Apple Patches iPhone SMS Security Hole With Software Update Apple has released a minor software update for iPhone, patching a security flaw revealed just yesterday. digg_url = ‘http://digg.com/apple/Apple_Patches_iPhone_SMS_Security_Hole_With_Software_Update’; Security researchers Charlie Miller and Collin Mulliner on Thursday revealed a memory corruption bug that could be easily exploited by crashing an iPhone with a series of invisible text messages, which would then enable a hacker to hijack […]
Apple has released a minor software update for iPhone, patching a security flaw revealed just yesterday.
Security researchers Charlie Miller and Collin Mulliner on Thursday revealed a memory corruption bug that could be easily exploited by crashing an iPhone with a series of invisible text messages, which would then enable a hacker to hijack the device. From thereon, a hacker could control all the functions on the iPhone — most alarmingly, he could send more text messages to hijack even more iPhones.
The researchers demonstrated the SMS security hole at the Black Hat cybersecurity conference in Las Vegas. They also demonstrated the flaw by sending an attack to crash a CNET reporter’s iPhone.
On Friday morning, Apple released iPhone OS 3.0.1. Available through iTunes, the update “Fixes SMS vulnerability,” according to its description.
“We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms,” an Apple spokeswoman said in a phone interview with Wired.com. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.”
Apple moved even faster than necessary to mend the problem: Miller told Wired.com it took him two and a half weeks to discover the exploit. A hacker “really smart and lucky” could take a few days to duplicate the attack, but that’s unlikely because “not many people in the whole world” have these skills, he said.
“Still, it just takes one bad guy a couple of weeks, and every iPhone could be attacked,” Miller told Wired.com in a phone interview.
Nonetheless, Jonathan Zdziarski, another iPhone security researcher, stated he felt Miller sensationalized the problem with this stunt. He noted that many devices have vulnerabilities “in the wild” that nobody has exploited, and it’s unlikely a hacker would’ve devoted much energy to copying Miller’s SMS attack, because there isn’t much to gain beyond annoying iPhone users.
“Every time we find a bug it’s been there for a year or more,” Zdziarski stated. “At the very least it’s been six months, maybe longer.”
Miller acknowledged that the iPhone’s SMS weakness has probably existed for years; he first discovered the flaw in iPhone OS 2.0, which launched in 2008.
“The problem has been in the phone for year, but no one’s known about it,” he said in a phone interview Thursday. “Now that it’s out in the open, [Apple] can fix it.”
Even though it wasn’t the most enticing of the flurry of rumors floated in the FT’s Apple tablet report, the claim that iTunes might grow an eBook arm certainly raised eyebrows. It turns out, though, Apple might actually outsource this one.
This from BusinessInsider, whose source eagerly pooped on the idea of an Apple-run book store:
The answer is no, according to a source connected to the e-book business. Based on our conversation with this person, it seems that any Kindle-killing the Apple tablet does will have to come from third-party e-book sellers, like Amazon (AMZN), Barnes & Noble (BKS), etc.
What pushes this over the line that divides quibbling counter-rumors from Real Interesting Things is a tiny story that’s been unfolding over at Amazon as of late:
The device team has the job of making the most remarkable purpose-built reading device in the world. We are going to give the device team competition. We will make Kindle books, at the same $9.99 price points, available on the iPhone, and other mobile devices and other computing devices.
That’s Amazon honcho Jeff Bezos, explaining his comfort with the idea of hardware from other companies—including Apple, which already tacitly supports Amazon eBooks by way of a Kindle iPhone app—sending customers to the Kindle store. In the absence of an in-house system, a Kindle app for the tablet just makes sense.
In other words, “Jeff Bezos’ worst nightmare” might actually be Jeff Bezos, and not much of a nightmare at all. UPDATE: As commenters have noted, Apple’s biggest precedent for something like this is Audible—an Amazon subsidiary. So! [BusinessInsider]
The followups to Sony’s PRS-700 eBook reader seem to have surfaced in some service manuals dated July 2009. The two readers have these specs:
The PRS-300 will be available in red, black and silver and has a five inch display with 440MB of internal storage (no expandable memory card slots). The PRS-600 will also be available in the same colors, but will also have a more massive six inch touchscreen display, audio output, and MS/SD card compatibility with 440mb of internal storage. No lighting or wireless is mentioned in either of the service manuals, but we are NOT opting that out as a feature at this time until we get some sort of confirmation.
