mac-talks.com

Last week, we reported that French developer Applidium had managed to blow the Siri protocol wide open, making it possible for any internet connected device to dial into Apple’s Siri servers and get a response.

Any internet connected device? Pshaw, you might scoff. But one week later, we have the proof: a hacker who has tricked Siri into talking with his internet connected thermostat!

The developer, known only by his Twitter handle Plamoni, managed this feat by using Applidium’s hack to come up with a Siri proxy server, which he then programmed with custom commands allowing his iPhone 4S to send custom commands to his indoor wireless thermostat, including the ability to report the thermostat’s status, set the temperature and turn the heat on and off.

Since there’s no working iPhone 4S jailbreak yet, needless to say Plamoni’s technique works on a stock iPhone 4S. In fact, if you’ve got the developer smarts, you can even download the source code and get it running locally.

I think what is most interesting to me about this is that it really shows that Siri’s already impressive abilities are just the beginning. What Apple ultimately envisions is a way to use our iPhones to intelligently control, manage and maintain our entire lives: from telling your car to warm itself up on a cold winter’s morning while you’re still in bed to telling your AppleTV to start streaming the latest episode of Dexter. If Apple’s smart, they will license Siri to all sorts of device makers over the next few years, allowing you to pair any internet connected device to your iPhone and send it commands. When that happens, get ready for the real voice revolution.

• Siri Hacked To Accept Custom Commands
• Siri Protocol Cracked Wide Open To Work With Any Device Or App, But There’s Still A Catch
• The Father of the iPod Has Invented The Smartest, Coolest Thermostat You’ll Ever See
• With Way Too Many People To Talk To Siri Goes Offline Temporarily [Outages]
• Want To Use Siri To Control Your Mac? Now You Can!

Even if you’re not a jailbreaker, TinyUmbrella is a great little app that allows you to save your iPhone, iPod touch or iPads SHSH blob files locally. What is the practical use of such a technobabble practice? Simple: if you have your blob files stored locally, you can downgrade your iDevice to an earlier version of iOS…. useful if your iPhone gets hit with a bug in the latest version of iOS, or an app you can’t live without stops working.

If you are running iOS 5.0.1, you might want to head on by TinyUmbrella’s official website and grab the latest version: it’s been updated to slurp down the latest version’s SHSH blob files.

TinyUmbrella’s programmer Notcom has a caveat, though. Even though you can store an iPhone 4S’s blob files locally with the new version of Tiny Umbrella, there’s no known way to restore them, so don’t expect to be downgrading your iPhone 4S anytime soon.

Even though there is still no working solution for restoring 5.x on iPhone 4S I have released a 5.01.00 so you can at least save 5.0.1 SHSH. I have added tentative support for at least saving 5.0.1 SHSHs for iPhone 4S but as of now we are unable to use them fully. As soon as more information is available I will update.

You can grab the update for Mac here. For instructions on extracting your device’s SHSH blobs, check out our previous how-to.

• Extract SHSH Blobs For iOS4 Devices [How To]
• Before Jailbreaking, Extract Your iPhone’s SHSH Blobs with Umbrella [Jailbreak Superguide]
• Major Update Announced For RedSn0w Jailbreak Utility
• How To Jailbreak Your iPhone 4, iPhone 3GS Or iPod Touch… The Right Way
• How To Jailbreak Your iPad Or iPad 2… The Right Way [How-To]

photo courtesy of Forbes

We told you a couple of hours ago about security guru Charlie Miller’s new iOS vulnerability that allows an approved App Store app to run unsigned code remotely. Miller has been hacking Apple’s products for years, and this most recent bug is a particularly nefarious exploit that could be used for all kinds of evil purposes.

Charlie Miller is one of the good guys, however, and he is planning to show his cards at the SysCan conference in Taiwan next week. The ends don’t always justify the means in this case, as Apple has now kicked Miller out of the App Store and iOS Developer Program.

In a series of tweets, Miller announced Apple’s swift decision to ban him from the iOS world. Miller demoed his hack via a sleeper app, called Instastock, that he submitted to the App Store. In a video, he demonstrated running unsigned code from his home server on the Apple-approved app.

The bug involves exploiting javascript code in iOS that Apple didn’t secure enough in the latest release of the operating system. Apple touts iOS as being more stable than its competition, like Android, and this bug that Miller discovered poses a dangerous threat to Apple’s spotless App Store ecosystem.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Since posting the video outlining his hack earlier today, Apple has banned Miller from both the App Store and Developer Program. On his Twitter account, Miller complained that, “First they give researcher’s access to developer programs, (although I paid for mine) then they kick them out.. for doing research.”

