Potentially nasty new iPhone security flaw discovered

Wuh-oh! Considering its popularity and the number of handsets floating around out there compared to the number of security exploits discovered thus far, I’d say Apple has done a pretty good job of keeping things locked down.

As this just-discovered flaw proves, however, nobody’s perfect.

You can read the full technical details of the exploit here, but to make one hell of a long story short: the iPhone allows settings configuration files to be installed over-the-air through Safari, primarily to help enterprise businesses setup a bunch of iPhones as quickly as possible. We’ve known this for a while – it’s a crucial part of easily enabling tethering on jailbroken iPhones. The user must must confirm the installation manually, and the iPhone tells you who it’s from and whether or not it’s a trusted source – which (we hope) most would be smart enough not to do in standard cases.

The particularly nasty part here, however, is that the anonymous hackers reporting the flaw were not only able to make the configuration file report back as “Verified”, but also indicate that it was straight from “Apple Computer” themselves. From that point, a pinch of clever web design and a dash of social engineering would be enough to convince the vast majority of users who stumble across a malicious update that it’s as legit as can be.

So once it’s installed, what harm can be done? In theory, it could be used to reconfigure the iPhone’s proxy settings, allowing hackers to redirect all traffic through a server of their choosing. It could also be used to wreak havoc on WiFi/e-mail settings, and disable the use of Safari, Mail, and a handful of other first-party iPhone apps. Worse yet, it’s possible to set the configuration file so that the user can’t remove it – so once it’s installed, getting it off the handset would require a full wipe.

Let’s hope there’s some way to fix all of this without nerfing the over-the-air configuration process all together, if only for the sake of I.T. guys everywhere. In the mean time: if you see a screen like the one in the screenshot above and you weren’t intending on provisioning your handset with new settings, you should certainly avoid hitting the “Install” button.

 

http://www.mobilecrunch.com/2010/02/03/potentially-nasty-new-iphone-security-flaw-discovered/

Mobile Ticketing Taking Off: 15 Billion Sold by 2014

Buying and selling tickets is another business that's slowly being migrated over to our mobile devices. Whether it's a movie ticket, concert ticket, plane ticket, or something else, there are a number of companies now offering digital alternatives to the tree-killing paper printouts of days past. In a new study by Juniper Research, analysts predict that the market for mobile ticketing will reach 15 billion delivered tickets by the year 2014.

According to Juniper, a little over 2 billion tickets were sold this past year. That makes the forecast of 15 billion by 2014 a notable jump which points to consumers' ever-increasing desire to perform business transactions like mobile ticket purchases using their mobile phones and other handheld devices.

Mobile ticketing initiatives benefit both parties, the ticket issuer and the purchaser. Consumers win because a digitized ticket accessible via their handheld is a convenience. (Just think: how many times have you left the house without your tickets, having to turn around and retrieve them or miss the event altogether?) For ticket sellers, not having to deal with the cost of printing tickets can provide a huge savings.

Yet despite the multi-billion increases year-over-year, this market still has a way to go. "Although 15 billion sounds large," notes the report's author Howard Wilcox, "it is in fact it a small percentage of total tickets issued -- there is plenty of scope for innovative solutions to penetrate this market." Wilcox sees the next steps for the mobile ticketing industry as encompassing more widespread purchasing via mobile phones and NFC-based ticketing.

Mobile Ticketing in the Real World

Over on online marketing site MarketingVOX, they've detailed several real-world examples of mobile ticketing including Southwest Airlines' iPhone app which allows for mobile ticket purchases, the upcoming NBA All-Star Game in Dallas which is offering special tickets to T-Mobile Android phone owners, AMC movie theaters' pilot program for mobile movie tickets, and MovieTickets.com's paperless ticket test in Chicago.

What's interesting about the U.S.-based initiatives detailed above is what early stages so many are in. Even though 42% of Americans now own a smartphone, companies are just beginning to tap into that demographic with their newly launched mobile ticketing pilot programs and marketing initiatives.

Another interesting detail from the report is the finding that Western Europe will become the leading region in mobile ticketing by 2014 based on the number of tickets sold. That has them overtaking the current mobile ticket leader, the Far East and China region. In the Asian countries, the use of NFC phones has made mobile ticketing much easier to implement. As NFC phone models make their way to other areas of the globe, the opportunities for mobile ticketing increase accordingly.

 

http://www.readwriteweb.com/archives/mobile_ticketing_taking_off_15_billion_sold_by_2010.php