So we’re not sure if it has the backlighting that Wilson hated so much in the PRS-700, but seeing as the model numbers are lower, we’re guessing that this will hit at somewhere below the $400 price tag of Sony’s higher model. Especially since the Kindle 2 is now $300. [Sony Insider]
Video: Geek Spiderman Scales Walls With DIY Vacuum Gloves Spiderman, Spiderman, does everything a spider can! Including, it seems, using home-made vacuum gloves to stickily scale the walls of the BBC’s White City building, a vertical drop of 120 vertigo-inducing feet. In this case, Spiderman isn’t the meek Peter Parker but engineer and Television presenter Jem Stansfield. Looking more like a low-rent steampunk Doc Ock […]
Spiderman, Spiderman, does everything a spider can! Including, it seems, using home-made vacuum gloves to stickily scale the walls of the BBC’s White City building, a vertical drop of 120 vertigo-inducing feet.
In this case, Spiderman isn’t the meek Peter Parker but engineer and Television presenter Jem Stansfield. Looking more like a low-rent steampunk Doc Ock than Spidey himself, Jem clanks his way to the top, in front of a cheering crowd. There’s even a dramatic slip a few yards from the summit.
How did Stansfield manage this trick, a stunt to promote his TV show Bang Goes The Theory? No, he wasn’t bitten by a radioactive vacuum cleaner. Not quite. The suction is being supplied by an old hacked cleaning machine, though, and the pump is evacuating air from his plywood flippers. It’s all delightfully King of the Rocketmen in looks, and if the series continues to be this good it might be worth a quick Mininova search for us foreigners. And as the Beeb warns, “This stunt was carried out by trained professionals following strict safety procedures and should not be attempted or replicated.” Thanks, Aunty!
Think texting while driving is hazardous? How about leaning over to the center console to scrawl “NEAREST BATHROOM!!!!!” on your car’s navigation system with a stylus? Audi’s next-gen A8 includes handwriting recognition to make that hazardous dream a dangerous reality.
We don’t know much about the feature, integrated into Audi’s MMI navigation system, partly because the Google translation of the source comes up with hilarious gold like “The switch salad on the center console is passé.” Is it ever!
The new models will be coming out in November, and it looks like the revamped MMI is focusing on a touchscreen interface to simplify the process of navigation. Hopefully that extends to the odd inclusion of handwriting recognition in a vehicle. [German Car Blog]
Nikon has announced three hot new products this day, and if you’ve been paying any attention to the rumors, you’ll already know what they’re. The biggest news is the new D300s, a video-capable update to Nikon’s top-of-the-range crop-frame DSLR, the D300. We also get a new entry level DSLR, the D3000, and a replacement […]
Nikon has announced three hot new products this day, and if you have been paying any attention to the rumors, you’ll already know what they’re. The biggest news is the new D300s, a video-capable update to Nikon’s top-of-the-range crop-frame DSLR, the D300. We also get a new entry level DSLR, the D3000, and a replacement for Nikon’s pro 70-200 zoom, called the AF-S Nikkor 70-200mm F/2.8G ED VR II.
D300s
So, what’s new? A glance at the camera doesn’t give much away. On the outside you see a camera much the same as the two-year-old D300, and from the front it is pretty much indistinguishable apert from the “s”. Round back, though, things have changed. The rear now looks just like the D700, with the memory-card hatch button gone, replaced by an info button. There’s also a grille which covers the speaker for video playback and the welcome addition of a separate center button in the main control d-pad, plus a dedicated “live view” button.
The screen has also been improved, and is now the same 920,000 pixel model as found in the D700. Finally, there’s a microphone socket hidden under the flap.
