If this story on CIO.com is anything to go by, the answer is, probably not! CIO.com security expert Tom Kaneshige reports on a new survey by ESET, an anti-malware software company, which says that most iPhone users are not that bothered about security issues. Speaking to CIO.com at the Macworld Expo in San Francisco, director of technical education at ESET, James Abrams, said that iPhone users will probably only start taking security seriously if and when the iPhone has a major security incident, which he claims could happen in around two years’ time, when, he says, hackers will be waiting, ready to pounce, possibly when even more people have iPhones, or when the iPhone has a banking app that is worth them attacking.

The findings are based on a survey commissioned by ESET, which asked over 1,000 smartphone users (35 percent iPhone and 32 percent BlackBerry, plus others) about security. It found that 55 percent of Blackberry and iPhone users don’t bother to lock their smartphones, and that although 40 percent of all smartphone users said that they had concerns about malicious software infecting their phones, only 1 in 4 claimed to use any sort of anti-virus software. As Abrams points out though, iPhone users are not actually able to use anti-virus software anyway, as Apple won’t approve it. So, iPhone users, do you think the iPhone has enough security safeguards already built into the OS, or should there be more in the next update?

ZDNet’s excellent and informative Zero Day security blog (well worth checking out for all your security concerns), reports today that Apple has acted swiftly today to issue a patch to take care of five vulnerabilities that could leave the iPhone and iPod touch at the mercy of hackers. Zero Day states that the most serious vulnerability could enable remote code execution if audio or image files are opened on an iPhone/iPod touch. Comments about the story on the blog also seem to indicate that once you’ve installed the update, you will be unable to jailbreak your iPhone/iPod touch, should you be daft enough to try! The iPhone/iPod touch security update (iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch) is only available via iTunes, so don’t expect to be seeing it in the software updater in Mac or Windows. In fact many of you might have already installed it today without realising it was a security update, I know I did.

Don’t believe me?  Take a peek at what I found over on Jalopnik.  These fine students watched Tomorrow Never Dies once or twice too many, and then had a bit too much time on their hands.  Pretty fancy stuff for an Oldsmobile!

Click here to view the embedded video.

Click here to view the embedded video.

For those of you running a jailbroken iPhone in Europe and Australia, be on the lookout for a new worm that just popped up.  The good people over at Macworld.com have reported that their source who has seem the worm out in it’s natural habitat.  I am going to try and stumble through this and let you know what the worm is up to.

First things first, CHANGE YOUR ROOT ACCOUNT PASSWORD.  Okay, so now to the dirty deeds of this new worm.  It compromises the phone, then replaces the phone’s copy of the SSH remote login software, changes the root password so that you cannot keep it from doing it’s thing without completely wiping your phone out.  It then skims your SMS database.  Sounds semi-innocent, but then it checks in with home base via the network and then it runs a piece of software that searches your friends and family to see if there are any phones that would be susceptible to an attack.  It has the power to upload the SMS database to the people that put this little gem out, and also download other files over the network, which could mean that it could “learn” new ways of attacking your things.

Also, there are reports that persons trying to log into a particular Dutch bank have been rerouted to a fake site that asks for their login information.  Remember the part where the worm reports and downloads things to it’s creators?  Yeah, that is where this comes into play.  Be careful out there.

The biggest tell tale sign of an attack is severe battery drain.  This is caused by the attack on the SSH software that will have your phone computing continuously.  Some users have seen the battery drain disrupt things so much that they just took it upon themselves to wipe the phone without knowing that they even had a worm.

This one is ugly, so I say again, change that root password!  Macworld.com has a tutorial that can get you through this process.

Now that Greg (MobileCrunch) has given full instructions for jailbreaking and tethering, I thought I would give one more interesting thing you can do with a jailbroken iPhone and SSH access – change those ugly icons! “Resident theming genius” (theiphoneblog), Ally (iMuggle on TiPb Forums and in the Twitter) has begun collecting her excellent tutorials into one easy to browse place. Here’s a sample:

You need to know how to do a few things in order to do this. After jailbreaking, you need to know how to SSH into your phone. If you’re not familiar with SSH, you need to get familiar with that first. *Note: Unless you feel completely comfortable doing this, I don’t recommend it. Point being, SSH’ing will give you access to ALL of your iPhone’s core files, so deleting/editing certain files could be disastrous if you don’t know what you’re doing. If you’re still reading, and you’re okay with all of this, continue on.

