Mac Chick of The Month

Prepare to freak out! iPhone developers are using apps to pass your phone number to telemarketers

September 29, 2009 by Dr. Macenstein · 13 Comments
Filed under: Apple Bashing, Rumors, Security, iPhone

Our good friends over at the French Mac site Mac4Ever have alerted us to a somewhat alarming development. Apparently a few days after purchasing the Swiss app MogoRoad, a free radar tracking application, users are reporting receiving telephone calls asking them if they’d like to purchase the FULL version of the application. When asked how the caller had obtained their number, the responses vary, but generally the person tells you that Apple sent them their number at the time of purchase.

Obviously this is not the case, as Apple does not forward any information on its customers to third parties, so Mac4Ever did a little testing using the latest iPhone SDK and discovered that it is extremely easy for a developer to send a user’s phone number to their servers without their knowledge. In fact, the hole has been around since the 2.1 firmware.

“But after deep investigation, it appears that programmers are able to retrieve the personal iPhone’s user number, with one unique line of code! This data can then be sent to remote databases, which collect personal information, without notifying the user.

We tried this method quickly with the official SDK: it works !

Readers mostly pointed out mogoRoad , a swiss application that gives traffic information for free. When reading comments on iTunes, it’s clear that a lot of people did receive the famous call as well.

Currently, the buyer explicitly gives its coordinates as Apple. Developer side, Apple is the only interlocutor, and it is impossible to have access to personal data of customers. But the access number is available since firmware 2.1, according to our survey. Moreover, it seems surprising that those responsible for the validation does not check that certain sensitive data, such as phone number, do not pass freely through the internet. This could be the beginning of a real scandal for the firm Iceberg, because nobody knows how many applications currently collecting phone numbers. “

We’ve yet to hear of any reports of this type of data collecting here in the US, but this is exactly the type of thing that tends to freak out privacy advocates (and rightly so, if true), so prepare for this one to spread across the interweb even faster than the usual anti-iPhone news.

Tags:

Full FileMaker client coming to iPhone - FileMaker 11 coming soon

August 16, 2009 by Dr. Macenstein · 2 Comments
Filed under: Rumors, Security, Software, iPhone

Despite increased security, a naughty little bird reports from inside the FileMaker conference this weekend giving us a few details about FileMaker 11, as well as news that we can expect a full FileMaker client for the iPhone to drop very soon.

“filemaker for iphone is very near. im at the conference right now. They seem to be very careful n this news and we all had to sign for it too… crazy unlike other filemakers.. also filemaker 11 as well. Some of the new features include grouped layouts, more triggers, and graphs built into filemaker… kinda like bento but much more powerful… we didnt get to play with it yet though… we will see it again I believe the end of conference”

We’ll keep you updated as we learn more.

Tags:

New Mac Trojan appears in pirated versions of Photoshop CS4 - 5,000 infected so far

January 26, 2009 by Dr. Macenstein · 24 Comments
Filed under: Security

I’ve said it before and I’ll say it again, “Just Say No to Torrents, kids!”

Uh oh… another week, another Mac Trojan horse discovered. This time around, it’s folks who are downloading cracked copies of Adobe Photoshop CS4 from BitTorrent sites that are in danger. According to Mac Security Software maker Intego (who discovered last week’s iWork 09 virus) the Photoshop trojan is a new variation on the OSX.Trojan.iServices virus found last week.

Exploit: OSX.Trojan.iServices.B Trojan Horse
Discovered: January 25, 2009
Risk: Serious
Description: Intego has discovered a new variant of the iServices Trojan horse that the company discovered on January 22, 2009. This new Trojan horse, OSX.Trojan.iServices.B, like the previous version, is found in pirated software distributed via BitTorrent trackers and other sites containing links to pirated software.

OSX.Trojan.iServices.B Trojan horse is found bundled with copies of Adobe Photoshop CS4 for Mac. The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program.

After downloading this version of Photoshop, users will run the crack application to be able to use it. The crack application extracts an executable from its data, than installs a backdoor in /var/tmp/, a directory which is not deleted when the computer is restarted. (If the user runs the crack application again, the Trojan horse creates a new executable with a different name; these random names make it harder to ensure safe removal of the malware.)

