Although several sources have been published in the paper accusing the iPhone 3.0 software, which sends messages to any of the iPhone, a real advantage only affects users who hacked phone and the vulnerable.
The problem apparently occurs via Instant Messenger thrust, depending on the phones, which have been jail broken (which makes the use of unauthorized software) and unlocked (which the phone to use the unauthorized carrier). It remains unclear what exactly is causing the problem, but also damages that were discovered in the operation, AOL said officials told him that the problem is not on your side.
Until we discovered the operation by sending a message to the iPhone using AIM in iChat, Mac OS X on your desktop. He said that his message not only in the iPhone 3G receivers, but also in the iPhone 3GS a complete stranger.
But without the manipulation of the users of iPhone security layer to prevent such incidents indeed.
Apple SNP Security
As Apple Insider reported only last February, Apple Push Notification Service (PNS) is based on the XMPP Publish Subscribe, open specification for the delivery of updated information through channels Jabber IM style.
To ensure the delivery of these messages, Apple uses secure SSL certificates to authenticate the client to the service, similar to how visitors HTTPS authentication SSL secure banking, shopping, or other transactions. The iPhone automatically generates public and private key pair and their application to register with Apple's servers securely SNP, and all subsequent transactions. The private key and certificate to the public together to act as identification credentials such as username and password.
Without such a mechanism in place of identity, the iPhone would deluge traders push spam message to the user, as spammers have on the e-mail, SMS messaging, and Microsoft Windows pop-ups, none of which related safety their designs. Apple security system prevents users from receiving mail push everyone regardless of the network and the applications that the user has specifically approved.
The security layer also prevents malicious users intercepting and receiving messages from users who receive messages for fraudulent or clean the phone, while users can own shares in MobileMe authenticity. Users do not know anything about the certificate used for secure communications, all designed to "normal".
Freeze leak
Jail Breaking the iPhone from Apple is the work around the security, which allows the device to display unsigned software. The iPhone applications, such as the SNP communications encrypted with the security certificate to prevent unauthorized access, sabotage, espionage or malicious third party.
The destruction of a layer of application security in the iPhone does not automatically break the SNP, but (in conjunction with the "unofficial activation" required for the use of unofficial) results in the system, who do not possess legitimate use in the exercise of pressure on the notification. In fact, if the phone is not activated, as provided by the iTunes, the user credentials to log on the Apple servers PNS messages (which are generated by the device under normal circumstances), are shared with the application layer security.
Dev group of hackers trying to get jail broken, alternately enabled phones work with the SNP said the error of adding an existing certificate for the "fix" the problem. This trick just a new phone from Apple and other phone broke jail already exists that allows the messages sent to the wrong device.
Users who do not drain your iPhone will not have a problem with the transmission of messages to other users in random order. But those iPhone security will have to find out how you keys for authenticating SSL properly set the phone to work with the SNP message.
The problem apparently occurs via Instant Messenger thrust, depending on the phones, which have been jail broken (which makes the use of unauthorized software) and unlocked (which the phone to use the unauthorized carrier). It remains unclear what exactly is causing the problem, but also damages that were discovered in the operation, AOL said officials told him that the problem is not on your side.
Until we discovered the operation by sending a message to the iPhone using AIM in iChat, Mac OS X on your desktop. He said that his message not only in the iPhone 3G receivers, but also in the iPhone 3GS a complete stranger.
But without the manipulation of the users of iPhone security layer to prevent such incidents indeed.
Apple SNP Security
As Apple Insider reported only last February, Apple Push Notification Service (PNS) is based on the XMPP Publish Subscribe, open specification for the delivery of updated information through channels Jabber IM style.
To ensure the delivery of these messages, Apple uses secure SSL certificates to authenticate the client to the service, similar to how visitors HTTPS authentication SSL secure banking, shopping, or other transactions. The iPhone automatically generates public and private key pair and their application to register with Apple's servers securely SNP, and all subsequent transactions. The private key and certificate to the public together to act as identification credentials such as username and password.
Without such a mechanism in place of identity, the iPhone would deluge traders push spam message to the user, as spammers have on the e-mail, SMS messaging, and Microsoft Windows pop-ups, none of which related safety their designs. Apple security system prevents users from receiving mail push everyone regardless of the network and the applications that the user has specifically approved.
The security layer also prevents malicious users intercepting and receiving messages from users who receive messages for fraudulent or clean the phone, while users can own shares in MobileMe authenticity. Users do not know anything about the certificate used for secure communications, all designed to "normal".
Freeze leak
Jail Breaking the iPhone from Apple is the work around the security, which allows the device to display unsigned software. The iPhone applications, such as the SNP communications encrypted with the security certificate to prevent unauthorized access, sabotage, espionage or malicious third party.
The destruction of a layer of application security in the iPhone does not automatically break the SNP, but (in conjunction with the "unofficial activation" required for the use of unofficial) results in the system, who do not possess legitimate use in the exercise of pressure on the notification. In fact, if the phone is not activated, as provided by the iTunes, the user credentials to log on the Apple servers PNS messages (which are generated by the device under normal circumstances), are shared with the application layer security.
Dev group of hackers trying to get jail broken, alternately enabled phones work with the SNP said the error of adding an existing certificate for the "fix" the problem. This trick just a new phone from Apple and other phone broke jail already exists that allows the messages sent to the wrong device.
Users who do not drain your iPhone will not have a problem with the transmission of messages to other users in random order. But those iPhone security will have to find out how you keys for authenticating SSL properly set the phone to work with the SNP message.
No comments:
Post a Comment