack.

5 comments

No Google Voice Apps for the iPhone

Google Voice LogoGoogle Voice aficionados–of which there are more by the day–were excited to see mobile apps for the service launch for Android and BlackBerry devices. The general consensus: A similar iPhone app must be right around the corner. Not so fast.

The unofficial GV Mobile app written by Sean Kovac has been rejected by Apple or, more likely, AT&T, according to Mashable and Kovac. GV Mobile lets Google Voice account holders dial numbers through the address book or keypad, send SMS messages, retrieve call history data and take calls on a different phone–all functions the Google Voice web site offers. Google too had its official Voice application rejected by Apple, according to TechCrunch.

The problem with Kovac’s app, Apple says, is that this duplicates functionality of the iPhone and therefore is not needed. “Richard Chipman from Apple just called–he told me they’re removing GV Mobile from the App Store due to it duplicating features that the iPhone comes with (Dialer, SMS, etc). He didn’t actually specify which features, although I assume the whole app in general,” Kovac wrote on his blog.

Continue Reading →

4 comments

Facebook Crushes E-mail When It Comes to Sharing

Facebook LogoGiven Facebook’s immense popularity, it comes as no surprise that it is the top place to share information, according to Mashable and sharing widget maker AddToAny. Facebook accounts for 24% of the sharing of links to articles, videos and other content, far outpacing second-place e-mail at 11%. E-mail’s hold on the second slot is in jeopardy though, as Twitter quickly rises through the ranks. The microblogging site accounts for 10.8% of information shared, AddToAny says.

E-mail’s demise as a sharing medium is not a surprise either: Its use among netizens stands at 65.1 percent, while “community sites” reach 66.8 percent. That data seems a bit odd, given that to do anything online, you need an e-mail address. Try signing up for Facebook without one. My guess is that figure refers toactive e-mail users.

At last week’s New Hampshire Social Media Breakfast, John Herman, a teacher at Epping (New Hampshire) High School, said his students barely use e-mail, mainly as a way to sign up for other services before forgetting their passwords and never checking e-mail again. Herman’s story is anecdotal, but does show e-mail’s decline as a central hub for information sharing.

Good or bad, e-mail is not going away. Corporations are not going to share vital company data via Facebook or other public service. But, social networks are perfect for sharing non-critical information with group of people and then aggregating responses from the recipients. Facebook, Twitter, and the rest of the social networks could be the antidote for the dreaded “reply-all” disease. Rather than in-boxes cluttered with “Me too” and “That’s great!” replies from a litany of people you may not know, social networks are serving as the catchall for everyone’s need to chime in and giving hope to those that desire to “zero” their inboxes.

One comment

iPhone Tethering Cat-and-Mouse Game Continues

MacRumors reports that the latest iPhone 3.1 beta 2 OS release breaks hacks that allow AT&T customers to tether their phones to their PCs for wireless access. As all iPhone enthusiasts know, “legal” tethering is available in most other countries already, but AT&T hasn’t yet rolled out the feature to US iPhone customers.

It’s not surprising the latest OS update breaks tethering hacks. Since the introduction of the iPhone, there has been a cat-and-mouse game between Apple/AT&T and hackers looking to make their phones a little more open than allowed under the iPhone operating agreement. Most hacks are wiped out by new OS upgrades, but are quickly re-hacked by enthusiastic coders looking to expand the iPhone’s capabilities and access functionality not yet officially available on the device, like video capture on the iPhone 3G (prior to the 3.0 OS release).

The tethering hack though seems to be more of a stick in the eye to AT&T. Obviously, the iPhone is fully capable of supporting tethering via USB or Bluetooth, but customers say AT&T is dragging its feet when it comes rolling out the service. There is also the issue of how much extra change a tethering plan will cost iPhone customers, who already shell out $30 for unlimited data service. Other rumors peg tethering plans ranging from $10 to $55, depending on the source. AT&T has shot down the rumors though and says more details will be forthcoming as the unannounced launch date gets closer.

Personally, I want the MMS functionality turned on first. It’s ridiculous that my fancy iPhone can’t send or receive a picture message, but my wife’s basic cell phone on another network can.

