Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: iPhone can phone home and kill apps? - says yes
From: David Farber <dave () farber net>
Date: Fri, 8 Aug 2008 09:01:20 -0700


________________________________________
From: Bob Frankston [Bob19-0501 () bobf frankston com]
Sent: Friday, August 08, 2008 11:06 AM
To: David Farber; 'ip'
Subject: RE: [IP] Re:   iPhone can phone home and kill apps? - says yes

The question is why is OS/X on the iPhone so vulnerable and, for that matter, why are the cellular protocols so 
vulnerable.

We were able to innovate at the edge of the POTS phone system because the Red/Green wire was such a simple interface 
but even then the system had to be modified because a simple 2600Hz signal would give access to the control plane. And 
it was modified because the alternative – banning the Cap’n Crunch whistle was not a viable option.

I can understand why one has to protect a fragile system. The question is why are we continuing to use a fragile system 
that must prevent disruptive innovation.

Remember that the power of the US First Amendment is in rejecting the idea that we have to predetermine what is good 
and what is bad speech or innovation.

This also goes to the larger issue of making it safe to run others’ applications on your computing devices – they 
needn’t be malevolent to cause problems. They need only have their own interpretation of correct behavior that fails in 
a novel context.

But there’s nothing new about this – we are always vulnerable to those who prey upon us a simply give us bad advice. 
The alternative is authoritarian rule and that hasn’t worked out well in the long run or even the medium run no matter 
how benevolent.



-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Friday, August 08, 2008 04:18
To: ip
Subject: [IP] Re: iPhone can phone home and kill apps? - says yes





________________________________________

From: Jon Adams [n7uv.jon () gmail com]

Sent: Thursday, August 07, 2008 10:09 PM

To: David Farber

Cc: ip

Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes



There is a cellular-operator-led group called OMTP (Open Mobile

Terminal Platform) Alliance (www.omtp.org). This group has a strong

interest to establish an environment in the handset that is conducive

to being "open" to run new, standardized applications, not installed

at buildtime, that are "compatible" with the operator's network,

marketing needs and customer base, yet to be able to quickly to

sequester applications when they are found to be incompatible

according to the operator's interpretation.



From my point of view as a cellular platform security architect, this

is an important tool to prevent the handset from becoming the next

playground for malware/phishware/pharmware. It's been demonstrated in

the past that aggregations of cellphones that are not playing nice

with the network have a strong potential to take down the network and

that there's real potential for that cellphone to become an e-wallet

and carry vital financial information. Cellular networks in general

are sparse, sometimes operating close to failure under peak

conditions. Minor hacks to that network delivered via a few cellphones

can do some impressive inconvenience.



This tool allows the operator (or potentially manufacturer) to

remotely enable and disable functionality, potentially get an idea of

exactly what software apps are on the phone, and to be able to execute

as necessary a blacklisting of applications deemed to be incompatible.

This decision is not one where you as a consumer will likely have much

of a say except to walk away from that carrier. But from the carrier's

PoV, it's a necessary tool to protect network resources and to ensure

that others customers are impacted as little as possible. However,

like all things, it may be used in ways according to other

motivations.



Cheers - Jon





On Thu, Aug 7, 2008 at 9:45 AM, David Farber <dave () farber net> wrote:

Nor to the best of my knowledge in S60

________________________________________

From: Lauren Weinstein [lauren () vortex com]

Sent: Thursday, August 07, 2008 11:34 AM

To: David Farber

Cc: lauren () vortex com

Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes



https://iphone-services.apple.com/clbl/unauthorizedApps



And that's with the assumption that this URL (seems bizarre to make

it so easily identifiable) is what it appears to be.  If so, it

should be possible to block in various ways (but are there hidden

alternative paths?), though if the phone can't reach that URL for too

long an interval maybe it "bricks" itself eventually.



And what happens to an "unauthorized app"?  Does this vary based on

severity as determined by the phone's remote regal masters at

Apple?  Put up a warning message?  Block program execution?  Delete

the program?  Melt the phone?  Or maybe just a voice announcement

("You have attempted to execute a program not authorized by Apple,

Inc.  Please stay where you are until authorities arrive at your GPS

determined location.")



As far as I know anyway, nothing like this has ever appeared in the

Microsoft mobile platforms (e.g. WM5 at least).



