Bluetooth - The Weakest Link

Security researchers attention goes to the Bluetooth bug in iPhone. On Friday, Symantec's DeepSight threat network team pointed out the vulnerability in an advisory to customers.

According to the security team, the Bluetooth flaw occurs when malicious SDP (Service Discovery Protocol) packets are handled. Thus, any attacker within Bluetooth range can exploit the vulnerability remotely and execute arbitrary code on the device.

In order to exploit the iPhone Bluetooth vulnerability, the Bluetooth MAC must be known. However, with iPhone this is extremely easy. The iPhone Bluetooth MAC address is always one less than the Wi-Fi interface's MAC address. So, a standard WiFi sniffer does the job here.

According to Apple's security advisory, the Bluetooth vulnerability was discovered and reported by Kevin Mahaffey and John Hering of Flexillis Inc., a Los Angeles-based company that specializes in mobile security development and consulting.

Most people do not consider Bluetooth vulnerabilities seriously. This can be attributed to the belief that Bluetooth is not a long-range wireless technology. However, possible working range of Bluetooth is far longer than most people believe. With specialized antennas it is possible to achieve 200-300 meters, sometimes even more.

The Latest iPone News

What makes iPhone different from other gadgets (kill me but I can't call iPhone a cell phone, it's really more than just the next cell phone) is that like the iPod, it can be easily updated by Apple with new features and bug fixes. Every time you plug your iPhone into your computer, updates, if there are any, are automatically downloaded into the phone. So, Apple was quick enough to issue the first update. Not only did the update fix a number of issues, but added some minor but interesting new features to the phone. You can find more details about the new features at Walt Mossboerg's blog.

Do you love your iPhone? I bet you do, who doesn't? Do you have a story to share about it? I bet you do, you must have one. That is why Apple has setup a special page where you can share your story about your iPhone experience with the rest of the world.

While you are enjoying your miracle gadget, some folks "work" hard to unlock iPhone. It looks like they are one step closer to their aim. Unlocking iPhone is inevitable, it is just a matter of time. Apple and AT&T may of course introduce additional security measures but the iPhone Dev Team will be a step ahead. Why should not you be able to use iPhone with other carriers? Do you have an answer? Dare to share it with us? Very good. Post them in the comments.

This post has been featured on BLOGVASION.COM

Old Code Problems in a New iPhone

Charlie Miller of Independent Security Evaluators was the first person to crack Apple's much hyped iPhone. The vulnerability was found in an old, buggy part of the Safari browser, in the old Perl Regular Expression Library (PRCE) in Webkit. The regular Mac OS X Safari as well as the Windows beta version of the browser were also at risk.

I have been using the Windows beta since its release. While I had noticed a number of bugs, I could not assume the software had such a severe problem. So if you use the Safari browser - whether on a Mac, PC, or iPhone - be sure you update it with Apple's just-released patches.

This incident with iPhone once again makes me think that in computers there is no such a thing as absolute security. All systems are vulnerable and all systems have bugs. However, it is important that the developer quickly reacts to eliminate security problems (Apple was very quick indeed).

This post has been featured on BLOGVASION.COM