On the inside, the biggest change is video, coming in from the same 12.3 megapixel sensor as the old model. It’ll shoot in motion jpeg format, like the other Nikon video-capable DSLRs, but also now in AVI, and it’ll do it at 24 fps and up to 720p. Also new is the ability to auto-focus while shooting video, using the slow but accurate contrast-detection method.
This video means you’ll burn through storage, and the D300s has an extra memory crd slot for you, adding an SD card to the existing CF. You can choose to mirror your images across the cards, use them consecutively or write, say, jpegs to one and RAW to the other, or still shots to one and video the other. Talking of still shots, the D300s will now hit 7fps without an external grip (up from 6fps), and there is a new “quiet shutter” mode, which lets you rattle of shots without flipping the mirror back down between each of them.
In short D300s takes an already great camera, adds video and tweaks a few features. $1800, body only.
The second new camera is way down at the other end of the performance scale, although it manages to pack a lot in for such a cheap DSLR, and surprisingly doesn’t have video. Priced at $600 with the 18-55mm VR kit lens, it costs the same as the D60, and you’ve to wonder why anyone would still purchase the D60, especially as they share the same 10.2 megapixel sensor.
The differences: 11 point autofocus instead of just three, which also brings “3D tracking”, Nikon’s name for spookily following a moving subject and staying locked on, a 3-inch screen (the D60 has 2.5 inches) and a new “guide mode”, which walks the user through the settings step-by-step.
This last looks great, especially in a camera clearly aimed at the first-time DSLR owner. You or I might spend hours, and a few battery charge cycles, digging through menus to discover what goodies lie inside. The normal user, though, is unlikely to stray from the “green rectangle” mode, so anything that stretches them and encourages experimentation is a good thing.
Quite a mouthful, huh? The new pro-zoom replaces the well respected but flawed 70-200 ƒ2.8 lens. And before you ask: yes, the vignetting has been fixed. The lens also gets a “nano crystal coat” to reduce reflections, and has seven (count ‘em) ED elements to do the same thing. It also has upgraded vibration reduction (the VR II part) which gives up to four stops extra room before you begin to get the wobbles. This combined with the fast ƒ2.8 maximum aperture throughout the range means super low-light shooting. $2400
It’s not exactly surprising, but I’m still a little disappointed by the D300s: It’s the same as the D300, but adds 720p video (at 24fps) with stereo input, an SD card slot and a few minor improvements for $1800.
Allowed, my expectations are a little unfair—I wanted the D400, not the two-year-old D300 warmed over. I mean, come on guys, where’s that 1080p video, at least? The D300s will be out later next month, if you are dying for a D300 with 720p video, though.
NIKON D300s revitalizes the standard and measure of agile, pro-level DX-Format d-slr design and performance
MELVILLE, N.Y. (July 30, 2009) – Today, Nikon announced the D300s digital SLR, combining professional-level performance with agility and enhanced D-Movie abilities to deliver a new benchmark for creative versatility. Engineered to leverage proven Nikon technologies, including a 12.3-megapixel CMOS sensor and 51-point autofocus system; the addition of HD video capture; and faster 7 frame-per-second (fps) continuous shooting, the Nikon D300s balances form factor, performance, versatility and reliability for serious pic enthusiasts and professionals.
The D300s retains the photographer-friendly features of the critically acclaimed D300, while enhancing speed, versatility, and agility of the DX-format for a wide variety of photographers, including advanced enthusiasts, wedding shooters and photojournalists. The D300s can record HD video clips and high fidelity audio with an external stereo microphone input, offering users a D-SLR with full multimedia capabilities. Dual card slots afford users the capability to seamlessly record stills and video to one CompactFlash™ (CF) and one Secure Digital™ (SD) card separately, while one-button Live View, a new Quiet Shutter Release mode and Active D-Lighting bracketing help users to capture stunning images like never before.
“Today’s photographer demands excellence and value from high-performance digital SLRs – and the Nikon D300s delivers,” stated Edward Fasano, general manager for Marketing, SLR System Products at Nikon, Inc. “It’s no secret that more photographers need to gather multimedia content. In addition to proven technologies, such as the 51-point autofocus (AF) system and 12.3-megapixel CMOS sensor, we are more than confident that the D300s’ HD motion picture mode, along with a host of additional performance enhancements, will broaden the appeal of the camera to those seeking exceptional still image quality and video versatility.”
