A number of “exploits” have surfaced for the iPhone over the last few months, but this is one I would consider of significantly higher risk than say, being remote controlled via SMS. It seems Tapulous (Makes of Tap Tap Revenge, Twinkle, Friendbook, etc), uses UDID’s for authentication, and only UDID’s. What’s a UDID? Well, it’s a Unique Device Identifier. As the name suggest, it is unique to your device, or at least in theory. There is a tool available via Cydia (Anyone who has installed Installous has this tool) that will allow a user to change their UDID. What this means is that anyone who may happen to get ahold of your UDID can potentially change their device to match yours, and effectively gain access to your Tapulous account. If you have it set up with Twitter, Facebook, etc, your accounts have just been compromised.

How would someone get your UDID? It’s actually easier than it sounds. Cydia sends the UDID when communicating with the repo’s. As such someone could easily setup or modify a repo to collect this information. Going a step further, I imagine it will only be a matter of time (if such a thing has not already happened silently) until apps show up in Cydia that appear legitimate but would for example, send your UDID elsewhere when executed. There may be countless other ways of obtaining the UDID that haven’t been thought of yet.

Tapulous is aware of the issue and are working to resolve it, which will likely entail changes to the authentication in all of their apps. My advice at this time, if you have a Tapulous account, cancel it or change your Twitter/Facebook passwords until the issue is resolved.

Now, if you are a Tapulous user but do not have Twinkle or Friendbook, the worst that could happen is someone may mess with your Tap Tap Revenge scores, if those are even stored, I have not played it personally.

It doesn’t appear that Tapulous is publicly acknowledging this vulnerability, (I can’t bring myself to call this an exploit as it is a failure in the design of the authentication system, or lack thereof), but you may want to watch their blog for more news or keep an eye out for updates in the AppStore.

*EDIT*
There is a newer version available, please visit this post for details.
*EDIT*

I recently discovered the Prowl app, and thus, Growl for Windows. While I really have no need for the notifications on my desktop, they are quite nice on my iPhone. There are a few plugins and such for various apps to use with Growl, but nothing for uTorrent, which is also one of the most requested. Or is there…

Keep in mind this is still beta, and includes only the notifications shown in the first screen shot. The only known bug is that when a new torrent is added, the status is something I have not yet mapped, mostly because I haven’t been able to catch what it is before it starts. This will show up as 194 when you get a Torrent Added notification. The app does support auto-start at launch, but does not have a setting to run at startup so you would have to put it in your startup folder manually if you want that.

In order to use this you must have the web interface enabled in uTorrent, as well as Growl installed on your PC,  and Prowl installed on your iPhone

Click here to download uGrowl Setup [Link removed]
(This has been updated, please visit this post for the latest version)

Please use the forum to sumbit any bugs or requests for uGrowl.