The organizers of a computer security conference called CanSecWest challenged attendees to break into any one of five smart phones, among them iPhone. Few researchers attempt to hack the devices, especially iPhone, but there was no succeed. Two researchers who have previously found vulnerabilities in the security of the iPhone. And Apple disclosed and issued a patch for dozen such security holes in the device last November. Those two researchers will present a way to run no approved code on Apple’s mobile device at the Black Hat Security Conference. Many of the researchers simply refuse to work on that simply because the flaw has been exploited. Charles Miller, a principal analyst at Independent Security Evaluators who is one of those two researchers, said that “"If you want to attack iPhones, you have to be able to run code to do whatever it is you want to do," Maybe that is grabbing credentials, maybe it is listening into phone calls, maybe it is turning on the microphone. Who knows? But this all requires that you be able to run code.” Miller had found the places where changing permission is allowed on the factory iPhones. These parts give the hacker or researcher more freedom to code generic and reliable second stage attacks. Apple is restricting the data that can be executed in the memory; also requires the program to be cryptographically signed by Apple. One of the security features of code signing is to provide security when deploying. Also every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the author or build system, and a checksum to verify that the object has not been modified. Even though Miller found that how to solve this problem for the programmers or users. “Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a non executable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable.” The result of the research is not going to be given to outside environment after he was sure that the issues have not been solved in the new iPhone 3.0. He is going to mention the strengths and weaknesses of the security, so cell phone user can make decision to what device we should use and how we should use them. Also his research could make the way for the developer to skip the signature part and distribute the program to the users. I personally as one of the cell phone users will not chose iPhone, because of this issue. I as the programmer will find it much easier to use Windows Mobile.
Source:
http://www.technologyreview.com/communications/22782/page2/
Other Sources:
http://www.macworld.com/article/132675/2008/03/iphone_sdk_jailbreak.html
http://www.windowsecurity.com/articles/Code-Signing.html
Sunday, June 14, 2009
Week 3 Blog 2: Microsoft Browser Offer Fails to Impress Europe
On 2004, Microsoft had some issue with the European commission based on the windows media player. They were claiming that by having windows media player already installed on the operating system, and then there would be no choice for competitors to show off their products like real player. Therefore, Microsoft shipped N version of Windows XP and vista in order to comply with the European’s commission. But this solution didn’t work because they were offering the full version in parallel.
Opera, a Norwegian browser initiated the complaint on December 2007, and asked the commission to deal with Internet Explorer (IE) as they did with Media Player. Therefore, according to the complaint on Thursday, June 11th 2009, Microsoft offered to give the version out without having Internet Explorer on it. The new version for European country would be Windows 7 E version. “But the commission in a statement, dismissed the offer, saying the move could not further its goal of promoting browsers that compete with Internet Explorer.” But the most important reason for rejection of this offer is that the European commission did not want to repeat a mistake, when Microsoft ordered the software maker to sell a N version of windows which is without its media player. Commission is deciding on idea to suggest Microsoft to distribute windows with competing Web browsers installed and then allow retailers, computer makers or even customers to decide from a “ballot screen” menu which browsers to install. The ballot screen options, or in other words the web browsers candidates are Mozilla’s Firefox, Apple’s Safari, Google’s Chrome, and Opera beside Internet Explorer.
As in the other article Microsoft mentioned, it needs start telling OEMs by the end of this week what exactly they expect in Windows 7, so they can begin the software engineering work necessary to have their windows 7 PCs available in stores on that day. Microsoft is moving forward with a collaborative tone: "We will continue to discuss browser issues and other matters with the Commission. But even as the Commission processes continue, we know we need to have a clear plan in place to address the “bundling” issue in Europe because, at the end of the day, the obligation to comply with European competition law belongs to Microsoft alone".
I agree with the complaint that Opera made on this situation. But there is a case if a customer receives the PC without any web browser installed, and he doesn’t have enough knowledge to use the computer. Then how this problem is going to be solved for him. I as one that I almost tried every web browsers, I personally more comfortable to use IE and Google chrome than the others. Even it was very hard for me to choose which browser to use. I prefer to have IE already installed than the others. Also the E version is not going to work as the commission mentioned too in case of selling the complete version in parallel.
