Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Can Remotely Disable iPhone Apps

Posted by Soulskill on from the they're-making-a-list dept.

mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."

5 of 550 comments (clear)

  1. Security Risk? by Anonymous Coward · · Score: 5, Interesting

    Given the unpatched Kaminsky DNS stuff on desktop OS X, or even just spoofed ips, doesn't this mean that a malicious attacker might be able to spoof the apple "ban list" and disable core functionality? How long until this can be exploited with a list of the core os x daemons thus "bricking" the phone until ?

  2. This has already been addressed by Steve Jobs! by djkitsch · · Score: 5, Interesting

    Couple of hours before this story got onto the /. front page, Engadget had this scoop:

    http://www.engadget.com/2008/08/11/jobs-60-million-iphone-apps-downloaded-confirms-kill-switch/

    Steve Jobs has confirmed the kill-switch, and defends it as a "responsible" way to make sure they can deal with it if a malicious app finds its way into the App Store.

    Get with the times, editors!

    --
    sig:- (wit >= sarcasm)
  3. Re:makes sense to me.. by BasilBrush · · Score: 5, Interesting

    I trust Amazon with my credit card number and address. I wouldn't trust Scammy Viagra Co with either.

    Of course it's within the realms of possibility that Amazon may misuse it, but the benefit I get in a wide access to cheap books outweighs my risk.

    On the other hand I'd expect Scammy Viagra Co to misuse it.

    It's perfectly reasonable to accord different companies with different levels of trust. And giving out your credit card number is a far more significant trust level than allowing a company to prevent selected apps from accessing your current location.

    I do trust Apple to use it responsibly. I wouldn't trust Microsoft to. And there's absolutely nothing wrong with that. All companies are not the same. Microsoft's evil misdeeds negatively affect their trustworthiness, but they don't affect all other companies too.

  4. Re:Once Again by Piranhaa · · Score: 4, Interesting

    You know it's really sad when a poster doesn't even RTFA or read the RTFT(thread). Engadget, and now Slashdot.. Are people on the internet really that illiterate now and just follow the leader? After MANY posts (many by me and many by others) on Engadget, people STILL insist "APPLE IS GETTING SUED!" or "Ha! What are you fanboys going to say to this?" and the best one "Haha Same as the Microsoft WGA". Anyways I've already made too many posts and feel redundant, but rumors and speculation to get THIS far is simply sickening.

  5. Re:Refunds by HungryHobo · · Score: 4, Interesting

    "ethical standpoint"?
    How is there anything wrong with offering a useless piece of overpriced tat?
    You don't have to be amoral to do this.
    Hell I wish I'd come up with something this easy and effective.
    It wasn't misrepresented, it wasn't claimed to do anything it didn't.
    Where is the problem?