I've Inadvertantly Created Malware for the iPhone!

Discussion in 'Jailbreaks and iOS Hacks' started by bdj21ya, Jul 4, 2007.

  1. bdj21ya macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #1
    So while working on my first web app for the iPhone (should be released here in a couple days) I found a rather annoying security bug in the way the iPhone handles javascript prompts. If you set an infinite loop to call the prompt function, the iPhone continuously pops up prompts, which blocks your ability to navigate to another web page in any way, because Apple has made no other controls available while the prompt is showing.

    The only way out? Restart the iPhone.
     
  2. fishkorp macrumors 68020

    fishkorp

    Joined:
    Apr 10, 2006
    Location:
    Ellicott City, MD
    #2
    couldn't you hit the home button to go back to the home screen? and i believe there's a force quit option for the apps that are running.

    and this isn't iPhone specific, if you put a javascript:alert() inside an infinite loop in any browser you can't close the browser without doing a force quit.

    ...and how exactly is that malware? it doesn't do anything destructive.
     
  3. pdnellius Guest

    Joined:
    May 8, 2005
    #3
    It's considered malware because it creates a situation which the user cannot stop... however this is pretty much like the endless popup ads on windows :apple:
     
  4. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #4
    Now that you said this:
    I'm sure we can't wait for this:
    And by the way, I also thought hitting the home button force quit all apps.
     
  5. bdj21ya thread starter macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #5
    When you hit the home button it goes to home, but then when I went back into Safari, it was still on the same page, and none of the buttons (back, bookmarks, tabs) would respond, so yeah, it is an annoying vulnerability.
     
  6. fishkorp macrumors 68020

    fishkorp

    Joined:
    Apr 10, 2006
    Location:
    Ellicott City, MD
    #6
    it's not a vulnerability, it's bad coding. it happens in every single web browser on every platform that has javascript enabled. if you run this on any browser, you can't do anything in the browser until you force quit (or kill, or end process, or whatever your OS calls it):
    Code:
    <body onload="killerloop();">
    
    </body>
    <script language="javascript">
    function killerloop()
    {
         alert("isn't this annoying");
         setTimeout("killerloop()", 100);
    }
    </script>
    
     
  7. dangleheart macrumors 6502

    Joined:
    Jun 29, 2007
    #7
    With a regular browser you can force quit the browser session. Here that does not seem to be possible. I think that is what bdj21ya is getting at. If you visit a page with such code, you will have to reboot your iPhone...I think that is the implication which is bad.
     
  8. switchy macrumors member

    Joined:
    Jul 5, 2007
    #8
    Or possibly find a link in say, an Email, that opens a new browser "window," and then close out the other one? Haven't tested.
     
  9. bdj21ya thread starter macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #9
    Thank you, that is exactly what I mean. It is frustrating that you cannot shut down the program, but rather have to restart the whole device. They ought to make some way around this.
     
  10. bdj21ya thread starter macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #10
    I haven't tried either, but you might have something there, since it would open up to another page first. I'd still guess no though, anyone try this out?
     
  11. Kinmar macrumors newbie

    Joined:
    Jul 5, 2007
    #11
    to force quit safari on iphone just hold down the home key...
     
  12. gr8tfly macrumors 603

    gr8tfly

    Joined:
    Oct 29, 2006
    Location:
    ~119W 34N
    #12
    yes, the instructions for force-quitting an app are in the iPhone User Guide, p. 110:

    If iPhone won’t turn on, or if the display freezes or doesn’t respond:
    Press and hold the Home button below the screen for at least six seconds, until the application you were using quits.


    edit: OP - you do realize you've shot yourself in the foot as far any anyone reading this thread even trying your new app?
     
  13. synth3tik macrumors 68040

    synth3tik

    Joined:
    Oct 11, 2006
    Location:
    Minneapolis, MN
    #13
    from my experience if you select home and then safari again, safari will reload the page, that should make it possible for you to close the window/enter in a new URL before the script gets loaded.
     
  14. bdj21ya thread starter macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #14
    I'm not too worried about that. In it's final form, the App will be beautiful and perform a very useful function for me. (If you're wondering, it will be an app that splits a restaurant bill by item for you or allows you to share an item, set the tip rate and tax rate). When I go out to eat, I like to pay for what I ate and make sure things are fair. I'm sure it will be useful for others too.

    Besides, apparently I just needed to read the user manual, AND you can trust there will be no infinite loops in the release app.
     
  15. bdj21ya thread starter macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #15
    Yeah, in this case it wouldn't do that, not that I'm really interested in trying it. One great thing we've learned from me sharing this info is how to force quit apps. Anyone try this yet?
     
  16. gr8tfly macrumors 603

    gr8tfly

    Joined:
    Oct 29, 2006
    Location:
    ~119W 34N
    #16
    I'm pretty sure it won't, but I just meant if your current user name is tied to it some readers might have lost trust. I'm personally pretty convinced you were just doing an experiment.
     
  17. bdj21ya thread starter macrumors 6502a

    bdj21ya

    Joined:
    Sep 13, 2006
    #17
    Actually, I was just working on error checking for the input. I was looping so it would keep prompting you if you entered invalid input. However, my while loop condition had been written incorrectly, so it was an infinite loop.

    I've now tested the method of holding the home button to end an app. It works great! Thanks for the tip on force quitting apps!
     

Share This Page