Source:
http://www.nytimes.com/2009/06/13/technology/companies/13euro.html?ref=world
Other Sources:
http://www.dailytech.com/Windows+7+Will+Ship+Without+Internet+Explorer+in+European+Markets/article15305.htm
http://www.euractiv.com/en/infosociety/new-eu-competition-case-looms-microsoft/article-169118
Opera, a Norwegian browser initiated the complaint on December 2007, and asked the commission to deal with Internet Explorer (IE) as they did with Media Player. Therefore, according to the complaint on Thursday, June 11th 2009, Microsoft offered to give the version out without having Internet Explorer on it. The new version for European country would be Windows 7 E version. “But the commission in a statement, dismissed the offer, saying the move could not further its goal of promoting browsers that compete with Internet Explorer.” But the most important reason for rejection of this offer is that the European commission did not want to repeat a mistake, when Microsoft ordered the software maker to sell a N version of windows which is without its media player. Commission is deciding on idea to suggest Microsoft to distribute windows with competing Web browsers installed and then allow retailers, computer makers or even customers to decide from a “ballot screen” menu which browsers to install. The ballot screen options, or in other words the web browsers candidates are Mozilla’s Firefox, Apple’s Safari, Google’s Chrome, and Opera beside Internet Explorer.
As in the other article Microsoft mentioned, it needs start telling OEMs by the end of this week what exactly they expect in Windows 7, so they can begin the software engineering work necessary to have their windows 7 PCs available in stores on that day. Microsoft is moving forward with a collaborative tone: "We will continue to discuss browser issues and other matters with the Commission. But even as the Commission processes continue, we know we need to have a clear plan in place to address the “bundling” issue in Europe because, at the end of the day, the obligation to comply with European competition law belongs to Microsoft alone".
I agree with the complaint that Opera made on this situation. But there is a case if a customer receives the PC without any web browser installed, and he doesn’t have enough knowledge to use the computer. Then how this problem is going to be solved for him. I as one that I almost tried every web browsers, I personally more comfortable to use IE and Google chrome than the others. Even it was very hard for me to choose which browser to use. I prefer to have IE already installed than the others. Also the E version is not going to work as the commission mentioned too in case of selling the complete version in parallel.
Source:
http://www.nytimes.com/2009/06/13/technology/companies/13euro.html?ref=world
Other Sources:
http://www.dailytech.com/Windows+7+Will+Ship+Without+Internet+Explorer+in+European+Markets/article15305.htm
http://www.euractiv.com/en/infosociety/new-eu-competition-case-looms-microsoft/article-169118
Week 3 Blog 1: Wireless Power Harvesting for Cell Phones
Nokia is developing technology that could draw enough power from ambient radio waves, so we don't need to charge the battery. Ambient electromagnetic radiation, the sort of stuff that is given off by our WI-FI transmitters, Mobile phone antenna and even giant TV mast, could be harnessed and converted into sufficient electrical power to top our battery simply as we walk. The Nokia devices will work as the same principle as a crystal radio set by converting electromagnetic waves into an electrical signal. The way that crystal set radio works, it uses no power. The circuit consists of an inductor (called a coil), a variable capacitor, a germanium diode, a filtering capacitor and finally very high impedance headphones. Rouvala, a researcher from the Nokia Research Centre, in Cambridge, U.K, said that the prototype needs to harvest 50 milliwatts of power in order to charge the phone with power. With today's technology, the prototype is able to harvest only three to five milliwatts. Therefore, as it mentioned in the article, Nokia needs a wideband receiver to capture signals from between 500 megahertz and 10 gigahertz; a range to cover many different radio signals. As it mentioned other universities are working on different projects related to use the power that the device is capable of harvesting from ambient RF.
"Earlier this year, Joshua Smith at Intel and Alanson Sample at the University of Washington, in Seattle, developed a temperature-and-humidity sensor that draws its power from the signal emitted by a 1.0-megawatt TV antenna 4.1 kilometers away. However, this only involved generating 60 microwatts.
Smith says that 50 milliwatts could require around 1,000 strong signals and that an antenna capable of picking up such a wide range of frequencies would cause efficiency losses along the way." It has been mentioned that it is possible to see this capability in the cell phones within three to four years. According to the other article this technology is not going to be used only for Nokia but it should be used for any other devices which are capable of working with the less power. Nokia plans to use this technology in combination of other energy-harvesting approaches like solar cells that could be embedded in the outside case of handset.
This technology, harvesting ambient electromagnetic radiation and converting to electrical power, would be the best one for most of the cell phone users. I personally will get the phone that has this technology so I wouldn't need to carry the cell phone charger with myself, since sometimes I will forget to charge it. But there is a question regarding that, is this technology depends on the atmosphere condition or not? Some researchers on the ambient radiation, in Hong Kong, agreed that the radiation level will be changed depends on the weather condition. According to the rain, wind, tropical cyclone, and even seasonal changes make changes to the radiation level. Therefore, I believe it's not going to work perfectly for all over the world.
Source:
http://www.technologyreview.com/communications/22764/
Other Sources:
http://www.dailytech.com/Nokia+Prototype+Generates+Power+from+Ambient+Radiation/article15382.htm
http://www.weather.gov.hk/radiation/tidbit/200512/ambient_radiation_level_e.htm#
Subscribe to:
Posts (Atom)
