4 October 2007 @ 16:13Spy Photos of the iPhone v2

diskimage.jpg**If you are looking for the actual iPhone v2 (iPhone 3G), check out the WWDC08 coverage.**

I’m making available some Leopard screenshots, spy photos of the second revision of the iPhone, and the proposed pricing schedule for new models.


Download here.










Apple Store



Note: That is how I intended to leave this post and return later with an explanation, but my conscience kept telling me that maybe I shouldn’t deceive my readers (although there is nothing harmful in the disk image, and the files can be inspected in any text editor). My intention here is to prompt a discussion of Mac security and social engineering.

Granted, distributing photos via DMG is suspicious enough, but the same thing could be done with SIT or ZIP files which are even less uncommon. While most people wouldn’t open these files under these circumstances, the problem cannot be ignored. Shell scripts masquerading as jpegs, rtf documents, spreadsheets, or even applications do not have to be distributed at all. These are just as effective sitting on shared volumes on a corporate network. I have witnessed first-hand users opening every file on an open share simply because they are bored (or nosey).

Had these innocent looking jpegs been anything other than innocent, a user could have lost some important data, or even had sensitive data uploaded or emailed to a remote server. Damage would most likely be confined to the user’s home directory (unless a more complex script took advantage of a privilege escalation exploit), but, regardless, it would be extremely traumatic for some users.

What precautions should Apple take, and what precautions should a responsible user take? In this particular instance, should Apple change DiskImageMounter.app so that it scans a disk image as it opens it and either warns the user that the volume contains executables? Or should DiskImageMounter.app determine for itself that based on the extension and icon that the files in question should not be executable or should not open in the application assigned by its creator? Some go as far as to say that Apple’s disk image framework is flawed by design and should be abandoned completely, but that is in reference to other disk image exploits.

executable2.gifThe problem is due to users thinking they know what they are opening, based solely on the icon. File extensions are optional, so any security measure cannot rely on that as a test. Should some types of files be required to have an attention-grabbing icon that cannot be removed or changed?

There will always be morsels too tempting for some users to resist — screenshots of the next OS release, photos of the next great gadget, paparazzi photos of some nude celebrity. Where do you draw the line between what is the vendor’s responsibility and the user’s responsibility? Is there more that vendors could do to protect their users? Of course there is. Can the vendor protect its users from every possible exploit? No. Some exploits simply require the user to be a “defensive driver” in order to not get caught up in a nasty accident.

What are your thoughts?

Update: The GM release of Leopard handles these files differently (and appropriately).


Update 2: (Nov 21, 2007) Intego is reporting that QuickLook and Mail.app are not properly identifying files.

If you are looking for the actual iPhone v2 (iPhone 3G), check out the WWDC08 coverage.

Be Sociable, Share!

by | 3 comments | Tags: ,
Posted in apple, exploits, iphone, mac, malware, security | Link to this


  1. Cyril Kotecky | 04 Oct 2007 @ 17:00 #

    Finally a try for a mac virus :D. People are not stupid, and for those who are, don’t download this.

  2. Jon | 04 Oct 2007 @ 23:03 #

    This is not a virus, but simply an example of an attack vector that some people may not have been aware of.

  3. Tara | 19 Dec 2007 @ 7:45 #

    Oh god, i downloaded this and thought i had actually downloaded a virus when i opened it. i was so close to being sick from fear ( i just bought my fist ever mac for about $4000 lol so i was a bit terrified). i am so glad it wasn’t. that will teach me to download before i think!

    thanks for nearly giving me a heartache man! lol

Add a Comment

Show who you are with a Gravatar.


Sign up for PayPal and start accepting credit card payments instantly.

Staples Logo

Get fed!

rss icon subscribe to Geek stuff

rss icon Geek stuff in your inbox

Add the "Geek stuff" Google Gadget to your homepage

Add the "Daily Deals" Google Gadget to your homepage


Search Amazon

Search Amazon.com
Search Amazon.co.uk

Recent Forum Topics


    Web hosting by ICDSoft