--Lauren--

Lauren Weinstein

lauren () vortex com or lauren () pfir org

Tel: +1 (818) 225-2800

http://www.pfir.org/lauren

Co-Founder, PFIR

  - People For Internet Responsibility - http://www.pfir.org

Co-Founder, NNSquad

  - Network Neutrality Squad - http://www.nnsquad.org

Founder, PRIVACY Forum - http://www.vortex.com

Member, ACM Committee on Computers and Public Policy

Lauren's Blog: http://lauren.vortex.com



 - - -



Ot is interesting -- when Microsoft was suspected of being able to do the same type of thing, that is disable apps 
that it considered improper or damaging, t

here was a yell that was heard around the world. Apple , with it shiny armor, gets mild noice. Hmm. djf

________________________________________

From: ed.well.com () googlemail com [ed.well.com () googlemail com] On Behalf Of Edward S. Rustin [ed () well com]

Sent: Thursday, August 07, 2008 2:43 AM

To: David Farber

Subject: Re: [IP] iPhone can phone home and kill apps? - says yes



To take the other side of the argument - just because Apple =can=

blacklist applications doesn't mean it =will= blacklist applications.



Surely it should not be a surprise that it's possible for applications

to be blacklisted, but I would be very surprised if the mechanism

exists (and that's assuming that it really does exist, rather than

this just being an unused setting tucked away in the code - has

anybody actually seen an iPhone/iPod Touch access this URL?) for any

purpose other than to kill a malicious application which somehow made

it through the Apple review process.



We've already seen that applications can be pulled from the App Store

without affecting any of the existing installations - NetShare and

Aurora Feint for example, so it doesn't look like Apple is interested

in blacklisting an application just because it retroactively failed

their review process.



Now take the example of an iPhone worm, or an application which had a

flaw that caused it to interfere with cell phone traffic, or a Trojan

Horse, say a game which also just happened to send your personal data

back to a server somewhere. In those cases would you not expect Apple

to be able to remotely kill the Application, or should they just leave

it be and hope that every iPhone user can just be persuaded to

uninstall it?



On Thu, Aug 7, 2008 at 1:24 AM, David Farber <dave () farber net> wrote:



http://www.iphoneatlas.com/



ççiPhone can phone home and kill apps?



Posted 6 August 2008 @ 11am in News



Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via

which the device can phone home, check for unauthorized applications, and

disable them. The OS includes a URL that points to a page containing a list

of unauthorized applications, specifically:



https://iphone-services.apple.com/clbl/unauthorizedApps



Per Jonathan Zdziarski, author of the book iPhone Open Application

Development and an iPhone Forensics manual:



"This suggests that the iPhone calls home once in a while to find out what

applications it should turn off. At the moment, no apps have been

blacklisted, but by all appearances, this has been added to disable

applications that the user has already downloaded and paid for, if Apple so

chooses to shut them down.



"I discovered this doing a forensic examination of an iPhone 3G. It appears

to be tucked away in a configuration file deep inside CoreLocation."



Posted 6 August 2008 @ 11am in News



Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via

which the device can phone home, check for unauthorized applications, and

disable them. The OS includes a URL that points to a page containing a list

of unauthorized applications, specifically:



https://iphone-services.apple.com/clbl/unauthorizedApps



Per Jonathan Zdziarski, author of the book iPhone Open Application

Development and an iPhone Forensics manual:



"This suggests that the iPhone calls home once in a while to find out what

applications it should turn off. At the moment, no apps have been

blacklisted, but by all appearances, this has been added to disable

applications that the user has already downloaded and paid for, if Apple so

chooses to shut them down.



"I discovered this doing a forensic examination of an iPhone 3G. It appears

to be tucked away in a configuration file deep inside CoreLocation."



________________________________

Archives







-------------------------------------------

Archives: https://www.listbox.com/member/archive/247/=now

RSS Feed: https://www.listbox.com/member/archive/rss/247/

Powered by Listbox: http://www.listbox.com









-------------------------------------------

Archives: https://www.listbox.com/member/archive/247/=now

RSS Feed: https://www.listbox.com/member/archive/rss/247/

Powered by Listbox: http://www.listbox.com









-------------------------------------------

Archives: https://www.listbox.com/member/archive/247/=now

RSS Feed: https://www.listbox.com/member/archive/rss/247/

Powered by Listbox: http://www.listbox.com



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]