Richi Jennings

iPhone 3G/3GS overheating; hot Apple SMS security issues

July 03, 2009 6:00 AM EDT
Is your iPhone overheating? Are you vunerable to an Apple SMS security issue? In IT Blogwatch, bloggers debate problems with their shiny, precious, hot things.

By Richi Jennings: your humble blogwatcher, who independently selected these bloggy morsels for your enjoyment. Not to mention more Error'd...

Mark Hachman has the 411:
Here's the deal: an unknown but probably very small number of iPhones have been affected by overheating, to the point that some white iPhone 3GSes have allegedly turned pink. [We] haven't seen any such problems ... however. Apple, however, has issued ... a support document that warns users not to keep the iPhone in an environment where temperatures can exceed 113 degrees Fahrenheit, including parked cars. ... Apple also warns that CPU-intensive applications, such playing music or using the GPS while in direct sunlight may also overheat the iPhone.
...
Actually using the iPhone in temperatures over 95 degrees can also trigger ... a temperature warning screen ... "Low- or high-temperature conditions might temporarily shorten battery life or cause the device to temporarily stop working properly."more

But Kevin C. Tofel cuts Apple some slack:
Although there was a recent picture of a white iPhone 3GS exhibiting what looked to be burned plastic on the back casing, I haven’t had any issues with my unit. I have the same one. I don’t doubt there are some handsets that run hotter than others; with massive production runs, there are bound to be a few bad handsets getting through the QC process. That number could be dozens or it could be thousands. I wonder how legitimate that picture was, though.
...
In any case, the Apple support article didn’t hit today. It was last updated on June 25, and I don’t know when it was first published. For all I know, it could have been there since the introduction of the 3G and was simply updated to include the 3GS. While I wouldn’t call it an “advisory” to address a current product problem, it is useful information.more

But Jim Dalrymple goes the full fanboi nine yards:
An article on PC World on Thursday says that “Apple Admits iPhone Overheating Issues — Sort of.” Well, no, either they admitted they have an overheating problem or they didn’t–which is it? What some people are trying to do is shoehorn a tech note into fulfilling the story they want to write.

Unfortunately, that’s not what Apple said. What the tech note does do is give optimum operating temperatures for the iPhone. ... Since Apple didn’t say it, I’ll add a couple more for you. Don’t: Bake your iPhone in an oven; Put your iPhone in a pot of boiling water; Drop your iPhone in a Volcano.more

Speaking of hot hardware, here's Shawn Oliver: [You're fired -Ed.]
Say it ain't so! During a presentation at the SyScan conference in Singapore, security researcher Charlie Miller made clear that there was a significant vulnerability in the iPhone's SMS system, a flaw that could "allow an attacker to remotely install and run unsigned software code with root access to the phone." ... [So] it's possible to control most any aspect of the smartphone, thus enabling hackers to completely invade an owners' privacy. Scary stuff.
...
The sheer fact that so many iPhones are out there makes this a fairly serious risk. ... Miller is planning to detail the hole more at the Black Hat USA security expo in Las Vegas later this year, which gives Apple a short window of time to patch the vulnerability. If all goes planned, Apple will actually have a fix ready "later this month," but exact details on when said patch will arrive have yet to be disclosed.more

Charlie who? Jason Mick knows:
Mr. Miller is the author of The Mac Hacker's Handbook, one of the leading resources for prospective Apple hackers. He praises Apple's efforts with the iPhone saying that the stripped down version of OS X provides less attack opportunities. He says that lack of support for Adobe Flash and Java while an annoyance to users actually aid security, as these are traditional attack vectors.

He also notes the phone's provisions to only run Apple-signed code and to provide hardware encryption as other promising features. Many of these features were added in the new iPhone 3G S, but were not present in the iPhone 3G leading the iPhone 3G to receive failing marks in a recent security study.more

Neil Hughes gets fuzzy:
Apple plans to have the fix released later this month, before Miller gives his scheduled speech at the Black Hat Technical Security Conference in Los Angeles. At the July 25-30 conference, Miller will be joined by Colin Mulliner for a talk entitled “Fuzzing the Phone in Your Phone,” which will show attendees how to discover vulnerabilities in a variety of smartphones.
...
The exploit takes advantage of the fact that SMS can send binary code to an iPhone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.more

So what's your take?
Get involved: leave a comment.



Previously in IT Blogwatch:
Don't miss out on IT Blogwatch:

And finally...
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and spam. A 24 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him as @richi on Twitter or richij on FriendFeed, pretend to be Richi's friend on Facebook, or just use good old email: itblogwatch@richij.com.