The Benchmark of Speed, Performance and Reliability Whether on the front lines of spot news or behind the scenes at a spring wedding, users of the D300s can record HD video clips at 720p resolution with a smooth cinematic 24 fps rate. In addition, the D300s also records high fidelity audio-either with the convenient built-in microphone or by using the external stereo microphone input. Photographers can trim video length on the fly and apply Picture Controls to video, modifying the tone and color. Additionally, users can autofocus while recording video, using contrast detect AF, and do so while composing on the D300s’ bright three-inch 920,000-dot LCD screen.
Nikon’s applauded AF system, with 51 high density focus points, performs even faster and more accurately on the new D300s. The Multi-CAM 3500DX AF module uses 15 cross type sensors to provide unparalleled focus performance across the frame. The D300s offers multiple focus modes, including single-point AF mode, and a dynamic-area AF mode, where users can choose from nine, 21 or 51 AF points with 3D tracking. Additionally, the added Face Detection System lets users instantly zoom in on a human face in playback mode on the high-resolution LCD monitor to check critical focus.
The Nikon exclusive and newly-accelerated Scene Recognition System (SRS) further refines Nikon’s AF performance and light metering. In conjunction with the 3D Color Matrix Metering II system, the SRS uses precise color and brightness information from the 1,005-pixel RGB sensor to propel AF, auto exposure, i-TTL flash control and auto white balance to unprecedented accuracy.
The renowned 12.3-megapixel DX-format CMOS image sensor in the D300s delivers extraordinary image quality and low noise throughout the entire ISO sensitivity range from 200 to 3200 (Lo-1 at 100 and 6400 at Hi-1). The D300s captures image data using 14 bit A/D conversion, processed through a 16-bit pipeline for optimal performance, resulting in images with sharp details and smooth tonal gradations.
The D300s also incorporates Nikon’s exclusive EXPEED™ image processing. EXPEED image processing uses an accumulation of sophisticated Nikon intelligence and technologies to ensure impeccable quality for both still images and movies, while also achieving high-speed processing and low power consumption. When using the included EN-EL3e Li-Ion rechargeable battery, photographers can achieve as many as 950 shots under normal shooting conditions. The optional Multi-Power Battery Pack MB-D10 extends shooting comfort and supports three types of batteries: R6/AA-size batteries, along with Nikon’s Rechargeable Li-ion Battery EN-EL3e and the EN-EL4a Rechargeable Li-ion Battery. It combines added stability with extended shooting of up to 2,950 shots*1 per charge and enables faster high-speed continuous shooting at up to 8 fps*2.
The reinforced magnesium alloy body is lightweight, ruggedly constructed and comprehensively sealed and gasketed against the elements at key points, and the shutter has been proven to a demanding 150,000 cycles. Additionally, the D300s employs the Integrated Dust Reduction System countermeasures that combat the accumulation of image-degrading particles on the optical low-pass filter. World Class Versatility
With the D300s, Nikon introduces the ability to bracket Active D-Lighting (ADL). By localizing tone control, ADL restores shadow and highlight detail typically lost in high contrast situations, such as backlit subjects or while outdoors with strong sunlight. ADL bracketing provides users with the ability to bracket up to five frames of ADL strength to help ensure perfect contrast throughout the frame, putting an end to the guesswork behind the shot with a bride’s intricate white dress and a groom’s tuxedo in the same frame, for example.
Additionally, the D300s features two memory card slots-one CF and one SD, used simultaneously in a variety of configurations to match users’ preferences. Among the many options available, stills and video can record to separate cards or slots can be assigned for JPEG and RAW recording. The D300s offers “overflow” or “backup” modes, and when shooting D-Movie clips, it allows you to select the slot containing the card with the most available capacity. Users can also copy and paste files between cards. Also added to the D300s is a Quiet Shutter Release mode, which substantially reduces the sound of the mirror while shooting. Quickly accessed by selecting “Q” on the release mode dial, this feature is ideal for the photographer who wishes to remain unobtrusive.