3 comments

US: We’re Number 33 in Broadband

Good news, bad news. First the good: The United States moved up two places in the global broadband speed rankings, according to Akamai’s latest State of the Internet report out today. Bad news: We’re still only 33rd when it comes to percentage of broadband connections above 2Mbps.

Switzerland ranked first in terms of top-tier connections, with 92% being above the 2Mbps level, while the US scored only 63%. Among the countries ahead of us: Slovakia, South Korea, Romania, and Monaco. Poor Tunisia, which ranked first in the last report, fell out of the top 10 after an 18% decline.

Since it is probably not an option to become an expatriate just to get faster broadband, your next best option is to move to the East Coast, which dominates the top 10 states with the best internet connectivity. Number one is Delaware with 62% of connections above 5Mbps, followed up by New Hampshire (must be all the political pull from the Presidential Primaries) at 59%, a 5.1% increase over last quarter. New York, Nevada, Vermont, Rhode Island, Connecticut, the District of Columbia, Oklahoma and Maine, round out the top ten.

Continue Reading →

4 comments

Denial-of-Service Attack Tried to Catch Government Sites Napping

While the United States was busy celebrating Independence Day and worrying about North Korea launching missiles towards Hawaii, a massive 50,000-node botnet began targeting US government Web sites, successfully bringing down the Federal Trade Commission and Department of Transportation sites.

According to Computerworld, the attacks started appearing on the 4th, with government and business sites as the primary target, including the New York Stock Exchange, the White House, and the Washington Post’s Web sites. Many were able to deflect the attack enough to stay online, but the researchers say FTC and DOT sites did go down under the traffic load. Sites in South Korea were also targeted.

Over the weekend, the distributed denial-of-service attack was consuming upwards of 40 gigabytes of bandwidth per second, enough to overload sites not prepared for massive simultaneous traffic. As of yesterday, the rate of traffic fell to only 1.2 gigabytes per second.

Researchers say the code behind the botnet is not all that sophisticated and does not use the typical antivirus evasion techniques found in other networks. Despite its simplicity, the DdoS attack was successful. “It’s the biggest I’ve seen,” an expert, who asked not to be identified because he was not authorized to discuss the matter, told Computerworld.

Timing could be a key to the attack. By launching on the weekend, particularly a major holiday, the attackers were likely figuring guard would be down as people spent the time celebrating. In this case, they seemed to have bet correctly.

One comment

Obama Edges Jackson in Net’s Most Watched Sweepstakes

Stevie WonderThose that believe what happens in Washington and government in general is more important that the funeral of a major celebrity can take heart today as the much ballyhooed memorial service for Michael Jackson didn’t break the streaming records set by Barack Obama’s inauguration as our 44th president.

While the numbers were big, Jackson’s 2.185 million streams served over Akamai fell well short of the 7 million delivered when President Obama was sworn in to office, says MediaMemo’s Peter Kafka. CNN claims it served 781,000 concurrent streams for Jackson, which lags behind the 1.3 million served on January 20. Ustream did have its biggest day ever, serving 4.6 million streams through its partnership with CBS.

That’s not to say the King of Pop’s service didn’t flood the Interwebs. Akamai said it surpassed 2 terabits per second during the memorial service, according to GigaOM. Also, there were over 3.9 million visitors per second at the height of the service at 1pm EST, second to the 4.24 million/second visitors that hit news sites on June 25, the day Jackson’s death shocked the world.

Overall, the Internet seems to have held up better to the memorial than it did to news of Jackson’s death. Anecdotally, there didn’t seem to be many complaints on network slowness or sites going down on Twitter and other sources during the service, unlike when Jackson died. Obviously with that much traffic, there were some slow downs though. Gomez said its Internet “availability index” fell to 98.2 percent at one point yesterday, down from the usual level of 99.65 percent. It also said Twitter suffered from a heavy traffic load, though I didn’t notice any odd issues with the service during the funeral broadcast yesterday.

While Obama’s numbers were bigger, Michael Jackson’s memorial is still a major milestone for the Web and its ability to stream live events efficiently to a global audience.