Ally’s tips are definitely meant for the hardcore user. If you’re brave and use one, let us know what the tutorial was for, if you tried it, and how well it worked. We’re always on the lookout for iPhone anything!

The Dev-Team once again is on the ball and has released instructions to unlock and jailbreak iPhone 3.1.  However the update only works with the iPhone 1st Generation (2G), the iPhone 3G and the iPod touch 1G. Those who own the newer iPhone 3GS or iPod Touch 2G/3G will have to wait just a little longer.  Apple has made cracking the 3.1 software a little more challenging. For the complete how-to visit: http://blog.iphone-dev.org/post/188779017/3-o-fun

With the release of iPhone OS v3.1 expected tomorrow in coordination with the Apple "It's only rock and roll, but we like it" event, the Dev Team has just updated their blog with a warning to all using a jail broken iPhone.

If you update to Apple’s new software using the normal iTunes process, you will lose your ultrasn0w unlock.  In fact you may lose it permanently, because for most people the baseband firmware cannot be reverted to a previous version (unlike the main application CPU firmware).

So for now, just SAY NO to the initial iPhone OS upgrade and we'll wait for more word from the Dev Team!

Don't sweat with the new iPhone 3.01 software update on your jail broken phone, you can re-use Redsn0w v.08 that was released last month. The iPhone Dev Team noted on their blog that "You can re-use redsn0w v0.8 we released a few weeks ago to jailbreak today’s 3.0.1 update.  Just let iTunes update or restore you to official 3.0.1 then run redsn0w.  The only “trick” is that when redsn0w asks you to identify the IPSW used, point it at the 3.0 IPSW instead of the 3.0.1 one.   After the jailbreak, reinstall ultrasn0w 0.9 if you need the unlock." The 3.01 OS update was released to eliminate the SMS vulnerability that was publicly discovered last week.

No sooner then we write an article on how good the encryption is on the new iPhone 3GS (iPhone 3GS Security is Top Notch), Wired.com sets to prove us wrong.  According to Jonathan Zdziarski the 3GS encryption can be cracked in 2 minutes and the entire image of the iphone can be ripped in 45 minutes. 2 MINUTES?? I guess I'll wait for the youtube video to verify that statement. “It is kind of like storing all your secret messages right next to the secret decoder ring,” said Jonathan Zdziarski, an iPhone developer, hacker, and a  who teaches forensics courses on recovering data from iPhones. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”    I wonder if this breaking news will cause a delay in the 3.1 OS software release while Apple attempts to improve on the security.

Certain iPhone users will appreciate the release of ultrasn0w version 0.9 from the dev team.  This update appears to have eliminated most of the prior issues some users were reporting.  The dev team also provided a few tips of the more common questions, below are a few:

• Unusual battery depletion is almost always caused by people choosing to “Restore from backup”instead of “Setup as new iPhone” when iTunes asks you.  This isn’t caused by either the jailbreak or the unlock, but it’s a common 3.0 snafu.  The fix is to just re-run the official 3.0 restore and choose “Setup as new” this time.  Your music and apps and all that will still be synced, but you’ll get rid of any conflicting wifi, bluetooth, or carrier settings.  Then just re-run redsn0w and install ultrasn0w.
• Remember, ultrasn0w works with hacktivated phones too, but don’t outsmart redsn0w into thinking you don’t need hacktivation!  If you don’t plan on using an official sim, don’t activate via iTunes with such a sim.  Just keep your unofficial sim at all times and let redsn0w and ultrasn0w handle hacktivation
• Don't eat ultra yellow sn0w (j/k, this is my tip)
• Read the rest here: http://blog.iphone-dev.org/

Benefits of Ultrasn0w v0.9

• Works on both 3G and 3GS
• Works on hacktivated devices
• Works regardless of how you jailbroke your device
• Doesn’t patch any mach-o binary whatsoever.  (Doesn’t require a separate patch as each new firmware comes out).
• Doesn’t install any additional daemon
• Has no race conditions, no popups about “Missing SIM”, no network issues
• Is almost 7000 times smaller than its nearest competition