In his tirade against Adobe's Flash platform, one of the reasons Steve Jobs says Apple doesn't allow the popular plug-in to run on Apple's iPhones, iPods, and iPads is because "Flash has not performed well on mobile devices." In fact, Steve Jobs claims his Cupertino company has "routinely asked Adobe to show us [Apple] Flash performing well on a mobile device, any mobile device, for a few years now." Anyone think a demo of Flash running smooth on the iPad would change his mind?
Probably not, but that didn't stop iPhone hacker "comex" from demonstrating it anyway. This is the same guy who developed the Spirit untethered jailbreak tool for the iPhone, iPad, and iPod touch, and now he's gone and ported a version of Adobe Flash runtime for Android to run on the iPad using a compatibility layer, which he's calling "Frash."
"Frash can currently run most Flash programs natively in the MobileSafari browser," reads a description of the YouTube video showing Frash in action. "Frash currently only runs on the iPad, but support for other devices (3GS+ only due to technical restrictions" is planned, as well as support for iOS 4."
Comex says he'll release Frash when it's fully stable, and in the meantime, "developers are welcome to join the effort at http://github.com/comex/frash -- fork it an send a pull request with your patches."
It didn't take long for hackers to take advantage of a potentially dangerous exploit affecting jailbroken iPhones. The vulnerability first gained notoriety earlier this month when a hacker from the Netherlands took control of modified iPhones and sent the owners an SMS requesting a fee for instructions on how to protect thier device. He later backed down and posted the fix for free, but by then, the cat was out of the bag.
Fast forward a few weeks and we now have the first malicious worm making the rounds on jailbroken iPhones and iPod touch devices. According to reports, the worm uses command--and-control like a traditional PC botnet. it configures two startup scripts, one of which is used to execute the malicious worm during boot, and the other to make a connection to a Lithuanian server in order to upload stolen data and hand over control to the bot master.
The worm works by changing the root password from the default of "alpnie" that Apple put in place in the factory firmware. It attacks IP ranges from a wider range of ISPs, including UPC, Optus, and T-Mobile.
The recommended fix is to restore jailbroken iPhones to the current Apple-supplied firmware.
There's a lot you can do with a jailbroken iPhone, and apparently, there's a lot others can do with your hacked smartphone as well. A hacker from the Netherlands made it his mission to alert modified iPhone owners via SMS that their security wasn't up to snuff.
The SMS contained a link to http://doiop.com/Hacked, which has since been eradicated from the Web. But before it was taken down, the site asked victims to send 5 euros (about $7.56 USD) to a Paypal account and then sit tight for email instructions on how to secure the hacked phone.
"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others -- they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intentions of harming you or whatever, but some hackers do! It's just my advice to secure your phone."
According to ArsTechnica, the hacker used port scanning to identify jailbroken iPhones on the T-Mobile network in the Netherlands with SSH running. The hack also relied on unchanged root passwords to gain access, which is where the real security risk came from.
So what can you do to secure your phone? The same hacker who tried to make a quick buck has apologized for his actions, promised to return what money he's made, and posted steps to secure your jailbroken iPhone, which you can find here.