Is your iPhone overheating? Are you vunerable to an Apple SMS security issue? In IT Blogwatch, bloggers debate problems with their shiny, precious, hot things. By Richi Jennings:
your humble blogwatcher, who independently
selected these bloggy morsels for your enjoyment. Not to mention more Error'd
... Mark Hachman has the 411:
Here's the deal: an unknown but probably very small number of iPhones have been affected by overheating, to the point that some white iPhone 3GSes have allegedly turned pink. [We] haven't seen any such problems ... however. Apple, however, has issued ... a support document that warns users not to keep the iPhone in an environment where temperatures can exceed 113 degrees Fahrenheit, including parked cars. ... Apple also warns that CPU-intensive applications, such playing music or using the GPS while in direct sunlight may also overheat the iPhone. But Kevin C. Tofel cuts Apple some slack:
Actually using the iPhone in temperatures over 95 degrees can also trigger ... a temperature warning screen ... "Low- or high-temperature conditions might temporarily shorten battery life or cause the device to temporarily stop working properly."
Although there was a recent picture of a white iPhone 3GS exhibiting what looked to be burned plastic on the back casing, I havent had any issues with my unit. I have the same one. I dont doubt there are some handsets that run hotter than others; with massive production runs, there are bound to be a few bad handsets getting through the QC process. That number could be dozens or it could be thousands. I wonder how legitimate that picture was, though. But Jim Dalrymple goes the full fanboi nine yards:
In any case, the Apple support article didnt hit today. It was last updated on June 25, and I dont know when it was first published. For all I know, it could have been there since the introduction of the 3G and was simply updated to include the 3GS. While I wouldnt call it an advisory to address a current product problem, it is useful information.
An article on PC World on Thursday says that Apple Admits iPhone Overheating Issues Sort of. Well, no, either they admitted they have an overheating problem or they didntwhich is it? What some people are trying to do is shoehorn a tech note into fulfilling the story they want to write. Speaking of hot hardware, here's Shawn Oliver: [You're fired -Ed.]
Unfortunately, thats not what Apple said. What the tech note does do is give optimum operating temperatures for the iPhone. ... Since Apple didnt say it, Ill add a couple more for you. Dont: Bake your iPhone in an oven; Put your iPhone in a pot of boiling water; Drop your iPhone in a Volcano.
Say it ain't so! During a presentation at the SyScan conference in Singapore, security researcher Charlie Miller made clear that there was a significant vulnerability in the iPhone's SMS system, a flaw that could "allow an attacker to remotely install and run unsigned software code with root access to the phone." ... [So] it's possible to control most any aspect of the smartphone, thus enabling hackers to completely invade an owners' privacy. Scary stuff. Charlie who? Jason Mick knows:
The sheer fact that so many iPhones are out there makes this a fairly serious risk. ... Miller is planning to detail the hole more at the Black Hat USA security expo in Las Vegas later this year, which gives Apple a short window of time to patch the vulnerability. If all goes planned, Apple will actually have a fix ready "later this month," but exact details on when said patch will arrive have yet to be disclosed.
Mr. Miller is the author of The Mac Hacker's Handbook, one of the leading resources for prospective Apple hackers. He praises Apple's efforts with the iPhone saying that the stripped down version of OS X provides less attack opportunities. He says that lack of support for Adobe Flash and Java while an annoyance to users actually aid security, as these are traditional attack vectors. Neil Hughes gets fuzzy:
He also notes the phone's provisions to only run Apple-signed code and to provide hardware encryption as other promising features. Many of these features were added in the new iPhone 3G S, but were not present in the iPhone 3G leading the iPhone 3G to receive failing marks in a recent security study.
Apple plans to have the fix released later this month, before Miller gives his scheduled speech at the Black Hat Technical Security Conference in Los Angeles. At the July 25-30 conference, Miller will be joined by Colin Mulliner for a talk entitled Fuzzing the Phone in Your Phone, which will show attendees how to discover vulnerabilities in a variety of smartphones. So what's your take? Get involved: leave a comment.
The exploit takes advantage of the fact that SMS can send binary code to an iPhone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.
Previously in IT Blogwatch: Don't miss out on IT Blogwatch: And finally... Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and spam. A 24 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him as @richi on Twitter or richij on FriendFeed, pretend to be Richi's friend on Facebook, or just use good old email: firstname.lastname@example.org.