Tracking

Aug 9, 2008






iPhoneNow this is really some hot news on the iPhone front, according to the information uncovered by Jonathan Zdziarski author of the book iPhone Open Application Development and an iPhone Forensics manual, Apple seems to have included a application blacklisting mechanism in the latest iPhone OS 2.x,
using which the device can phone back home and check for unauthorized
applications, and disable them if found on the blacklist acting as a
hidden kill switch.


While doing extensive forensic examination of the iPhone 3G,
Jonathan found a configuration file deep inside the Core Location
having callback to the below URL on Apple Site:


https://iphone-services.apple.com/clbl/unauthorizedApps


Which when accessed displays:


{ "Date Generated" = "2008-08-08 16:21:42 Etc/GMT";
"BlackListedApps" = { "com.mal.icious" = { "Description" = "Being
really bad!"; "App Name" = "Malicious"; "Date Revoked" = "2004-02-01
08:00:00 Etc/GMT"; }; }; }


The page, called ‘unauthorizedApps’, seems to get called from iPhone
occasionally checking for banned applications against installed
applications and if a match is found, the application can be disabled
immediately.


Jonathan Zdziarski Says:


“This suggests that the iPhone calls home once in a
while to find out what applications it should turn off. At the moment,
no apps have been blacklisted, but by all appearances, this has been
added to disable applications that the user has already downloaded and
paid for, if Apple so chooses to shut them down.


Now, this seems more to be a security feature similar to one present in today's web-browsers, but can be used to blacklist and ban applications on jailbroken iPhones installed via Cydia.

0 Comments:

Post a Comment



    • Popular
    • Categories
    • Archives