Blog: iPhone

There is a new iPhone worm that uses the insecure SSH service installed on jailbroken iPhones.  Last week, there was discussion about an attack on iPhone users in the Netherlands where the attackers demanded owners pay 5 EUR to get rid of the Trojan.

"Jailbroken" (or hacked) iPhones or iPod Touch devices are devices where users have bypassed Apple's official distribution and are running unofficial code.  Once an iPhone or iPod Touch is jailbroken, users are able to download various applications previously unavailable through Apple's App Store from unofficial installers such as Cydia or Rock App.

To learn more, visit http://isc.sans.org/diary.html?storyid=7549

Initial symptom:  After pairing an iPhone using Bluetooth, Windows 7 would show the phone icon with a yellow exclamation point stating it could not find a driver for Bluetooth Peripheral Device. 

To fix this and get tethering to work over Bluetooth, go to the properties of the phone in the Bluetooth devices and click on Services tab.  Uncheck “Wireless iAP” (wireless internet access point).  Windows will stop saying that it needs a driver and you can right click on the phone and select “connect using -> access point”.

One of my few frustrations with my new iPhone was battery life – it seemed I had to charge my phone every day.  So, I googled to see if I could find some tips on how to increase my iPhone batter life.  While searching, I found a link from Apple (http://www.apple.com/batteries/iphone.html) with the following tips that helped with preserving the battery life of my iPhone:

1. I implemented the following recommendations, and it has made a difference in my battery life – I even went a little over two days without charging on one occasion…
   Disable WiFi & Bluetooth when not needed
2. Disable unnecessary sounds (i.e. audio keyboard clicks)
3. Enable Auto-Brightness (note: uses the camera to automatically adjust the screen’s brightness)
4. Store the iPhone at room temperature & do not expose it to direct sunlight (exposure to heat causes damage to lithium-ion batteries due to intense ionization)
5. Turn off location services when not needed
6. Turn off EQ (equalizer setting for song playback)

Progress. Innovation. One small step for man. Call it what you will but the advancement of software usually comes at a price with some bumps along the way. Apple, while a good company that puts out a good product, is mortal like the rest of us and as such is subject to the same development bumps and bruises. That was my experience this week when an executive assistant at one of our clients came to me in a panicked state saying “Help! I just sent out a meeting invite to over 30 executives and it keeps sending the invitation over and over and over again! People are getting upset!” [more]

Immediately I put together a lineup of potential offenders and began working my way through:

1. Exchange message queues
2. Online spam filter reinjection
3. Notification of meeting change/update
4. Corrupt/Malformed meeting event
5. Possible wrong address in the list (we’ve seen this happen before) 
6. MAPI profile/client issues.

Troubleshooting:

1. An inspection of the Exchange queues revealed nothing out of the ordinary, and the Exchange logs showed that each repeated meeting request appeared to be a new/separate message that was being received (and dutifully sent out) by the Exchange server. Nope, that’s not it.
2. Online spam filter reinjection into Exchange was not a possibility since every recipient was internal… the spam service never saw the message. Innocent.
3. Since the same meeting was supposedly being re-sent, I thought that it may be possible that the meeting would re-send whenever a user would update/respond to/propose a new meeting time for the calendar event. After looking at the executive assistant’s sent items as well as the inboxes of several attendees, none of this was true… the meetings were actually being re-sent. Strike three. 
4. Thinking that there may be some oddity in the meeting event such as a reoccurring event, I had the user delete the meeting then recreate it while I watched. I noticed the user used a distribution list when inviting attendees.
5. Some of our engineers have seen some quirks when using a distribution list with incorrect/invalid email addresses. I had the user recreate the distribution list from scratch, populating it only by clicking on addresses in the Global Address List. Re-created the meeting with new distribution list. Same behavior.
6. Thinking that the problem may be a MAPI profile issue due to the Exchange logs indicating that each message was a separate submission from the client, I went to the user’s office to rebuild their MAPI profile. In doing so I realized that the user was on a thin client. Before building her Terminal Server MAPI profile I asked the user what time she had left the previous day. She said she left right at 5:00pm and had logged off of the Terminal Server at that time. The last meeting that was resent went out at 5:14pm. Hmmm…

Solution:

At this point I had seemingly ruled out the client aspect as well as the server aspect of the problem, what could be left? Blackberry! I asked the executive assistant if she had a Blackberry, thinking that surely the Blackberry Enterprise Server was the guilty party since the problem was happening when she was logged out. “No, I don’t have a Blackberry… a couple of months ago I got an iPhone instead.” At this point I was getting desperate so I asked her to power off her phone for the remaining 6 hours of the workday. Magically not a single meeting invite was sent out. After that I asked her to power it on. Immediately a repeated meeting invite was sent! I asked her if anything had changed on her phone recently to which she replied ,”actually, I just upgraded my phone this weekend to the new 3.0 iPhone OS”. A quick Google confirmed that other users who had upgraded to the 3.0 Apple iPhone OS and had sent meeting requests to a distribution groups had experienced the same problem. A call to Apple support yielded no help as a “Product Specialist” (referred to as “iPhone Ninjas” by Apple Tier 1 support, no joke) told me that they don’t have any record of that happening to anyone else, call Microsoft since it’s an Exchange account.  So, until iPhone OS 3.1, it looks like users will not be able to use distribution groups when creating meeting requests. Isn’t there an App for that?

I was experimenting with options for iPhone passwords - those enforced from the Exchange server.  I created a custom mailbox policy that required alphanumeric passwords.  I fiddled with it a while to see what the options meant and then went back to the original policy that just required a 4-digit PIN.  However, I was unable to go back to a numeric PIN (it kept requiring 4 characters including a special character) until I Reset All the iPhone settings (which erased my e-mail setup, network settings - including the WPA key, etc.).

The iPhone currently supports the following security policies from Exchange (note: you must have Exchange Server 2003 SP2 or Exchange Server 2007 SP1 or greater):

• Remote Wipe
• Enforce password on device
• Minimum password length
• Require alphanumeric password
• Require complex password
• Inactivity time in mimutes

When you perform the remote wipe from Exchange, it restores your iPhone to factory default (note: this could take up to an hour).  The gotcha – after you perform remote wipe, be sure to “remove mobile device partnership” with your iPhone; otherwise, the next time you try to sync with Exchange it will wipe (restore to factory default) again . . .

Hackers calling themselves the iPhone Dev Team got ahold of the new firmware that ships with the SDK (version 1.2 as beta, but is to be released as 2.0 to the public) and reported they had "already decrypted the disk image and jailbroken the firmware." The "Jailbreak" apparently only works with hacked activiation, meaning it currently doesn't work with AT&T iPhone's. [more]

To read more, visit http://www.modmyifone.com/forums/showthread.php?t=62591 or http://www.informationweek.com/news/showArticle.jhtml?articleID=206903250