MacNewsWorld reported yesterday reported a new worm targeting jailbroken iPhones. The worm has been dubbed ‘Duh’ and unlike previous exploits, this version is malicious, establishing a command-and-control botnet that is capable of sending data back to a central server.

The default root (SSH) password is also changed, in an apparent attempt to make it more difficult to re-secure an infected iPhone. According to Paul Ducklin from Sophos, the password is changed to ‘ohshit’ & is done by rewriting it’s hashed value in the master password file.

Please note that this worm only appears to affect jailbroken iPhones – iPhone running Apple’s official OS are unaffected. Unfortunately, since jailbreaking an iPhone is considered a warranty violation, Apple has made little effort to allow for 3rd party anti-virus vendors to develop software to prevent such attacks, claiming jailbroken iPhones are already running ‘unauthorized software’ and as such are used at the owners risk.

Detailed instructions for changing the default root (SSH) password can be found at the JustAnotheriPhone blog. Using the free MobileTerminal iPhone application is the simplest & most straightforward option.

While changing the root password will certainly increase protection against the ‘Duh’ worm and any future attacks, currently, the only 100% secure iPhone is one that has not been jailbroken. If you are using an iPhone in an enterprise or other environment where data security is an issue, running a jailbroken iPhone is strongly discouraged.

To restore the Apple-authorized OS to an iPhone, simply connect the iPhone to iTunes & click the ‘Restore to Defaults’ button. This will erase all data on the phone & return it to factory settings. This support article from Apple describes the backup & restore process in detail.


iphone_home.gifToday is the official launch of the iPhone running on TELUS’ new HSPA+ network built in partnership with Bell.

Pricing is the same as what is on offer from Rogers or Bell – $200 for the 16GB iPhone 3GS with a 3-year contract & $300 for the 32GB model ($99 for the iPhone 3G). TELUS also has 4 plans ranging from $50-$100 per month (with no extra fees), offering from 100-450 ‘anytime’ minutes & between 500MB & 3GB of data per month (including tethering). TELUS also includes its ‘5 Favourite Numbers’ package or double ‘anytime’ minutes in all plans plus enrollment in its ‘PERKS’ promotion, which offers various undisclosed offers to participating members.

Interestingly, none of the plans offered by TELUS mention Visual Voicemail, instead offering TELUS’ Voicemail 3. TELUS does adverties the Visual Voicemail service, however, leading me to believe that regardless of the plan you purchase, Visual Voicemail would be an additional fee.

While it is true that TELUS has waived the System Access & other fees it should be noted that they have boosted the core prices of their plans by $5 to make up for the difference in revenue.

iphone_home.gifToday is Bell’s official launch of the iPhone running on the new HSPA+ network they built with TELUS.

The 16GB iPhone 3GS is $200 with a 3-year contract from Bell. There are 4 plans which run from $45-$95 per month plus fees, giving customers more choices in plans than currently exists with Rogers, whose website currently lists 2 iPhone packages for $65 or $80 per month.

While there are a few more options in terms of plans on offer, the packages themselves are largely in-line with those on offer from Rogers. Bell offers between 500MB & 2GB of data & 100-500 ‘anytime’ local minutes, depending on the package selected. Bell’s Local Fab Five option is included in all plans.

There are a few interesting points to note about the plans, however. All plans include free wifi access at any Starbucks and additional data charges are a flat 3¢/MB without an any additional penalties (Rogers charges 50¢/MB for the first 60MB of addititional data then drops the rate to 3¢/MB). According to the iPhone in Canada blog, the data plans in all packages include tethering, although I have been unable to confirm this on Bell’s website.

Less appealing is the fact that the iPhone’s Visual Voicemail feature is only available with the $75 & $95 plans. Seems like a pretty steep trade off just for some free wifi when you’re in a Starbucks.

TELUS is launching their iPhone offererings November 5. Check back then for more info.

iphone_homeApple’s recently released iPhone OS 3.1 has caused headaches & more than a little confusion for some users with Microsoft Exchange accounts. While the OS 3.1 update improves security policy adherence for iPhones when connecting to Exchange Servers, it also has the unfortunate side effect of breaking security compatibility with pre-3GS iPhones & all but the most recent iPod touches. The end result: many iPhone users who upgraded to OS 3.1 suddenly fond they could no longer sync with any Exchange Servers!

Fortunately, the synchronization issue is limited to Exchange 2007 Servers running SP1 & above, & there is a work-around to re-enable synchronization. Unfortunately, the work-around requires either convincing Exchange administrators to create a security policy exception or rolling back to OS3.0 on the iPhone.

In order to re-enable Exchange syncing with pre-3GS iPhones, Exchange administrators will need to create an EAS policy exception that will allow connections to mobile devices that do not support device encryption (either globally or on a per-user basis).

If the creation of policy exceptions is not an option (& that will likely be the case more often than not) there are 2 options: 1) upgrade to iPhone 3GS or one of the latest 32GB or 64GB iPod touch models, or 2) rollback to OS 3.0 (what will undoubtedly be the most popular solution).

The easiest way to rollback to OS 3.0 is obviously to restore the phone from a recent backup using iTunes (you did create a backup before you upgraded your phone, didn’t you???). Apple has a support article detailing how to backup, update, & restore iPhones & iPods. In case of emergency (ie: no recent backups!) you can go to this site to download firmware for iPhones & iPods. [NOTE: This site is NOT supported by Apple in ANY way!!!)

Finally, Apple has also updated it’s Enterprise Deployment Guide for iPhones. If you’re a sys-admin involved in the deployment & management of iPhones &/or iPods in an enterprise environment, this doc is a must-read.

iPhone SMS Security Patch

August 10, 2009

iphone_homeThe iPhone OS 3.0.1 that was released on July 31 patched a security flaw that could have allowed hackers to remotely control iPhones by launching a text-message attack. Security researchers publicized the exploit at the Black Hat cybersecurity conference and Apple posted the security patch the following day.

