Not very good news for Steve Jobs and his crew. A crew of researchers from the Independent Security Evaluators has revealed an alarming security flaw with Apple's iPhone. The said security vulnerability (completed by going through a WiFi connection or by tricking users into going to a website that contains malicious code) traces its roots from Apple's Safari web browser.

While demonstrating the exploit via malicious websites, the said hack-for-profit firm was able to infiltrate the iPhone's administrative access thereby allowing them to manipulate SMS logs, go over address book, check call history, listen in on room audio, and even see email passwords. And if the Independent Security Evaluators is to be believed, that's just the tip of the iceberg.

The only available measure against it right now is to closely monitor the sites users visit via their iPhone - something that's way easier said than done. Apple perhaps acknowledging that this security problem could have dire implications to the overall marketing of their product line, is already reviewing the report of the researchers along with their proposed fix.

Independent Security Evaluators is a company that tests its clients' computer security by hacking it themselves. They're planning to hold a a full disclosure of the hack at the upcoming (August 2) Black Hat conference. You can watch their video below:

There's a bit of controversy surrounding a TUAW report that a British iPhone user was able to get an AT&T SIM to adopt a local Vodafone number, enabling him to use the iPhone outside the US with an American SIM.

Apparently, the user was excited about the iPhone and got it even though he could only use it with AT&T activated by iASign. Realizing the futility of having his US number in the UK, he went to the Vodafone store and had the people there add the phone to his account. Amazingly, the Vodafone-enabled AT&T SIM worked great on the iPhone. The screen flashed AT&T but the number was localized and SMS was working well.

According to TUAW, users in IRC have been discussing how this could have happened and if there was any truth in it. Most chatters say that it shouldn't have worked because of regional and technical restrictions. Apple has not commented on the topic so far.

TUAW reports that they tried to have the same procedure done in Canada but the Rogers store there would not touch the SIM. We'll keep you posted for more on this issue and other exploits as they come.

With the release of the iPhone, a lot of people have been trying to find a way to crack the AT&T lock on the product. The iPhone Dev Wiki hackers have been able to partially unlock the iPhone using a new application called iASign.

This program doesn't fully unlock the iPhone for use with all service providers, but the hack will allow you to use any existing Cingular/AT&T Pre-paid/MVNA SIM in the phone to place calls.

Currently, the hackers working on this project have been gearing up for a final assault on the unit with the ultimate goal of completely cracking the iPhone and giving it full functionality regardless of the network.

Certain issues have been blocking their attempts. The main problem of cracking the iPhone lies in the baseband or the radio chipset for the iPhone. The iPhone only has one lock which is a network personalization lock which is located in the baseband firmware itself.

The AT command to do the unlock is 'AT+CLCK="PN",0,"xxxxxxxx"'. The big problem is finding out what those x's are. Brute force is out of the question since there is a limit of 3-10 unlock attempts per phone, after which the firmware will "hard-lock" itself to AT&T.

Patching the firmware at /usr/local/standalone/firmware/ICE03.12.06_G.fls is difficult as well, considering that it's signed. The signature is checked in the baseband bootloader while the updater program, bbupdater, only checks a checksum, which can be changed. The update will take, but then the phone will refuse to boot because the signatures don't match.

The hackers have already worked two solid days in their attempt to disassemble the radio fw and have found a few backdoors. So far, none of these lead to an unlock, s the hunt is still on for a way to crack the code.

Do you want to make your iPhone unique by giving it a dash of a more personalized sound scheme? That can't be done just yet on a legitimate basis but site HackTheiPhone.com has some instructions on how to work your way around.

using tools such as Jailbreak and AppleInterface, they, and even you, could co modifications to harness iTunes and gave songs playing to warn you of an incoming call.

Before you go rushing and jumping to make your ringtones customizable, know that Apple does not recognize the process as a legitimate one and will probably void your warranty. The author of the original post also warns of possible damages to your unit. They shall claim no responsibility for broken iPhones and neither will we.

On a more positive note, the site says no reports of damaged phones have been reported so far. If you really think you're ready to perform your first do-it yourself hack, head over to their site by following the read URL. You'll find instructions and images to walk you through the whole thing.

We shared with you yesterday an article concerning Blizzard's World of Warcraft being playable and Apple's iPhone. It was about a hack that allows users to run the MMO on the mobile phone, albeit with limited features. Some of you said it's fake while the others found it amazing, to say the least.

We briefly mentioned in that same article the third-party program iPhone Remote (aka Telekinesis) that made the trick possible. To settle this once and for all, let us discuss further what the said application is. Telekinesis was created by a team of coders headed by jnjitkoff and gmurphy. Other members include ksmarshall, bwhitman, and dmaclach.

In a nutshell, this application allows users to remotely access their Mac through a collection of mini web applications on iPhone. The good thing about Telekinesis, though, is that it sports a wide range of other remarkable features. Some of which include:

• Stream music and videos from your computer learn how
• Screen capture with mouse click and basic typing support
• Simple iTunes Remote control
• Browse your files
• Run applescript remotely
• iSight image capture
• Easily create and add more apps

Take note that this build, v0.9.16 Alpha, is just a developer prototype and is intended as a demo to introduce the program to the public. And as such, there are certain security considerations that you have to keep in mind should you intend to use it. The following were provided by the developers themselves.

• It will have the same access privileges as your user account
• The login and password you specify will be stored on disk, so should be different, but as strong as your account password.
• Don't leave it running if you aren't using it

The download package below doesn't not contain a Readme file so you may want to refer first to our Source link before using this on your Mac and iPhone.

