iPhone App Blog

The iPhone was released two days before the end of the fiscal quarter and weeks later Apple and AT&T are panicking. First of all, the iPhone didn’t sell nearly as well as many predicted it would. Most analysts predicted anywhere from 300,000 to 500,000 iPhones to be sold in the first few days of availability with some sure that up to 700,000 would be sold.

With such pomp and circumstance surrounding the release, it’s no wonder that the real numbers were a bit disappointing. Apple announced yesterday in its fiscal third-quarter earnings report that 270,000 iPhones were sold in the last 30 hours of the quarter. While still impressive, the number falls short of many predictions.

The real headscratcher comes when AT&T reported that they activated only 146,000 iPhones during the same period. So the question becomes, “Where did those 124,000 iPhones go?” Both Apple and AT&T reported that a small percentage of iPhone users had trouble activating their accounts, but the percentage was in the single digits.

An AT&T spokesman gave several reasons for the discrepancy, but most of them don’t hold water.While some of those who bought iPhones may have waited a day or two to activate them after waiting in line for hours to purchase them it certainly wouldn’t be a huge number. Another explanation given was that the discrepancy was due to people buying iPhones to sell on eBay or CraigsList.

Ok, so maybe 124,000 people had activation problems, procrastination problems, and problems re-selling the things. The real point is that it really isn’t that big a deal. It was almost certain that the iPhone wouldn’t live up to sales hype in the first thirty hours it was available, but that doesn’t stop some from freaking out.

Both Apple’s and AT&T’s stock fell after the third-quarter reports were delivered. Despite that fact that Apple’s net profit has risen over 50% compared to the same time last year and that quarterly sales of the Mac were the highest EVER, there were panicky doomsayers dropping their stock.

The point is that even though iPhone’s sales weren’t as high as predicted it still kicked major selling butt. For an interesting comparison of iPhone’s early sales to that of its sibling the iPod check out this article by Arik Hesseldahl of Business Week.

There’s been a lot of talk going around about possible security flaws on the iPhone. That zombie botnet, browser dialing concerns, and other security issues have buzzed around the iPhone since its release. The main concern with iPhone’s security is that it is basically a computer that holds all the personal information of a cell phone without many of the security features of a computer.

The guys over at Independent Security Evaluators have thoroughly exploited this.

Independent Security Evaluators is basically a hacking company. Not a malicious hacking company by any means, but a hacking company. You hire them and they rip your software or hardware or new technology a new one by finding all the security flaws inherent in the system. They did this to the iPhone for fun.

Good thing, too, because they have informed Apple of the iPhone’s security issues that allowed them to pretty much break into and control iPhones that become compromised. They designed a toolchain embedded in a malicious website that would give an attacker access to SMS messages, contact lists, call histories, and voicemail data stored on the iPhone.

There are many points of attack. Links sent through e-mail or SMS messages may re-direct to the malicious website as could a misconfigured forum link. Perhaps the most deceptive way would be through an attacker controlled wireless access point. The iPhone learns access points by name so if an attacker copied the name and encryption code of an already trusted access point they could replace any page browsed with a malicious webpage.

Another exploit developed by ISE allows an attacker to actually control the iPhone. In their tests they made the iPhone “vibrate for a second.” Using this same hack it would be possible to make calls, get passwords, and even record calls turning the iPhone into a portable bugging device.

This is possible because the iPhone’s version of Safari recognizes the arbitrary code with administrative privileges. All of iPhone’s main programs have administrative privilege so once you have broken in you have access to everything.

Now this doesn’t mean you have to hide your iPhone in a drawer and not touch it until Apple issues a patch to fix it. Just use the same security steps you would on your laptop or other computer. Only visit sites you trust, only use wi-fi networks you trust, and don’t open links from e-mails or SMS messages.

For more info on this exploit check out this New York Times article.

Ever since the iPhone came out there have been hackers and hacker communities writing code to open the iPhone. There have already been many hacks that allow iPhone users to make custom ringtones, use pay-as-you-go SIM cards, and even activate the iPhone without an AT&Tcontract. Of course most, if not all, of the sites that offer these hacks have a very large disclaimer that doing any of this could brick your iPhone, void the warranty, or even get the law after you.

However, today there was a big step in the process of hackers opening the iPhone up to third party downloadable apps. The folks over at the iPhone Dev Wiki have finally started to make inroads in opening up the iPhone. A hacker named Nightwatch has apparently sequestered himself for weeks working on his special project; the first independent “Hello, World” application for the iPhone.

The iPhone Dev Wiki’s front page sums it up pretty nicely:

After many, many hours of intense work from “Nightwatch”, the first independent “Hello World”* application has been compiled and launched on the iPhone. This was made possible using the “ARM/Mach-O Toolchain“, Nightwatch’s “special project”, that he has been working on so carefully over the past few weeks. Certain parts of the toolchain (such as the assembler) are being refined and tested and these will be released as soon as possible.

It should be noted that Nightwatch has been instrumental in creating these tools, working in near isolation to get them finished.

The folks at the iPhone Dev Wiki has asked that people don’t link to their website because of the last time the URL was linked on a site (digg) the wiki had problems (it crashed). But a quick search on, say, Google should hook you up.

Anyway, this simple little hack is pretty exciting for those looking to download third party apps onto their iPhone. From here it’s not out of the question to start seeing full third party applications in the near future. For more info on iPhone hacks and the “Hello World” hack check out Hack The iPhone or this article from The Unofficial Apple Weblog.

If you’re looking to buy an iPhone online then watch out! There’s a new Trojan virus out there that’s targeting future iPhone buyers. The virus, Aifone.A, is part of a botnet of approximately 7500 infected computers that could cost you a lot more than just an iPhone.

This extremely sophisticated virus re-directs web browsers to a false iPhone homepage, and any personal information inputed on the site is handed directly to cyber criminals. The bot is so sophisticated that even search engine results are re-directed to the false homepage. It even generates iPhone ads that take you to the site.

For more information about this Trojan check out PandaLabs press release.