The iPhone has finally succumbed to the hacking efforts of Independent Security Evaluators – but not in the good way that would leave us with an unlocked iPhone. We wish we could kick off the new week with news that the iPhone’s GSM radio has finally been cracked to work on non-AT&T (NYSE: T) networks. Instead we’re going to tell you about the first ever malicious-code exploit on the iPhone.

Apparently, Independent Security Evaluators were able to take full control of their iPhone through malicious code embedded into a webpage. According to a Security Evaluators post, the iPhone user can be tricked into navigating tot he malicious webpage in a few different ways:

• An attacker controlled wireless access point: Because the iPhone learns access points by name (SSID), if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user by replacing the requested page with a page containing the exploit.
• A misconfigured forum website: If a web forum’s software is not configured to prevent users from including potentially dangerous data in their posts, an attacker could cause the exploit to run in any iPhone browser that viewed the thread. (This would require some slight changes in our proof of concept exploit, however.)
• A link delivered via e-mail or SMS: If an attacker can trick a user into opening a website that the attacker controls, the attacker can easily embed the exploit into the main page of the website.

The malicious code can be used to tap into the information stored on the iPhone – call logs, SMS text messages, address book, call history, and voicemail data can all be transmitted to the hacker. And, it’s foreseeable that the code can be changed to execute any of the iPhone’s functions – send mail passwords, send premium SMS text messages, even record audio (although audio recording is not a feature on the iPhone, as of yet).

So, how do you avoid this particular vulnerability from biting you in the you-know-where? Don’t click on any links embedded into emails; only visit trusted websites; never use an untrusted wireless access point and your’re in the clear (at least as far as this exploit is concerned).

On the upside, this vulnerability has already been reported to Apple (NSDQ: AAPL). And, since the iPhone can be easily updated through iTunes, as opposed to waiting for a firmware update, we expect an official patch from Apple before this exploit becomes a real problem. There are no reported instances of any iPhones being subverted using this particular hack, and the malicious code has not been released into the wild – so iPhones are still in good shape.

UPDATE
Video added

Now, we’re just waiting for the even more impressive news that the iPhone has been hacked to work on any GSM network.

Source

We might just have to re-evaluate our position on AT&T (NYSE: T) as a stuffy, old corporate wireless carrier. Just as we started to think that AT&T didn’t care about their customers’ best interests, they go and do something like this. Last Thursday, the leading US wireless carrier completely flip-flopped on their initial position on FCC Chairman Martin’s open access proposal for the new 700Mhz spectrum. AT&T VP Jim Cicconi said that the company fully supports the proposal to ban device-locking practices on the new slice of frequency spectrum.

Strange, the company that brought us the iPhone completely locked to AT&T, would now go against industry protests and actually endorse the open access proposal. Maybe that Congressional sub-committee into mobile phone bundling had something to do with it? We don’t care, we just want an open 700Mhz band – preferably through Google (NSDQ: GOOG) (we’re still suspicious of AT&T controlling the new band, given how poorly they developed their current holdings).

[Via: PhoneScoop]

No specifications, just pictures. More are available from the folks over at Crunch Gear.

Ahh, the HTC Kaiser. We’ve been waiting for this incredible Windows Mobile smartphone for so long now, it’s amazing to think that it’s just around the proverbial corner. With a spec sheet that boasts 3G, QWERTY keyboard (with that super-trick spring-loaded, flip-up sliding screen), WiFi, GPS (!), and Windows Mobile, the Kaiser is as good as Widows Mobile gets.

The HTC Kaiser is the likely successor to AT&T (NYSE: T)’s 8525 (HTC TyTn /Hermes), and rumored to be getting branded as the AT&T 8925. With T-mobile Germany already getting its hands on the Kaiser as the MDA Vario III, we gotta believe that it’s headed for Yankee shores soon. We have reason to believe that the iPhone carrier may release the AT&T 8925 sometime in August. As usual, we’ll keep grinding away at the rumor mill. Stay tuned for more info!

[Via: Tom the Geek]

We’ve said it before, and we’ll say it again. Those intrepid hackers over at fusion.osx86.hu/#iphone are some amazing dudes. They brought us their iPhoneInterface and took control of the iPhone console. Now, they’ve done it again! With the new iASign activation tool, anyone can pick up an iPhone and activate it with any Cingular/AT&T (NYSE: T) SIM card they might have lying around. The guys at HackTheiPhone, the same guys that brought us the step-by-step instructions for getting custom ringtones on the iPhone, have put together another tutorial on how to use iASign.

