Security researchers have stumbled across an iPhone SMS bug that could be used by nefarious pranksters to “quickly take over every iPhone in the world.” If that sounds somewhat doomsday-ish, that’s because it kind of is. The iPhone SMS text message bug was discovered by Charlie Miller and his similarly-named research colleague Collin Mulliner. The iPhone bug, says Miller, exploits flaw in the way the iPhone OS processes SMS text messages. Using the exploit, hackers could send a succession of SMS text messages to an iPhone, allowing them to gain complete control of the handset. Hackers can then commandeer the iPhone to send similar text message strings to other iPhones, spreading like wildfire.

“SMS is an incredible attack vector for mobile phones,” says Miller. “All I need is your phone number. I don’t need you to click a link or anything.”

Miller and Milliner plan to reveal the SMS text message security vulnerability on Thursday at the Black Hat cybersecurity conference in Las Vegas. The duo say they’ve alerted Apple (NSDQ: AAPL) to the security hole, but the iPhone-maker has yet to release a patch to the iPhone SMS bug. Once announced to the world, the iPhone bug could potentially allow iPhones around the world to be hijacked in a very short time.

Apple, the ball’s in your court.

[Via: PCWorld]

If you work for a larger business or corporation, chances are your internet use, email, and maybe even your text messaging is monitored. Rules, regulations and ‘compliance monitoring’ seem to be the theme of the day, especially in secure industries. In fact, some regulations demand that electronic messages are archived and monitored at all times. To that end, I’ve been notified of a new software app for mobile devices called ‘TextGuard’.

Without getting into too much detail, here’s what the app can do:

TextGuard secures, manages and coordinates mobile communication and devices, providing archiving capabilities on a secured server remotely accessible by a Compliance Officer or authorized user.  The software allows enterprises to monitor and log the SMS and Pin-To-Pin communications in and out of a corporation’s mobile device fleet.  Search options include keywords, content, sender, and more, and can be customized for each corporation’s needs.  TextGuard offers administrators the option of monitoring an employee’s communications, which prevents loss of corporate data when a mobile device is lost or stolen, or an employee is terminated.

At the moment, TextGuard supports BlackBerry (NSDQ: RIMM) and Win-Mo devices, with a new release coming next month to support the iPhone and Symbian platforms. Keep reading for a full press release after the jump, or head on over to textguard.com for more info.

Read the full article »

SpinVox, one of the big names in white label voicemail transcription services for carriers, could be in trouble as it has come to light that at least some voicemails are transcribed thanks to human ears in the Phillipines and South Africa. The company claims that some non-live listening is required to build the automated algorithms that handle other transcriptions, but they refuse to state exactly how many operations are handled by human versus machines. One call centre employee claims that the entire service is run by people listening in on live calls. The legal implications for such an operation are sizeable, as SpinVox is based in the UK and must abide by European Union data protection laws. Privacy issues, however, will do more harm to SpinVox’s image that call down the legal thunder.

In a statement, the ICO [Information Commissioner's Office] explained there was nothing to prevent Spinvox from using people rather than machines to translate messages. However, it said that “it may be helpful if the company is clearer about the likelihood that people will be used to translate messages”. “This is particularly important if customers are using the service for transmitting sensitive or secure information,” it added.

Listening to how an employee described the calls made it sound like an interesting day at the office, privacy qualms aside…

“We heard the message from the very beginning to the very end. Love messages, secret messages, messages with sexual content, even people threatening to kill each other.”

[via BBC]

Visa Europe has started to run trials of their new mobile service. At the moment, Visa is testing the system on UK staffers to hopefully work out any kinks. The service gives Visa cardholders instant notification via their mobile device when any of their Visa debit, credit or prepaid cards are put to use. Handy if you lose a card, or just want to keep track of your spending.

Senior Vice President of Innovation and New Product Development at Visa Europe, Sandra Alzetta commented:

“With Visa’s mobile alert service, we want to offer cardholders the reassurance of knowing, in real-time, exactly where and when their card is being used. If something looks suspicious, this will give them the power to put a stop to any fraud taking place on their cards.”

When the system is finalized, users will be able to receive alerts via SMS or email… or receive alerts via an installed app. I suppose we’ll be hearing about a new Visa app in the App Store, App World, and the Android Market and more before long! Hopefully such apps would make it easy to connect with your various Visa card accounts, while providing iron-clad security to protect from others accessing your critical info.

[Via: Cellular-News]

A simple update (or so we thought) for Etisalat BlackBerry (NSDQ: RIMM) users over in the United Arab Emirates may not have been what it appeared to be. The update arrived on customers’ handsets via text message, and urged the install for ‘improved performance’. However, after install many BlackBerry users started experiencing crashes and reduced battery life. This urged some investigation into the issue by RIM… and here’s what they’ve found:

“Etisalat appears to have distributed a telecommunications surveillance application… independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone. Independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server.”

Not cool. Spying huh? Yep, not cool. What we know now is that the update installed an app developed by an American company called SS8 (check out their website…).

This all sounds fishy, and Etisalat has not commented directly on the issue as of yet. All they’ve noted thus far is problems users are experiencing are because of a ’small technical fault’… and that this update was ‘required for service enhancements’. Explain yourself Etisalat. Please.

[Via: BBC]

Forcing inmates to smuggle handsets like this would be a good deterrent.

Jamming cell phone signals in prison sounds like a good idea, on the surface. But, dig a little deeper, and you’ll quickly realize that the government-mandated wireless jamming bill is full of pit-falls and dangerous loopholes. The plan to jam cellular signals in prisons is so controversial that public interest groups have taken action with protests against the wireless signal jamming bill.

It’s true that cellphones pose a major problem for prisons. Inmates can use easily-smuggled (sometimes quite creatively) and even more easily-hidden mobile phones to communicate with the “outside.” With nothing more than a basic cell phone, convicted criminals can order “hits,” manage drug dealings and even threaten US Senators. That last part is no joke. A convicted murderer used a cellphone to call Texas state Senator John Whitmire with complaints of his poor treatment on Death Row.

The problem has gotten bad enough to prompt Texas Senator Kay Bailey Hutchinson to introduce a new bill that would legalize the use of cellphone jammers in prisons (this technology has been otherwise banned by the FCC for its potential danger to public safety) – the Safe Prisons Communication Act of 2009.

Public interest groups have come out against the bill, warning the Senate Commerce Committee that the jamming bill would result in collateral damage to legitimate cellphone users. Instead, the CTIA suggested that prisons could use cell-signal detection systems to help correctional facilities track down offending cellphones. The signal-trackers can pinpoint the location of an unauthorized cell signal, allowing authorities to confiscate the device or monitor communications to and from that cellphone for investigative purposes.

The bill could have long-lasting ramifications that may prove detrimental to public safety and civil rights. If anything, the government’s threat of cellphone jamming legislation has spurred the private sector into action. As Slate puts it,” Is industry better than government at coming up with creative, pinpoint solutions? Yes. Will industry do this without the threat of clumsy, burdensome government intervention? No.”

[Via: Slate]

HTC Touch Diamond, Touch Pro and Touch HD users worried that their Windows Mobile smartphones are open to Bluetooth hacking can now rest easy. HTC has posted a Bluetooth patch that promises to close a security hole that allows nefarious Blue-hackers to gain access to your HTC WinMo handset’s file-system. Once hackers have access to your phone, they can basically do whatever they want without your permission.

Grab the HTC Bluetooth patch here. We recommend all HTC Touch Diamond, HTC Touch Pro and HTC Touch HD users get this patch. Oh, and one more thing, the Bluetooth patch isn’t going to replace common sense.

First off, don’t ever accept Bluetooth connections from untrusted or unknown sources. Especially if you own a Windows Mobile 6.0 or 6.1 smartphone from HTC. As long as you keep an eye on your Bluetooth connection, you’ll be fine. Otherwise, you might end up getting your WinMo-powered HTC device hacked via Bluetooth.

The problem: HTC uses the same hack-able Bluetooth driver in many of its Windows Mobile handsets, including the Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740. This “obexfile.dll” driver is an HTC-specific driver that is vulnerable to “a directory traversal vulnerability in the Bluetooth OBEX FTP Service,” according to security boffin Alberto Moreno Tablado. HTC WinMo devices with Bluetooth and Bluetooth file-sharing enabled are at risk.

What can you do to prevent this from ever happening? Well, like I mentioned above – DO NOT accept untrusted Bluetooth connection. Disable file-sharing over Bluetooth for that extra layer of security. You’ll also want to delete your list of previously paired devices, as nefarious hackers can masquerade as a trusted device in order to gain access to your phone.

It’s unclear if HTC will issue an updated Bluetooth driver.

[Via: PCWorld]

The flood of copyright infringing Chinese clones entering the mobile market has been a bane on major cellphone manufacturers around the world. To date, the Chinese government has been largely hands-off on their flourishing counterfeit mobile phone market. Authorities in India have taken a stab at banning fake Chinese handsets, and it seems Taiwan is also taking matters into their own hands. The Taiwanese National Communications Commission has kicked off a new initiative that will fine anyone trying to bring Chinese counterfeit phones into the country. Any resident of Taiwan risks a fine of up to 300,000 Taiwanese dollars (about $9,055) for bringing in five or more “shanzai phones,” as they’re known to locals, into the country. Taiwan will also levy the fine against anyone importing more than two “shanzai” cellphones through mail.

Fake phones aren’t just an annoyance to big corporations looking to protect their trademarks. These counterfeit phones lack any of the tracking identification numbers that helps keep cellphones out of terrorist hands. “Shanzai” phones can’t be tracked and can’t be monitored, so they pose a serious security risk.

Taiwan’s stance on fake Chinese phones might not be as drastic as India’s, but it’s a step in the right direction. With a little luck, we’ll see more and more countries helping the cause and curtailing sales of Chinese counterfeit phones.

[Via: UnwiredView]

Subscribe to Saturday Morning Breakfast Cereal because he simply rocks:

Enjoy your day.