But now, we can get back to more important things, as President Obama himself predicted: “Michael Jackson, like Elvis, like Sinatra, when somebody whose captivated the imagination of the country for that long passes away, people pay attention. And I assume at some point people will start focusing again on things like nuclear weapons.”

2 comments

Bejeweled Blitz Blitzed by Seattle Data Center Fire

BejeweledFacebook users looking to kill a little time before the Fourth of July fireworks with a quick game of the popular Bejeweled Blitz game were greeted with an error message saying the site was down due to a fire at the data center that hosts the game’s servers.

“There was a major fire at Bejeweled Blitz’s server hosting facility last night. We would like to say that the heat of everybody’s gem swapping burned up the servers, but unfortunately in this case it was an actual fire,” the message from PopCap read on the Bejeweled Blitz’s Facebook page. The company said it was hoping to have things back up and running later tonight.

It doesn’t look like PopCap Games main site was affected by the outage, caused by a fire in an electrical vault at Seattle’s Fisher Plaza. But a number of other sites are suffering, including Bing.com’s travel site, Authorize.net and adhost.com, according to a list compiled by Kyle Mulka. And in a domino-effect progression, other sites had trouble, such as those that use Authorize.net for credit-card processing.

Adhost posted on its site: “Beginning at approximately 11:18 PM on July 2nd and continuing through the present time Fisher Plaza experienced a significant power event that required all power systems including street power, UPS, and Generator power to be completely shut down in Plaza East.”

Amazing that a major hosting provider would have single point of failure in the electrical system. A few hosting data centers I’ve visited featured redundant electrical feeds coming in at opposite ends of the building from different circuits. Having multiple locations for failover would help too, but that option is probably not fiscally feasible for smaller companies.

Some reports say power could be restored by 5pm Pacific Time. If not, go enjoy a BBQ or real fireworks instead of playing Bejeweled Blitz.

One comment

Tweety Bird No Longer King of the Tweets

TwitterTweety Bird can say he think he taw a putty cat all day long, but he better be careful of how he uses Tweet as a word. Turns out, Twitter has a trademark on the word used to describe microblog entries on the social networking giant.

The trademark was unearthed after Twitter sent a note to a third-party developer saying it was “uncomfortable” with the UI the developer created in that it was too similar to the Twitter interface. Twitter also mentioned that using the word “tweet” was not kosher either, as it was one of its trademarks, TechCrunch reports.

Twitter co-founder Biz Stone says the company wants to encourage the flourishing ecosystem around Twitter, but that it does have to protect its “marks, logos, or look and feel.”

Trademarks are a tricky area, particularly for words that fall into common lingo. People say they’re going “rollerblading” all the time. But unless they’re using actual Roller Blades, they’re technically “inline skating.” Obviously, a company like Twitter is not going to go after everyone that uses tweet in trademark infringing manner, but those sites that do become more popular will have to watch out what Twitter lingo they adopt.

No word on how this will impact the use of words like Tweetup, Twestival, Tweep and every other “tw-” word that springs up around the Twittersphere.

2 comments

Standardized Phone Charger Would be a Godsend

Europe is doing it right: A group of major cell phone manufacturers that control 90 percent of the market–including Nokia and Sony Ericsson–have backed a European Union standard for phone chargers that would mean that buying a new phone wouldn’t require you to throw out the old charger.

Reuters reports that the standard only applies to data-enabled phones, which are expected to account for half of all phone sales in 2010. European consumers will be able to buy standardized phones that use a micro-USB socket starting next year.

The big question: When is this coming to the United States? Apple has sort of hit on a standard for chargers, given that the iPhone and iPod use the same Dock Connector. But the compatibility ends once you leave the Apple family of mobile devices. (And isn’t universal even with Apple gadgets: Recent iPhones and iPods don’t work with older car chargers.)

Why can’t others agree to use the same charger technology? Money is obviously part of it. The cell phone companies and stores have to love socking customers with a new $35 car charger every time they buy a new phone. But wouldn’t the goodwill of coming up with an environmentally friendly system go a lot further with customers?

Imagine not having to dig through a drawer full of cords, trying to find the right one that fits your phone. Or when a out of town guest visits and forgets their own charger, you’d easily be able to share. Hopefully the EU movement will spread quickly on this side of the pond.

3 comments