Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Can Remotely Disable iPhone Apps

Posted by Soulskill on from the they're-making-a-list dept.

mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."

3 of 550 comments (clear)

  1. Security Risk? by Anonymous Coward · · Score: 5, Interesting

    Given the unpatched Kaminsky DNS stuff on desktop OS X, or even just spoofed ips, doesn't this mean that a malicious attacker might be able to spoof the apple "ban list" and disable core functionality? How long until this can be exploited with a list of the core os x daemons thus "bricking" the phone until ?

  2. This has already been addressed by Steve Jobs! by djkitsch · · Score: 5, Interesting

    Couple of hours before this story got onto the /. front page, Engadget had this scoop:

    http://www.engadget.com/2008/08/11/jobs-60-million-iphone-apps-downloaded-confirms-kill-switch/

    Steve Jobs has confirmed the kill-switch, and defends it as a "responsible" way to make sure they can deal with it if a malicious app finds its way into the App Store.

    Get with the times, editors!

    --
    sig:- (wit >= sarcasm)
  3. Re:makes sense to me.. by BasilBrush · · Score: 5, Interesting

    I trust Amazon with my credit card number and address. I wouldn't trust Scammy Viagra Co with either.

    Of course it's within the realms of possibility that Amazon may misuse it, but the benefit I get in a wide access to cheap books outweighs my risk.

    On the other hand I'd expect Scammy Viagra Co to misuse it.

    It's perfectly reasonable to accord different companies with different levels of trust. And giving out your credit card number is a far more significant trust level than allowing a company to prevent selected apps from accessing your current location.

    I do trust Apple to use it responsibly. I wouldn't trust Microsoft to. And there's absolutely nothing wrong with that. All companies are not the same. Microsoft's evil misdeeds negatively affect their trustworthiness, but they don't affect all other companies too.