Recently rumors of the iPhone phoning home to Apple and reporting back on what you’ve done to your iPhone have been swirling around the blogosphere. All these rumors started with one little vague comment from Zdziarski which he wants to set the record straight about.
Zdziarski found that the iPhone 2.0′s GPS program fetches a blacklist for Apps from Apple’s servers at the following host ‘iphone-services.apple.com’ and stores the list in a cache file located in ‘/var/root/Library/Caches/locationd/’. This has now been confirmed by Apple’s famed CEO Steve Jobs in a recent Wall Street Journal article (Google News link so you can read the whole article) when asked about the existence of an App kill switch Jobs responded “Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull,”
Zdziarski successfully tested the use of the blacklist by killing some of his Apps.
With a little DNS spoofing, I fed my own list into the iPhone and effectively killed (by name) applications that attempt to use the GPS. It looks like that’s all it’s set to do right now, but I may just not have found the “vaporize” switch.
So the blacklist has been confirmed but it must be stressed the iPhone does not report back information it only downloads information.
Only a list is downloaded; it doesn’t “tell Apple” what applications you are running. We do not know just how active this mechanism will be in the future. It could vaporize applications, but so far we can only make it kill the ones using the GPS.
This blacklist retrieval can however be easily circumvented by doing a loop back for ‘iphone-services.apple.com’ effectively keeping that blacklist file blank.
To achieve this work around you need to jailbreak your iPhone with either PwnageTool for Mac OSX or WinPwn for Microsoft Windows.
After you have jailbroken your iPhone you need to edit your ‘/etc/hosts’ file and insert the following line:
’127.0.0.1 iphone-services.apple.com’
This will tell your iPhone not to bother looking up ‘iphone-services.apple.com’ via DNS and go straight to ’127.0.0.1′ which is always the IP address for ‘localhost’ (the iPhone).
Keep in mind though if Apple starts offering something useful through this server it will block that as well.
do you recon there will be a swith application to toggle this on and off?
I think that will depend on how Apple attempts to use it. If it’s just for getting rid of malware then there might be no need to switch it off. But if they start listing Cydia and Installer apps I’m sure a workaround app will be released.
yeah… would put my mind at ease if a switch was included in BOSSPREFS
I would prefer an edit screen so I could actually toggle which programs are in the list and which aren’t.
where is the etc/hosts file in the iphone?
please and thanks! :)
/etc/hosts is the location in the /etc folder filename hosts
Does it metter where the line is placed (I mean 1st line, 2nd…?
no it doesn’t matter
now this is really ugly. it’s near to be a crime to open such a backdoor. some kind of microsoft habits. pathetic.
amen
Exactly what apple should avoid. The only viruses affecting Mac computers get in through and infect Microsoft Office. Backdoors of any kind are bad for security.
no idea what this is all about
there is a way to turn it off using bosspreffs with the new update n clicking apple killswitch off or something like tht
[...] Zdziarski the computer security expert who alerted everyone to the existence of the iPhone Kill Switch has published a new O’Reilly book, iPhone Forensics. To promote the new book he will be [...]
This is extremely interesting on Apple’s part.
No over rapidshare crawlers can be compared with Megauploadfiles.com. megauploadfiles.comis a best megaupload search engine.
Use BossPrefs