IPhone Jailbreaks Updated For 2.2 Release

Working as quick as ever, the iphone-dev team have updated the PwnageTool and QuickPwn to work with the new iPhone 2.2 firmware update. The trouble with the new firmware is that it updates the baseband of the phone, which could potentially undo any progress made towards an iPhone 3G unlock in the future. If you don’t care about that, you can use QuickPwn to jailbreak your phone after the upgrade, so you can run any app you want. If a future unlock is important to you, use the PwnageTool to strip the baseband update out of the firmware update.

[photo: edans]

“Interplanetary Internet” Passes First Test

NASA just completed the first deep-space test of what could one day become the interplanetary internet. Images of Mars and its moon Phobos were sent back and forth between computers on Earth and NASA’s Epoxi spacecraft. Instead of TCP/IP a new protocol, named “Disruption/Delay Tolerant Networking” (DTN) was used. Information is only sent once with DTN, and stored at each node until another node is available to receive the information.  To prevent hackers from interfering with the network, information that is transmitted over DTN is encrypted. The team at NASA is hoping to get the protocol accepted by the international community and setup a permanent node at the International Space Station next year.

[via Warren Ellis]

PSP 3000 Hacked

Peripheral manufacturer Datel has been hard at work attempting to crack the PSP 3000 since its release. They’ve developed the Lite Blue Tool battery to force the PSP into service mode so hackers can run any arbitrary code they want. According to MaxConsole, Datel performed a silicon level investigation of the PSP’s chips to determine how to break into service mode. This means they decapsulated the the chips and reverse engineered any cryptographic protections. We’d love to hear exactly what chips were being used since some are fundamentally flawed.

Silicon hacking has always been a favorite topic of ours and we suggest you check out [Chris Tarnovsky]’s decapsulation technique to learn more about it.

Iphone-dev Team 3G Soft Unlock Coming Soon

[vimeo 2291914]

The iphone-dev team has officially stated “all that remains is implementation“. They’ve developed all the pieces they need to perform a software unlock for the iPhone 3G, now it’s just a matter of putting them together in user friendly fashion. They’ve managed to run unsigned code on the baseband, developed custom AT tools, and are now showing injection of a background task. They will combine all of these techniques to override the carrier lock baseband code. As usual, they warn against performing any official firmware updates to the phone.

Clickjacking Webcast Tomorrow

[Jeremiah Grossman] and [Eric Lawrence] will be presenting on clickjacking and browser security in an online seminar tomorrow. Clickjacking allows an attacker to transparently place links exactly where a user would be clicking, essentially forcing the user to perform actions without their knowledge. This method of attack has been known for a few years, but researchers have focused their attention on it lately because they feel the threat has been underestimated. Recently, Adobe patched a vulnerability specifically because of this issue. Tune in tomorrow for more info on the attack.

Hacking At Random 2009 Dates Announced

Hacking at Random, an international technology and security conference, has just announced the dates for their 2009 event. The four day outdoor technology camp will be held August 13-16 near Vierhouten, Netherlands. HAR2009 is brought to you by the same people who held What the Hack, which we covered in 2005. They’ve done this every four years for the last 20. We’ll be sure to attend. We loved CCCamp in Germany last year and plan on attending ToorCamp in Seattle this year too.

[photo: mark]

Google Explains Android Patches

g11

Google has been trickling out info about what they’re actually fixing in the G1 firmware updates. Before RC29, users were able to bypass the phone lock using safe mode. RC29 also brought WebKit up to date, presumably patching the bug [Charlie Miller] found. RC30 takes care of root console problem. Unfortunately there are very few details as to what or how particular items were broken. This release method leaves much to be desired; having the official Android Security Announcements group be the absolute last place to get security news is asinine.

[photo: tnkgrl]