How easy is it to stalk celebrities with just an iPhone and Wikipedia? Pretty damn easy, actually
Looks like the iPhone might be the budding paparazzo’s new best friend.
Last month I reviewed Background Check App for the iPhone, the app that lets you perform on-the-spot background checks on virtually anyone, anywhere. It being right before Christmas at the time, I mentioned that I planned to have a little fun by looking up all my family and friends at upcoming holiday parties and blowing their minds with the power of the iPhone.
Well, as it turns out, my family and friends are REALLY boring. Guess what I found when I looked them up? Their addresses, ages, and relatives, all of which I already knew. While I could see the benefit of an employer looking up a prospective employee, or a parent running a quick check on a new babysitter, I soon realized that the app would probably soon end up getting pushed to the last page of apps on my iPhone, and then ultimately end up deleted. However, that all changed yesterday when Read more
Prepare to freak out! iPhone developers are using apps to pass your phone number to telemarketers
Filed under: Apple Bashing, Rumors, Security, iPhone
Our good friends over at the French Mac site Mac4Ever have alerted us to a somewhat alarming development. Apparently a few days after purchasing the Swiss app MogoRoad, a free radar tracking application, users are reporting receiving telephone calls asking them if they’d like to purchase the FULL version of the application. When asked how the caller had obtained their number, the responses vary, but generally the person tells you that Apple sent them their number at the time of purchase.
Obviously this is not the case, as Apple does not forward any information on its customers to third parties, so Mac4Ever did a little testing using the latest iPhone SDK and discovered that it is extremely easy for a developer to send a user’s phone number to their servers without their knowledge. In fact, the hole has been around since the 2.1 firmware.
“But after deep investigation, it appears that programmers are able to retrieve the personal iPhone’s user number, with one unique line of code! This data can then be sent to remote databases, which collect personal information, without notifying the user.
We tried this method quickly with the official SDK: it works !
Readers mostly pointed out mogoRoad , a swiss application that gives traffic information for free. When reading comments on iTunes, it’s clear that a lot of people did receive the famous call as well.
Currently, the buyer explicitly gives its coordinates as Apple. Developer side, Apple is the only interlocutor, and it is impossible to have access to personal data of customers. But the access number is available since firmware 2.1, according to our survey. Moreover, it seems surprising that those responsible for the validation does not check that certain sensitive data, such as phone number, do not pass freely through the internet. This could be the beginning of a real scandal for the firm Iceberg, because nobody knows how many applications currently collecting phone numbers. “
We’ve yet to hear of any reports of this type of data collecting here in the US, but this is exactly the type of thing that tends to freak out privacy advocates (and rightly so, if true), so prepare for this one to spread across the interweb even faster than the usual anti-iPhone news.
Full FileMaker client coming to iPhone - FileMaker 11 coming soon
Despite increased security, a naughty little bird reports from inside the FileMaker conference this weekend giving us a few details about FileMaker 11, as well as news that we can expect a full FileMaker client for the iPhone to drop very soon.
“filemaker for iphone is very near. im at the conference right now. They seem to be very careful n this news and we all had to sign for it too… crazy unlike other filemakers.. also filemaker 11 as well. Some of the new features include grouped layouts, more triggers, and graphs built into filemaker… kinda like bento but much more powerful… we didnt get to play with it yet though… we will see it again I believe the end of conference”
We’ll keep you updated as we learn more.
New Mac Trojan appears in pirated versions of Photoshop CS4 - 5,000 infected so far
I’ve said it before and I’ll say it again, “Just Say No to Torrents, kids!”
Uh oh… another week, another Mac Trojan horse discovered. This time around, it’s folks who are downloading cracked copies of Adobe Photoshop CS4 from BitTorrent sites that are in danger. According to Mac Security Software maker Intego (who discovered last week’s iWork 09 virus) the Photoshop trojan is a new variation on the OSX.Trojan.iServices virus found last week.
Exploit: OSX.Trojan.iServices.B Trojan Horse
Discovered: January 25, 2009
Risk: Serious
Description: Intego has discovered a new variant of the iServices Trojan horse that the company discovered on January 22, 2009. This new Trojan horse, OSX.Trojan.iServices.B, like the previous version, is found in pirated software distributed via BitTorrent trackers and other sites containing links to pirated software.OSX.Trojan.iServices.B Trojan horse is found bundled with copies of Adobe Photoshop CS4 for Mac. The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program.
After downloading this version of Photoshop, users will run the crack application to be able to use it. The crack application extracts an executable from its data, than installs a backdoor in /var/tmp/, a directory which is not deleted when the computer is restarted. (If the user runs the crack application again, the Trojan horse creates a new executable with a different name; these random names make it harder to ensure safe removal of the malware.)
The crack application then requests an administrator password, launching the backdoor with root privileges. This copies the executable to /usr/bin/DivX, then creates a startup item in /System/Library/StartupItems/DivX. The program checks to see if it has been launched with root privileges, then saves the root hash password in the file /var/root/.DivX. It listens on a random TCP port, and answers requests such as GET / HTTP/1.0 by sending a 209-byte packet, and makes repeated connections to two IP addresses. Next, the crack application opens a disk image which is hidden in its resource folder, in a folder named .data, and proceeds to crack the Photoshop program, allowing it to be
used.Since the malicious software connects to a remote server over the Internet, the creator of
this malware will be alerted that this Trojan horse is installed on different Macs, and
will have the ability to connect to them and perform various actions remotely. The
Trojan horse may also download additional components to an infected Mac.
(Anyone else filled with a sick sense of “Apple Pride” that more people are pirating the $79 iWork 09 (20,000 infections) than the $700 Adobe Photoshop CS4? (5000))
If you feel you might be at risk of infection, Intego suggests you run their VirusBarrier program, or if you are feeling lucky, you can wait and hope SecureMac saves you by releasing a free Trojan removal tool, like they did last time. Just don’t do any electronic banking for awhile.
Contest
Advertisement
Macenstein Must-Haves
iPhone Feature Request