As a respected security researcher with a track record of exploiting Apple’s products, one could argue that Miller could have reported the exploit to Apple directly instead of planting a malicious app in the App Store. On the other side of the coin, it’s telling that Miller got his app through Apple’s review team in the first place.

What do you think? Was Apple justified in removing Miller from the App Store entirely (instead of pulling the Instastock app specifically) and kicking him out of the iOS Developer Program?

• Security Expert Hacks a Mac in Seconds
• Apple’s iOS Javascript Browser Tweak Hacked To Allow Any App To Run Malicious Code
• Apple Releasing Security Patch for SMS Exploit in iPhone OS
• Apple Releases iPhone Update To Fix SMS Hack
• Security Expert: “Mac OS X Is Safer, But Less Secure”

When it comes to Mac hacking, there are few security experts more dangerous than Charlie Miller, who can hack a Mac in mere seconds. Luckily, Miller only uses his hacking powers for the forces of good, so his hacks often lead to more secure systems for you and me.

Let’s hope that’s the case for the latest vulnerability Miller identified for the iOS platform. He has discovered a huge bug in iOS that allows malicious devs to write innocuous looking apps that slip by the App Store review process, only to phone home to a remote computer and repurpose all of iOS’s normal functions for malicious ends.

Miller proved the concept of his hack with an app called Instastock. Although Instastock appeared to be just a stock ticker, it actually phoned home to Miller’s house in St. Louis, where it downloaded new commands that allowed him to do things like read a user’s photos, contacts or emails, make the phone vibrate or even ring. Apple actually approved the app for distribution without raising an eyebrow?

Why didn’t Apple catch this stuff in the App Store review process? It’s simple: the commands to do all this malicious stuff didn’t actually exist in the software before it dialed into Miller’s home computer from the iPhone on which it was installed. Once it phoned home, it downloaded all the commands that would have normally triggered Apple’s clampdown procedures.

How does it work? In order to increase the speed of iOS’s browser, Apple allows javascript code from the internet to run on a much deeper level in system memory than it had previous to iOS 4.3. This speed increase effectively creates an exception in which the browser can run unapproved code in a region of the device’s memory. All Miller’s hack does is exchange that exception to apps.

Miller intends on showing off his Instastock app and bug at next week’s SysCan conference in Taiwan. Presumably, Apple will fix this bug extremely quickly, but in the mean time, they have made no comment. You can read more about Miller’s hack here.

• Apple Kicks Security Researcher Out Of The App Store After iOS Exploit Demonstration
• Security Expert Hacks a Mac in Seconds
• Meet The 19 Year Old Jailbreaker Who Keeps Apple’s iOS Engineers Terrified
• iPhone Security Takes Another Hit
• Rave Review: Coda Web Development App

One of Windows 8′s key tablet features is the ability to run two apps on the same screen side-by-side. It’s a feature that iOS 5 has yet to adopt, but that hasn’t stopped one jailbreak dev from swiping the idea and creating a hack that can allow two or more iPhone apps to run side-by-side on any iPad. Sick.

Jailbreak dev Aaron Ash says that while the hack is more of a proof-of-concept then anything else right now, and not ready for public release, the tweak has promise if some bugs with the audio and accelerometer can be ironed out.

Even so, though, Aaron’s managed to live the dream and play two games of Angry Birds at the same time. He describes performances as good and usable, but obviously this depends a lot on the apps being run.

Right now, Aaron’s tweak maxes out at three apps, with four crashing the app. It has a lot of work to go yet, with Aaron forecasting a release within months.

Even so, this looks promising, but until Apple bakes side-by-side apps right into iOS’s DNA, I’m afraid hacks like this will be more for show than real productivity.

[via MacStories]

• Angry Birds Top Free, Paid iPhone Apps for 2010
• Angry Birds Dev Talks Angry Birds 2 In San Francisco Before iPad 2 Event
• Angry Birds Update to Bring Game Syncing, Easter Edition
• Halloween Comes To Doodle Jump And Angry Birds
• iOS 4.1 Jailbreak To Be Released On 10.10.10 at 10:10:10AM

If you use your Mac on a cross platform network often, you’ve surely run into the obnoxious creation of .DS_Store files. If you’re curious what the file is used for, DS_Store is a hidden file for Mac OS X that stores various bits of data for the Finder to remember, like icon position, making it completely useless for anyone besides you to see. By default, your Mac will create the .DS_Store file’s all over the place including accessed computers that aren’t Macs, creating an annoying mess for network users to find. Thankfully you can easily turn off the creation of DS_Store files on network connections:

Stop .DS_Store file creation on network shares

Launch the Terminal and type the following exactly:
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
Restart your Mac and you will no longer have those pesky .DS_Store files appearing every time you browse a network share.