This is unfortunately another story we missed out on while we were trying to keep things from burning down. We told you that [Jonathan Zdziarski] was going to demonstrate iPhone lock code bypassing in a webcast. The real surprise came when he pointed out that the iPhone takes a screenshot every time you use the home button. It does this so it can do the scaling animation. The image files are presumably deleted immediately, but as we’ve seen before it’s nearly impossible to guarantee deletion on a solid state device. There’s currently no way to disable this behavior. So, even privacy conscious people have no way to prevent their iPhone from filling up storage with screenshots of all their text message, email, and browsing activities. Hopefully Apple will address this problem just like they did with the previous secure erase issue. O’Reilly promises to publish the full webcast soon.
The iphone-dev team seems to still be on top of their game. Only a day after the iPhone 2.1 firmware update was released, they’ve updated both the PwnageTool and QuickPwn to deal with the release. They haven’t begun work on the iPod Touch 2G yet, since no one on the team has one yet.
We tend to agree with Engadget; jailbreaking is becoming less and less important to casual users. Now average users can buy an iPhone in their own country and run apps from the official store. A much different place than we were only a year ago. We know most of our audience are power users though and definitely want out of Apple’s walled garden, but that’s only a small percentage of iPhone users.
The camera lens on the iPhone is much like any other cameraphone lens in the fact that the lens has a fixed minimum and maximum focus length. If you want to get a little closer to your subject, you just might want to give [eastrain’s] macro camera mod a try.
According to [eastrain] both first and second generation iPhone cameras have a screw type focus ring that has been glued to infinity from the factory. This was probably set so that 99% of your photos were roughly in focus.
Gaining access to the camera lens requires the disassembly of your phone and will undoubtedly void any type of warranty you may have had. Once the lens is in view you will need to break the 2 glue points that hold the lens at its current position.
Using needle nose pliers you can then rotate the lens counter clockwise to increase the zoom or clockwise to decrease it. Enabling the built in camera app allows you to see in real time your changes. When you’re satisfied, just put everything back together. Of course the next step should be an externally mounted ring to allow manual zooming on the fly.
[greenmymac] on the MacRumors forums recently exposed a security flaw that allows anyone full access to a locked iPhone running firmware version 2.0.2. The flaw works by entering the emergency call menu of a locked iPhone, and double tapping the home button. This opens the iPhone’s Favorites menu, allowing anyone in your Favorites to be called. From here, an attacker has access to your SMS messages and potentially your email or Safari browser. While we are sure that Apple has a patch for this flaw on the way in the next firmware update, there is a temporary way to secure your locked iPhone. Simply enter the Settings menu on your iPhone and enter General > Home Button and select “Home” or “iPod”. Now when you double tap your home button, it will navigate to either your home screen or the iPod screen. While this fix might be annoying for some, as of right now it seems like the only way to secure your locked iPhone.
[photo: Refracted Moments™]
The iphone-dev team hasn’t been resting on their laurels since releasing the iPhone Pwnage Tool 2.0 nearly two weeks ago and decided to update everyone on their progress. Despite the iPhone 2.0 jailbreak, there still isn’t a way to unlock a 3G phone. They’ve managed to do other things like downgrade a 3G to an older baseband firmware, which demonstrates their ability to bypass security checks and run unsigned code on the baseband. A nice side effect of all the downgrade work is that they’ve perfected the percautions they take to prevent bricking. The team has been following threads about using SIM proxy devices for unlocks as well, but concluded that the devices are a kludge at best and reliability can vary wildly depending on the phone’s location. They also pointed out the fine work that RiP Dev has been doing on Installer 4 which will help you install software that isn’t from the AppStore.
AppleInsider is reporting that iPhone Software v2.0 will add a secure wipe feature. The screenshot above shows the text “This will take about an hour.” added to the normal erase feature. This time is used to overwrite data to the disk multiple times. The need for secure phone erasure came to light after a researcher was able to recover personal information from a refurbished iPhone using forensic tools. Since then, a few people have published techniques for obliterating personal data using either the GUI or the more thorough command line method. Remote wipe has also been added to the new firmware in case the phone is stolen. We’re happy to see security being made easily accessible to nontechnical users and expect that remote wipe will become standard on laptops in the future.