iPhone SMS vulnerability

Security researcher Charlie Miller made clear that there was a significant vulnerability in the iPhone’s SMS system, a flaw that could “allow an attacker to remotely install and run unsigned software code with root access to the phone.”

Given the hype surrounding Apple’s iPhone, we’re actually surprised that we haven’t seen more holes to plug over the years. In fact, the last major iPhone exploit to take the world by storm happened right around this time two years ago, and now — thanks to OS X security expert Charlie Miller — we’re seeing yet another come to light. Over at the SyScan conference in Singapore, Mr. Miller disclosed a hole that would let attackers “run software code on the phone that is sent by SMS over a mobile operator’s network in order to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.

According to Miller, the attack “exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service),” but due to a prearranged agreement with Apple to keep the details out of the press, he refused to say more. In fairness, we’re glad that he’s passing the evidence onto Apple for it to mend up the problem before it becomes something more serious.

White iPhone 3GS suffering heat and discoloration

The problems of overheating have several times been reported in the past by some owners of iPhone. It seems that the iPhone 3GS have also inherited this problem …

In fact a new owner reports that the temperature of its iPhone 3GS (M4E) (Note: 16 GB white) brand new greatly increased during the use of multiple software operating the device’s GPS chip and 3G connection, so that marks heater appeared on the back of his iPhone 3GS (JDG)

Palm Pre gets upgraded to 1.0.4

We don’t know exactly what’s new yet, but Palm’s released firmware version 1.0.4 for Pres on Sprint (not to say there are any other Pres out there at the moment, anyhow). Stay tuned for details.

Update: Looks like the only changes here address security vulnerabilities — and interestingly, Palm gives a shout-out to Townsend Ladd Harris (a Pre homebrewer no less) who helped find them. Cheers to that.

Update 2: Sadly, Palm’s plugged the hole that allowed homebrew apps on the phone without a jailbreak, though software you’ve already installed on the phone will continue to work. The hole that’s been plugged was admittedly dangerous to leave open (installing apps via a link in email), though rooting and installing otherwise remain unchanged as far as we know.

Palm About licensing webOS and Palm Pre App Store

Palm says licensing webOS “not a religious issue”

Palm had its quarterly results conference call yesterday and although CEO Jon Rubinstein and CFO Doug Jeffries kept a pretty tight lid on the future product talk, they did say that licensing webOS to third parties isn’t “a religious issue for us.” That’s pretty vague, sure, but we can’t help but immediately think back to the golden age of Palm OS, when licensees like Sony put out amazing devices like the Clie PEG-NZ90 that we’ve lovingly mocked up with a webOS screenshot above — we’re sure Palm’s upcoming handsets will be interesting in their own right, but we’d love to see a manufacturer like HTC riff on webOS the way it’s tweaking Android. Of course, Jeffries also said Palm has “no plans at this time to even talk about” licensing, so this is all just a pipe dream for now, but let’s not ruin the moment, okay?

Palm Pre App Store May Become Community Driven?

Palm execs hinted at some surprising trends in their quarterly earnings call yesterday, including a community-driven approach to application discovery and the possibility of licensing the Palm OS to other manufacturers.

Although the Palm Pre has had a million applications downloaded, so far there are still only a few dozen apps because the device’s software development kit (SDK) hasn’t been made fully public. The company is still “tweaking some things” in the SDK, Palm CEO Jon Rubinstein said, and will open up the SDK to “thousands” of developers within the next few weeks.

More intriguingly, though, Rubinstein hinted at some sort of community-driven element to Palm’s app store which will set it apart in the future.

“As you get large numbers of applications, you know, discovery and finding applications that are interesting to you becomes more and more difficult, and so we hope to use much more of a community approach to solving that problem,” Rubinstein said.

What could that be – some sort of wiki, maybe? Searching based on user recommendations? We’ll have to find out in the future.

Execs also hinted at the possibility of licensing their WebOS to other manufacturers. While they haven’t decided to do so, “it’s not a religious issue for us,” Palm CFO Douglas Jeffries said.

Palm long ago licensed their Palm OS to third-party manufacturers, most notably to Sony to create that company’s Clie line of PDAs.

Apple: We will not distribute pornographic apps

Following yesterday’s report of an iPhone app touting nudity as one of its selling points, Apple has released a statement saying it will not distribute such applications. Hottest Girls from developer Allen Leung was pulled from the store yesterday afternoon following widespread publicity of the app’s new adult content; the developer blamed the app’s disappearance on heavy server loads. “The server usage is extremely high because of the popularity of this app. Thus, by not distributing the app, we can prevent our servers from crashing… Yes, the topless images will still be there when it is sold again,” said a statement on Leung’s website. It appears, however, that Apple may have had a hand in its removal, and will likely not allow the application back on the App Store in its current form

If there’s one thing we can decisively say about iPhone users — and everyone else, for that matter — it’s that they shouldn’t see naked people, even if they want to. Ever. Apple agrees, and it turns out that they were responsible for the removal of the Hottest Girls app after all, contrary to a statement by its developer that the app had tapped out his server which supposedly forced him to ask Apple to pull it while he ramped up capacity. Apple released a statement today confirming this, but here’s where it gets interesting: the company says that “the developer of this application added inappropriate content directly from their server after the application had been approved and distributed” — in other words, the guy pulled a bait-and-switch on Apple by serving different content to his app after it had been approved using more PG-rated content. Look, we’re all for filling our iPhones with gigabytes upon gigabytes of stuff that would make us especially anxious to trigger the Remote Wipe feature if we were to misplace it, but we’ve got to admit — the dude went about it the wrong way here, Apple caught him, the world keeps turning. Come on, it’s not like you don’t have thousands of naughty pics in a folder cleverly named “recipes” that you can just sync anyway.

PSP Go released at E3

Just as expected, Sony just announced the PSP Go at E3. The slider handheld has a 3.8-inch LCD, 16GB of internal storage and built-in Bluetooth, all in a case 50 percent smaller and 40 percent lighter than the original PSP-1000, we’re guessing this weight savings is directly attributable to the loss of the UMD drive. The PSP Go doesn’t have a UMD drive, games will instead load in through the Memory Stick Micro slot or over PlayStation Network. New PSP titles will be distributed through both UMD at retail and online simultaneously, Sony’s beefing up the desktop client and renaming it Media Go for easier access and syncing with Playstation Network media, but you’ll be able to get PSN content directly from the Go as well. The PSP’s music features have also been beefed up with a new auto-playlist feature called Sense Me, which sounds a lot like Pandora or iTunes Genius playlists, and there’s a new video delivery service being rolled out.

The Go will be $249 when it launches on October 1ST in North America and Europe, and November 1 in Japan. Sony’s showed demo videos with both black and white versions, but that’s not confirmed yet.

Here are the highlights of the detailed specifications, Sony Provide:

* Approx. 128 x 16.5 x 69 mm (width x height x depth)
* Weight: 5.6 ounces (including battery)
* 3.8-inch display (480 x 272 resolution)
* CPU: 333MHz
* 64MB memory
* 802.11b WiFi
* Bluetooth 2.0+EDR
* USB 2.0
* Memory Stick Micro slot
* 16GB storage
* Analog video out
* Built-in stereo speakers and microphone