The crack application then requests an administrator password, launching the backdoor with root privileges. This copies the executable to /usr/bin/DivX, then creates a startup item in /System/Library/StartupItems/DivX. The program checks to see if it has been launched with root privileges, then saves the root hash password in the file /var/root/.DivX. It listens on a random TCP port, and answers requests such as GET / HTTP/1.0 by sending a 209-byte packet, and makes repeated connections to two IP addresses. Next, the crack application opens a disk image which is hidden in its resource folder, in a folder named .data, and proceeds to crack the Photoshop program, allowing it to be
used.

Since the malicious software connects to a remote server over the Internet, the creator of
this malware will be alerted that this Trojan horse is installed on different Macs, and
will have the ability to connect to them and perform various actions remotely. The
Trojan horse may also download additional components to an infected Mac.

(Anyone else filled with a sick sense of “Apple Pride” that more people are pirating the $79 iWork 09 (20,000 infections) than the $700 Adobe Photoshop CS4? (5000))

If you feel you might be at risk of infection, Intego suggests you run their VirusBarrier program, or if you are feeling lucky, you can wait and hope SecureMac saves you by releasing a free Trojan removal tool, like they did last time. Just don’t do any electronic banking for awhile.

Tags:

SecureMac bails out iWork pirates with its “iWorkServices Trojan Removal Tool”

January 23, 2009 by Dr. Macenstein · 8 Comments
Filed under: Security

“OK kids, Mommy’s going to bail you out THIS time, but if we ever catch you downloading pirated version of Apple software again, so help me you will have no iPhone for a MONTH! Do you hear me?

Thus are the words I assume SecureMac was thinking when it decided to release its “iWorkServices Trojan Removal Tool“, a free utility that will remove the iWorkServices Trojan virus which was spread last week via pirated copies of iWork 09 on BitTorrent sites.

It’s actually quite nice of them, and they even made a cute icon for the tool, but the part of me that pays for software (which is all of me) somehow feels anyone “clever” enough to figure out how to use a torrent site to find pirated software should be clever enough to delve into their infected package contents and pull the virus out themselves. Or clever enough to steal $79 from their parents to buy the darn thing. Didn’t anyone ever tell them not to take candy from strangers? Oh well, enough preaching. If you feel you may have been infected, you can download the tool here.

Tags:

New Mac OS X Trojan Horse found in Pirated iWork ‘09 software

January 22, 2009 by Dr. Macenstein · 22 Comments
Filed under: Security

Attention cheapskates and software pirates! At least 20,000 people have downloaded a pirated copy of iWork 09 from BitTorrent sites containing a malicious Mac Trojan Horse virus, according to security software maker Intego. Upon installation, the OSX.Trojan.iServices.A Trojan Horse, which stows away inside the cracked iWork 09 package, gains read-write-execute permissions for root, and then allows for a malicious user to connect to the Mac remotely. From Intego:

Exploit: OSX.Trojan.iServices.A Trojan Horse
Discovered: January 21, 2009
Risk: Serious

Description: Intego has discovered a new Trojan horse, OSX.Trojan.iServices.A, which
is currently circulating in copies of Appleâ€™s iWork 09 found on BitTorrent trackers and
other sites containing links to pirated software. The version of iWork 09, Appleâ€™s
productivity suite, are complete and functional, but the installer contains an additional
package called iWorkServices.pkg.

When installing iWork 09, the iWorkServices package is installed. The installer for the
Trojan horse is launched as soon as a user begins the installation of iWork, following
the installerâ€™s request of an administrator password (in older versions of Mac OS X,
10.5.1 or earlier, there will be no password request). This software is installed as a
startup item (in /System/Library/StartupItems/iWorkServices, a location reserved
normally for Apple startup items), where it has read-write-execute permissions for root.
The malicious software connects to a remote server over the Internet; this means that a
malicious user will be alerted that this Trojan horse is installed on different Macs, and
will have the ability to connect to them and perform various actions remotely. The
Trojan horse may also download additional components to an infected Mac.

Obviously Intego suggests running their VirusBarrier software (with the latest virus definitions) to catch the Trojan, but we just recommend you actually pay for the real iWork 09 software.

Tags: