Snapchat a social networking app popular for sharing photos with friends that self-destruct after a few seconds has had a security breach. The servers of Snapchat were hacked that has resulted in usernames and mobile numbers of over 4.6 million users being exposed and possibly available on the internet.

According to reports, Gibson Security on August 27, 2013 had pointed out flaws in Snapchat’s “Find Friends” feature. The exploits were recently made public and as a result hackers were able to access information from Snapchat servers.

Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.

Snapchat has posted a blog post acknowledging the security breach and explained how the hackers got the information:

… it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.

This security breach is clearly a result of Snapchat not working quick enough to patch the security holes in time. The flaws had been exposed 4 months ago however, the company failed to take action which has now resulted in 4.6 million unhappy users.

The developers are now working on an updated version of the app that will allow users to opt-out of Find Friends feature and will be “improving rate limiting and other restrictions” to avoid such attacks.

Snapchat was recently approached by Facebook for acquisition for about $3 billion however, the company refused the offer. The social networking app to share photos and short video clips is popular among teenagers. Sharing photos without leaving any tracks behind has proved to a successful strategy behind Snapchat’s user base.

Gibson Security has put up a website “GS Lookup – Snapchat” to allow users to check if their details were stolen by entering their username on the website. The site notes that only specific areas of America were included. It also suggests some steps you could take in case your details were stolen.

This is not the first time such a security breach has happened in a social networking application. Recently even Skype was targeted by hackers during the holiday season.

In recent weeks, a plague has overtaken the Mac OS X operating system, called the Trojan Flashback. The Flashback malware allows hackers access to personal information of Mac users, by extracting the info via a security hole in Java as well as other recent social engineering methods. With Java being the main culprit here, Apple has made a quick and decisive move by releasing a removal tool via Software Update on all Macs running OS X Lion without Java installed.

About Flashback malware removal tool

This Flashback malware removal tool that will remove the most common variants of the Flashback malware.

If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed.

In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.

This update is recommended for all OS X Lion users without Java installed.

This tool rids the OS X system of all viruses present in the system, related to the Trojan Flashback malware. Java does not come pre-installed on the Mac, and therefore allows Apple’s removal tool to figure out as to where the virus is originating. The Flashback virus has been a huge issue in the media, with a reported 600,000 Mac users being affected by this virus.

{via MacRumors}

From the dark corners of the Internet comes the news many have been waiting to hear. Tech blog Geekword is reporting famous/infamous iPhone hacker geohot has indirectly leaked the name of his iPhone OS 4.0 jailbreaking tool. According to the report, the domain name limera1n.com is registered to the same owner as blackra1n.com and that owner is geohot of course. Blackra1n is one of the most popular iPhone jailbreaking applications available. It stands to reason Limera1n, with its familiar moniker, is the newest addition to the jailbreaking repertoire.

If geohot has successfully jailbroken iPhone OS 4.0, there are some big implications. This has to be a blow for Apple and the iPad. It is obvious a lot of time and attention was paid to not only the design of the iPad but limiting the avenues of access to it. iTunes is the only way to synchronize media between the computer in the iPad. Input devices are limited to those Apple has sanctioned either explicitly or tacitly by controlling accessories. The only way to get an application on the device is through an Apple controlled storefront. For that matter, you can’t even use the iPad as a standalone device, it must be synchronized with iTunes to function. A jailbroken OS 4.0 means a jailbroken iPad and that means the controls Apple has worked so hard to construct are gone in an instant. Granted, not everyone will jailbreak their iPad, just as not everyone has a jailbroken iPhone, but the option is there now and that will make some people very happy.

Another implication in this report is that hackers are getting faster at hacking. iPhone OS 4.0 isn’t even out of beta yet and a jailbreak exists for it. There use to be some turnaround time involved in hacking but as zero day exploits become more and more common, it shouldn’t be a surprise to any company wishing to construct a walled garden that those that wish to tear it down are quicker and more agile. If geohot did this all by himself, Apple doesn’t need to pursue him, they need to hire him because he’s a genius.

Lastly I think this proves Apple is losing the arms race with the hackers and jailbreakers. Should they try to pursue a strategy of never-ending escalation trying to counter act applications like Limera1n or should they address the issues that underlie it? I’d say 95% of the people that jailbreak now do so to have some choice and decision in how their system operates and what operates on it. Jailbroken iPhones today have multitasking, had copy and paste at least a year before official Apple support, and run the native Google Voice application Apple will be “studying” forever. Instead of building the wall higher around their garden, should Apple throw open the front gate and let everyone in? An Android Marketplace-like iPhone app store would be a hundred times as huge as it is now. If Apple is uncomfortable with that idea for “the sake of the children”, why not even just open up the OS enough to allow for direct download of applications from a URL like Android supports. Apple may not like it but people jailbreak their products for a reason, not just because they’re miscreants living in their mother’s basement with nothing better to do with their time. As long as they don’t address the underlying issues, they will be caught in this arms race with smart folks like geohot who don’t share their world view.

Are you looking forward to jailbreaking your iPhone or iPad running OS 4.0? What additional features or applications would you like to add to such a device? Should Apple continue to fight against the jailbreakers and hackers or resolve the reasons why people jailbreak? Leave us a comment and let us know.

[Geekword] ]]> https://touchreviews.net/limera1n-jailbreak-iphone-4-ipad-app/feed/ 5 https://touchreviews.net/news-roundup-all-things-apple-ipad-touch/ https://touchreviews.net/news-roundup-all-things-apple-ipad-touch/#comments Mon, 12 Apr 2010 21:17:36 +0000 https://touchreviews.net/?p=6046

Last week we skipped the Weekly round up, simply because there was so much going on in the world of iPhone’s and iPad’s and Apple generally. Did you miss it?

What is interesting today as I review the last week is that a lot of the headlines are the same, or at least similar.

The iPhone has been hacked again. But this time it’s iPhone OS 4.0 that’s the victim. The iPad has been launched in the US and that also has been hacked. If you remember it was hacked before it was actually released!

AdMob advertising is now set to turn very firmly towards Android, but not for the reasons that AdMob intended. Most likely now because people developing for the iPhone have iAd from Apple to look forward to.

The iPad is selling well, and as we predicted Apple are having problems keeping the supply lines stocked.
Also Apple has upset a few people with changes to it’s Developer Contract… and caused a few ripples with some of it’s OS 4.0 features…

And the iPad review I think is the best of all at the end of this article.

iPhone hacked again!

As you all know Apple pushed out a Developer Preview of iPhone OS 4.0 on Thursday. It was hacked within hours. It’s clear that the hack was using an existing flaw in the OS, and it’s likely that this flaw will be plugged before the official release. However, the jailbreak method has not been made public yet just in case Apple don’t plug the hole and it can be used for a more significant OS update.

iPad hacked

We reported the week before last that “legendary” hacker Geohot had cryptically announced on his Twitter feed, and also on his blog, that he had potentially hacked the iPad. Since the iPad’s public debut this has been confirmed. Although again, it is not public yet. Other hackers have taken this and run with it, and we have seen videos and images of Cydia (an app that provides an alternative App Store to Apple’s) running on the iPad also.

iAd excites some iPhone Developers

As part of iPhone OS 4.0 Apple has introduced iAd. It’s an in-app advertising system which is native to iPhone OS. And is scheduled to be launched as part of iPhone OS 4.0 in the summer. Because it’s designed by Apple for iPhone OS the generally quality of the integration into iPhone apps promises to be more seamless than offerings like AdMob. And also more ambitious; offering videos which can be watched while your currently running app pauses, if you choose.

I would also guess that advertisers will be more thoroughly vetted than AdMob’s, and as such overall developers and customers can expect slightly higher quality ads. This may result in slightly better revenue for developers too. Whilst developers are still getting 60% of the revenue generated from Apple for ads their apps serve up. The same as from AdMob. I think we’re going to see more premium ads running through a system which Apple holds the reigns of. Expect a lot of developers to jump ship when this comes along, and AdMob to become more dependant on Android and jail-broken iPhones for business.

iPad selling like hot cakes

The iPad has indeed been selling in the 100’s of thousands. We were up to half a million units less than a week after launch when Steve Jobs was able to announce that figure on stage at the iPhone OS 4.0 event. Steve also confirmed that they were having problems keeping the supply line stocked and were working on that.

Apple causes Adobe, Unity and a few others some consternation

The iPhone OS 4.0 developer preview was made available for download right after the “sneak-peek” event last Thursday. In order to get it you had to agree to a new Developer contract. The key part of that developer contract was a clause (Clause 3.3.1) which now restricts what tools you can use to produce iPhone, iPod Touch and iPad apps.

Taken literally it means that things like Adobe’s upcoming tool in CS5 which can produce native iPhone apps from Flash apps is now not allowed to be used to produce products for sale through the iPhone App Store. Technically it also means that hugely successful and popular middleware developer tools like MonoTouch and Unity cannot be used either.

There has been a lot of hot debate in the last few days about how all this will pan out. Adobe have even started talking to government agencies in the US saying that this move by Apple will damage their business model. It’s all got rather ugly.
Steve Jobs has even taken to answering a few emails on the subject. With this to say :

We’ve been there before, and intermediate layers between the platform and the developer ultimately produces sub-standard apps and hinders the progress of the platform.

The bottom line in all this is Apple don’t want Flash on iDevices. There are varying views on why. But from my point of view it’s simply that Flash offers a layer of abstraction away from Apple’s OS that makes the overall experience on iPhones a resource hog, and not something Apple want’s to endorse. There is also some truth to the argument that Flash apps don’t play well with a touch interface as it stands right now. That’s a fault of Flash and not the iPhone OS.

Obviously Unity and other’s are concerned as this rule technically hits them too. I wouldn’t worry about that too much though. Unity and MonoTouch are incredibly successful and I am sure Apple will work with them to find a way they can co-exist on the iPhone OS platform.

This new rule is all about Apple keeping control of it’s eco-system and then administering a level of quality from a clearly defined set of rules which gives them authority over what is allowed on their devices. And it’s all about quality. Nothing more. Nothing less.

Apple also sent some ripples through Social Gaming this week too

Also in iPhone OS 4.0 is the exciting and mysterious Game Center. Some people were concerned that this Apple driven Social Network for gaming, with some very similar features to those networks offered by OpenFeint, Ngmoco and Scoreloop (and also some similarities to XBox Live’s gaming network) would be a death blow for existing iPhone and iPod Touch social networks. This is not the case at all. We have spoken to all those existing networks this week and all have said unreservedly that they welcome Apple’s move, look forward to working with them, and augmenting what Apple offer where necessary, including offering cross platform networking to Android and other networks… So panic over there.

Apple (AAPL) shares just keep on rising:

As of today’s roundup Apple’s shares are at another all time high of $241 each. This is no doubt off the back of all the iPhone OS 4.0 announcements, and iPad sales success. But it’s rumoured that this week Apple will also launch updated portable computers too… It’s certainly a super busy time for the elves in the various Apple workshops around the world!

If you haven’t read it yet, pop over to Ars Technica for their in depth iPad review: The best iPad review so far. If you haven’t; got an iPad, and haven’t read a review yet.

This is the one to drool over : [arstechnica.com]

Let us know your thoughts below. Did we miss anything?

]]>

We reported yesterday that iPhone OS 4.0 had either been jailbroken already, or was on the verge of being jailbroken : [touchreviews.net]

Well overnight iPhone Dev Team member MuscleNerd (@MuscleNerd) managed to complete the jailbreak, and released a video online of his exploits:

In the video we can see a VNC server running on the new iPhone OS 4.0 Developer only Beta release, and his ability to remotely connect, view and control his iPhone from his computer.

We need to remember two things here though :

Firstly, Apple have released this version of iPhone OS 4.0 way ahead of any official launch of the new mobile OS. So they are unlikely to show their hand with any new protection measures, and give hackers advance time to try and work on exploits ready for the official release.

Secondly, the jailbreakers are aware that if they show their hand by making this hack public Apple will certainly plug it before any new release. That is assuming they (Apple) are not already aware of the exploit being used, and don’t plan to plug it anyway.

So don’t expect this to become a publicly available jailbreak solution any time soon. The game of cat & mouse between Apple and Jailbreakers continues. Right now it’s a kind of stalemate.

Let us know your views on these “naughty” hackers, and “oppressive” Apple in the comments.

iPhone OS 4.0 Jailbreak!

As you probably know iPhone OS 4.0 was unveiled in the US yesterday, and was made available for download immediately as a Developer Preview. If you want to have a go then you need to sign up as an Apple Developer, pay $99 and then you’re good to go.

I have it installed on my 3G iPod right now, and it’s fun to play with a new OS, even if it is an early version. General release of the full OS is expected to be in the Summer of 2010.

iPhone hacker “iH8sn0w” has apparently already downloaded the the Developer Preview and said that a jailbreak is possible. At the moment the only details we have are that this hacker might be working on a  jailbreak solution for the new OS in it’s preview form and he has posted the keys online here : [pastie.org]

I suspect a similar solution to the one that other hackers have used to jailbreak iPhone OS3.2 on the iPad and 3.1.3 on the iPod and iPhone.

It’s very unlikely that the actual jailbreak will be made available online until Apple officially launches the new OS to the public though. As I have mentioned before, any time a jailbreak method is made public Apple plugs it pretty  quick.

Anyone else out there playing with iPhone OS 4.0? Let us know your thoughts in the comments. I am preparing an analysis for Touch Reviews which should go online layer today, subscribe to our email updates to know when it goes live!