Keep in mind, the iPhone is still not unlocked for use on any other network outside AT&T’s. But, you can use your existing AT&T SIM or get a cheap, disposable Cingular SIM for some inexpensive, no-strings-attached iPhone action (or you can just activate your iPhone using the prepaid workaround) .

Erica Sadun at TUAW successfully activated and made a call on her iPhone using an old, disposable Cingular SIM. Apparently, data works through MediaNET, but at $0.01 per KB, Google (NSDQ: GOOG)’s homepage will cost you $0.11. We’ll stick with our unlimited $20 iPhone data plan, thanks just the same.

Hit the HackTheiPhone to get the full deets on how to activate your iPhone without any contracts.

Download the new iASign activation tool here.

[Via: TUAW]

With Apple (NSDQ: AAPL)’s rumored negotiation breakdowns with Vodafone (NYSE: VOD) over revenue sharing demands, we all kinda figured that Apple had something worked out with AT&T (NYSE: T) as well. We even suspected the revenue sharing deal prior to the iPhone launch.

And, now Piper Jaffrey analyst Gene Muster states that, “While we do not know the exact details of the agreement, we conservatively estimate that AT&T gives Apple $3 per month (over the life of the 24 month contract) for every iPhone customer already with AT&T and $11 per month for every new subscriber.”

The projected iPhone sales figures of 3.2 million units in 2007, 12.4 million in 2008, and 45.0 million in 2009 are just the start. Revenue sharing only sweetens the pot for Apple – especially once they launch overseas.
[Via: MacDailyNews]

We’ve received word that the LG CU575 “Trax” musicphone will be launching any day now (possibly even tomorrow, July 17th). The successor to the LG CU500 is expected to come to us with a shiny exterior that packs in HSDPA, Video Share, and that trick touch-strip external control.

Engadget Mobile was tipped off to shipments of accessories arriving for this phone, giving us reason to believe that a launch is imminent – and it will indeed be dubbed the “Trax.”

We’ll keep you updated on any developments. Keep checking back for more details!

[Via: Engadget Mobile]

You’re eyes do not deceive you, you read it correctly. Thanks to the ingenious ROM “chefs” over at XDA-developers forums, an AT&T (NYSE: T) branded Windows Mobile 6.0 ROM upgrade is now available for all Cingular/AT&T 8525 owners! The ROM is really just the already available WM6 ROM for the  European HTC TyTn (Hermes), but in AT&T guise. The cooked ROM is about as “official” as you are going to get (for the time being) to an AT&T-released ROM – and it’s free. That’s a word we love to hear.

PTT (Push-To-Talk) feature is a go on this WinMo6.0 ROM – build 3.57.502.1 with a radio version 1.48.00.00 (ROM date stamped 07/10/07).

Brave smartphone modders with an itch for Windows Mobile 6.0 can head on over to the XDA-developers forum for the downlow on how to get your hands on this ROM.  Just follow the instructions carefully, and after having fully read through them – to avoid turning your expensive, high-end smartphone into an expensive, high-end paper-weight.

Wouldn’t it be nice to get your 8525 to look like the picture above? Yea, we thought so – get on it.

[Via: XDA-developers]

Thanks, Tom! 

We want to hear from you. The Into iPhone team wants to get a clearer picture of how widespread and prevalent these EDGE outages are. If you have an iPhone and you are still experiencing intermittent, or chronic, EDGE failures in your neck of the AT&T (NYSE: T) woods, please let us know. Head on over to Into iPhone and leave us comments regarding your frustrating experience.

We’d love to hear your feedback, good or bad.

Into iPhone

Is there anything better than news of a huge corporation getting served the smackdown from a State Supreme Court? Washington State’s Supreme Court just laid down a ruling that effectively loses AT&T (NYSE: T) their roaming-charge class action lawsuit. The class action lawsuit, filed back in 2004 (when AT&T was Cingular), alleges the company of advertising free roaming on AT&T’s network (which was still a separate entity from Cingular) and then reneging on their promise – leading to overcharges ranging from $1 to $40 per month. AT&T argued that the wireless service contracts forbid subscribers from initiating a class-action suit, but the Washington State Supreme Court says differently – banning a class action lawsuit would “effectively den[y] large numbers of consumers the protection of Washington’s Consumer Protection Act,” adding that class actions are necessary to “strongly deter future similar wrongful conduct, which benefits the community as a whole.”

With AT&T main guns taken out of commission, this battle is nearly over. The class action is likely to result in some sort of settlement for Washington State AT&T customers. Well done, Washingtonians! As much as we love AT&T for their iPhone, we love seeing corporations getting “served” a whole lot more.

[Via: Cellular News]