While Apple moved quickly, Chris Miller, one of the researchers who publicized the exploit noted that he notified Apple about the flaw nearly a month earlier and that it was first discovered in OS 2.0. It may have taken a public exposure to jump start the release.

Read more about the SMS exploit at Wired.com.

iphone_homeOn of my personal favorite features in version 3.0 of the iPhone OS is the internet tethering. My internet recently went down & it was a day or two before a tech was out to fix it (that’s service, isn’t it?). With several deadlines looming, tethering my laptop to my phone meant not having to spend two days working out of a coffee shop. Unfortunately, the deadlines also meant that I didn’t think to check Rogers’ policy (& pricing!) on tethering beforehand.

Turns out it’s not so bad. From the iPhone Smartphone Plans page on the Rogers website:

Tethering Policy
Tethering is the use of your phone as a wireless modem to connect to the Internet from your computer. For a limited time, if you subscribe to a data plan which includes at least 1GB of data transmission between June 8, 2009 and December 31, 2009, and if you have a compatible device, you may use tethering as part of the volume of data included in your plan at no additional charge. Tethering cannot be used with data plans of less than 1 GB.

For the time being, at least, data is data as far as Rogers is concerned. What will happen as of January 1st, 2010 is anyone’s guess, but for now as long as you have subscribed to a data plan of 1GB or more, there are no additional charges for data transfers using tethering.

X1Zero also wrote an excellent article for iPhone in Canada on the tethering policy for Rogers & Fido.

Follow this link for Apple’s System requirements for internet tethering.

Happy tethering!

iphone_homeI recently ran into some serious issues getting a client’s Shaw email account configured on their new iPhone. Using the settings copies from Mail, sending or receiving email on the phone would hang, sometimes taking the better part of 15 minutes & sometimes never sending at all. Often the the entire send/receive process would hang, requiring a reboot of the phone.

A bit of research (& a call to Shaw tech support for confirmation) revealed that Shaw has particular settings for use with mobile devices and that the standard settings used with desktop email applications will not work. More importantly, using Shaw’s own SMTP servers is not recommended by Shaw – for best performance, Shaw recommends using the SMTP server provided by Rogers or Fido.

What is frustrating about this arrangement, however, is that my experience has shown that even when using the SMTP server from Fido or Rogers, if wifi is enabled & connected to a wireless network, sending mail still takes so long as to be virtually unusable. In fact, in a thread posted on eh-mac.ca, a user states that Shaw tech support recommended disabling wifi when sending email – something which I confirmed provides a dramatic improvement in performance sending email.


On that note, the following are the settings to be used for setting up Shaw email on your iPhone. Please be aware – if you lan to configure a Shaw email account on your iPhone it is HIGHLY recommended that you disable wifi before sending email!

Setup Shaw email on the iPhone:

  1. Touch Settings
  2. Touch Mail, Contacts, Calendars
  3. Touch Add Account
  4. Touch Other
  5. Acount & Password are your Shaw email account & password
  6. Select select the POP tab
  7. Username is the part of your email before @shaw.ca
    1. ie: for name@shaw.ca would be name
  8. Host: pop.shaw.ca
  9. Outgoing Mail Server: gprs.fido.ca (Fido) or smtp.rogerswirelessdata.com (Rogers)

Remember! If you have trouble sending email over wifi, turn your wifi OFF & resend!

Shaw’s Residential Email Service Details (external link)

iphone_homeToday is the release date for the new iPhone 3G  S here in Canada. Available from Fido & Rogers, same as before. On the hardware side, a better camera & video recording clock in as two of the bigger changes (& long overdue ones, if you ask me…)

The OS 3.0 Software Update, however, seems to be where the big changes are, incorporating a slew of new features that have been in demand for some time. Cut & Paste, MMS, tethering, spotlight searching, and landscape keyboards in ALL apps come to mind as some of the bigger features. The calendar now lets you create meetings via MS Exchange & has CalDAV support, a nice nod to the enterprise crowd.

There’s a pretty good article in ismashphone.com about How to Use the 40 Best Features of iPhone 3.0. If you’re thinking of upgrading or you already have & think maybe you’re missing something, this would be a great place to start.

WWDC 2009 Keynote Video

June 10, 2009

WWDC2009_KeynoteApple recently posted a QuickTime video stream of their keynote address from WWDC 2009. Highlights of this years address included the iPhone 3G S, iPhone OS v3.0 (hello, MMS!), an official announcement for the fall release of OS X 10.6 Snow Leopard (with a US$29 upgrade!), Safari v4.0, (download it here!), and laptop upgrades & price cuts.

Click here to watch the full 2 hour video of the WWDC 2009 keynote address.

iphone_homeAn interesting article at the Apple Insider blog indicates that serious enterprise organizations are noting the advantages of adopting Apple’s iPhone over business’ traditional smart-phone pick, the Blackberry. Kraft, Oracle, & Amylin Pharmaceutical are some of the larger enterprise organizations who have found that lower annual operating costs, minimized IT overhead, and happier end users were just some of the benefits associated with iPhone adoption.

While there are certainly still some issues around the integration of iPhones into enterprise culture, steady improvements to the iPhones’s enterprise feature-set has led to dramatic changes in both attitude an uptake towards the iPhone. Oracle apparently has about 4,000 iPhones in use & Kraft has been adding nearly 400 new iPhones a month. Looks like choice is finally starting to become a word that IT departments are going to have to learn…

The full article can be found here on appleinsider.com.