To further expand versatility, users have the ability to fine tune their images using Nikon’s Picture Controls to adjust sharpening, brightness, contrast and color hue. The D300s offers users four presets including Standard, Neutral, Vivid and Monochrome; while Landscape and Portrait settings can be downloaded from the Nikon website. While the D300s offers a versatile built-in flash with wider coverage for a 16mm lens, the camera is also compatible with Nikon’s Creative Lighting System and is capable of controlling up to two groups of remote units as a master / commander for Advanced Wireless Lighting.
System Expandability In addition to compatibility with more than 60 NIKKOR lenses and a broad array of system accessories, the D300s will also perform well with the recently announced AF-S NIKKOR 70-200 f/2.8G ED VR II and the AF-S DX NIKKOR 18-200 f/3.5-5.6 ED VR II lenses.
Price and Availability The Nikon D300s camera body will be available at Nikon Authorized dealers beginning in late August 2009 at an estimated selling price of $1799.95.** For more information, please visit www.nikonusa.com.
This is the opposite of surprising if you know what a good, modern cellphone is but Motorola sold about half of the cellphones this year that they did in Q2 last year. That’s still 14.8 million handsets, but we know where that trendline is going if you chart it out a few quarters. On a positive note, Moto handsets have always had some amazing voice quality going on, if calling’s still your thing. [Frommerville]
Text-Message Exploit Can Hijack Each iPhone, Researchers State Security researchers plan to reveal a security hole that would enable hackers to take complete control of an iPhone with a text-messaging attack. digg_url = ‘http://digg.com/apple/Text_Message_Exploit_Can_Hijack_Every_iPhone’; Security researchers Charlie Miller and Collin Mulliner will publicize the exploit Thursday at the Black Hat cybersecurity conference, according to Forbes. The researchers stated the hack involves sending a series of […]
Security researchers plan to reveal a security hole that would enable hackers to take complete control of an iPhone with a text-messaging attack.
Security researchers Charlie Miller and Collin Mulliner will publicize the exploit Thursday at the Black Hat cybersecurity conference, according to Forbes. The researchers said the hack involves sending a series of mostly invisible SMS bursts that effectively hijack an iPhone. From thereon, a hacker could control all the functions on the iPhone, such as e-mailing, dialing contacts — and, most alarmingly, sending more text messages to hijack even more iPhones.
How can you know if you’re being SMS attacked? According to Miller, one giveaway is if you receive a text message containing a single square character. If that happens, he advocates you immediately turn off your iPhone.
“This is serious,” Miller told Forbes. “The only thing you can do to prevent it is turn off your phone. Someone could pretty swiftly take over each iPhone in the world with this.”
Though many customers hail the iPhone as one of the most well designed and versatile smartphones, security researchers have criticized the phone for its weak security. For example, Wired.com recently reported on forensics researcher Jonathan Zdziarski’s discovery that the new iPhone 3GS’ data encryption can be cracked in a few minutes with free software. Because of this flaw, Zdziarski recommended against the iPhone being used by businesses.
Miller and Mulliner stated they contacted Apple about the SMS exploit a month ago, but the company has not released a software update to mend the issue. Apple didn’t immediately respond to Wired.com’s request for comment.
Though the researchers informed Forbes of the SMS exploit, it’s worth noting they didn’t demonstrate it to Forbes. We’ll be convinced this is true once we see it.
If we’d known living in Tron were this easy, well, let’s just a lifelong disfigurement from ramming head-first into a Battlezone cabinet may have been avoided.
One Charles Brand Etching Press owner Tron-ified his hardware with a few rolls of 1/8-inch glow in the dark tape, an X-Acto knife and quite a bit of patience. And while the implementation is certainly a bit laborious, widespread implementation into one’s home would be so much cooler than more nightlights. [printeresting via geekologie]
D3000
AF-S Nikkor 70-200mm ƒ2.8G ED VR II
Entries (RSS)