Download: Telekinesis (iPhone Remote v0.9.16 Alpha)

Seems like the iPhone has acquired quite a following. It has even attracted the intense focus of more than 300 hackers who have gathered last weekend in San Francisco.

The iPhone was released last June 29 and since then has become so popular that a recent survey found it more popular than cars. A device that combines the iPod music player with a mobile phone that allows internet surfing, the iPhone is naturally the source of a lot of people's interests, even those who want to maximize its potential even if they go through unconventional means. Like a weekend camp designed for hacking.

In an effort to get what Apple won't give them, 300 (plus) brave hackers set out to find the limits and capabilities of the iPhone. Organized by Chris Messina, the iPhoneDevCamp was held in a borrowed office complete with its own message board projected on a big screen. The event was not sponsored by Apple and efforts by Adobe to make participants sign nondisclosure agreements were met with a quick boot.

Hackers at the camp have produced a number of unusual and interesting results. One found a way to make iPhones yell out like Chewbacca when dropped. Another figured out how to flip through the top 10 photos on Flickr with the touch of a finger. A useful program also went out to make the iPhone function as a baby monitor. One program that got some hype allowed customized home pages with iPhone icons. "For example, a user can put an icon for the cable station CNN on their home page if they want to go to the site every time they turn the iPhone on."

By the end of the camp, 45 new programs for the iPhone were demonstrated, not including those that the more secretive programmers have chosen to develop by themselves. Perhaps we may yet see more things spark in the future from the endeavors of the 300. We should also see more from the developers of the iPhone themselves and third party developers now that the public has shown so much interest in it.

Alan Joyce of EverythingDigital.org uploaded a video clip over at YouTube showing Blizzard's World of Warcraft running on Apple's iPhone. He was able to do it with the help of Telekinesis, a third-party streaming program that allows users to remotely access their Macs through a collection of mini web applications on the phone.

Joyce noted that the experience wasn't that smooth given WoW's textures, graphics, and sound settings among others. Despite that, Alan Joyce mentioned that he could control several actions in the MMO video game through the iPhone interface like receiving and responding to in-game chat messages.

Anyone seeing a future deal between Blizzard and Apple? Possibly a WoW client for the iPhone? We guess we'll have to wait and see.

Good news for those of us lucky enough to nab one of Apple's hottest commodities to date, the iPhone, and want to get down to some serious customization with the nifty little gadget: the good people at #iphone have successfully created a serial console working for the iPhone, giving you access to a fully-interactive shell. How's that for fan creativity?

This nugget of good news comes from Hackintosh forums user geohot. His post, verbatim:

Your friends at #iPhone made a major breakthrough this morning. We got a serial console working, here is how the serial has the same pinouts as iPod serial use a 6.8kish resistor from pin 21 to gnd tie pin 11-sergnd to the real ground use iphoneinterface to send the following commands in recovery mode:

setenv debug-uarts 1
saveenv
reboot
that should work

IT GIVES YOU A FULL INTERACTIVE SHELL
I REPEAT, A FULL INTERACTIVE SHELL

This vigorous announcement is followed by a link to the actual command list, and a reminder for the need of a level converter to make the entire process work. Now, as with all modifications, do it in your own risk, as any modifications can brick your iPhone. Now that's settled, click on the read link for the entire process, as well as the files needed. Enjoy your fully-interactive shell.

Last night was a historical night for iPhone, or at least it was for underground developers. Reportedly, a new tool known as iPhoneInterface was developed allowing owners to manipulate the different features and services of Apple's newest baby.

The said tool was released over at the #iphone-talk and #iphone-mac channels on "irc.osx86.hu". Anyway, the developers mentioned that iPhoneInterface is still at its early stage so consumers shouldn't expect a lot from it.

Despite that, it seems that the new tool is pretty much powerful as it can do the following things among others:

• Windows and Mac tool that allows you to manipulate the iPhone's state
• Launch services
• Interact with the iPhone file system
• Scan the iPhone file structure
• Create and remove folders
• Start iPhone services

We understand that a new public subversion server will be opened over at IRC later dedicated to iPhoneInterface. If you want more info regarding this, the most we can say is go over the above mentioned channels and tune in to discussions. We are not certain if Apple has heard about this one yet and we are awaiting the company's official statements as well.

We found the other day that Apple and AT&T are not totally transparent regarding the true capabilities and compatibility status of the newly-released iPhone. It was found that owners can actually opt to go prepaid after tinkering with iTunes sign-up service and social security number.

Anyway, here's another "exploit" for all you iPhone freaks out there: removing the SIM that comes with the phone and/or putting in an inactive SIM will automatically convert your mobile phone into a a contract-free WiFi-enabled sixth generation iPod.

The key word there was WiFi as it allows you to do Mail and Safari without a phone connection. Pretty sneaky, eh? We thought so, too. In case you want to know how the trick is done, here's the test performed by the good guys of online blog TUAW:

• Removed SIM and replaced it with an invalid, unactivated, no-account SIM: Still works as 6G WiFi iPod. Still Synced properly to iTunes. Tried placing call. It failed (as expected).
• Removed SIM entirely: It complains but works at 6G WiFi iPod. Tried placing call. "No SIM card installed". Failed. Connected to iTunes. Synced without any problems I could detect. WiFi fine.
• Removed activated SIM and placed into a cheap disposable AT&T cell phone: Worked fine. Was able to place calls. Good way to save your iPhone from danger on ski or bike trips.
• Placed SIM from cheap disposable AT&T Pay as You Go phone into iPhone. Call failed. WiFi fine.