Security researchers to unveil iPhone SMS vulnerability later today
Two security researchers, Charlie Miller and Collin Mulliner, have discovered a serious security vulnerability affecting SMS messaging on the iPhone that will be unveiled later today at the Black Hat security conference in Las Vegas. This flaw affects all iPhones and can allow an attacker to gain complete control of an iPhone, including the ability to make calls, browse the web and access the camera. This exploit is caused by corruption in the iPhone's memory handling and is executed by sending a burst of text messages by using a uncommon text character or by sending a hidden message.So far, Apple has been rumored to have a fix in the works, but there's been no confirmation yet when it will be available. The researchers also say that there's nothing you can do to protect your iPhone from this vulnerability, other than to turn off the phone. More details on this issue will be discussed later today at Black Hat, hopefully outlining a path to fix this issue.
Meanwhile, the two developers have already demonstrated this flaw in action to CNET's Elinor Mills, proving its existence and extent of the threat.
We'll be providing more coverage on this issue once it's unveiled, so stay tuned to TUAW.
Share
Two security researchers, Charlie Miller and Collin Mulliner, have discovered a serious security vulnerability affecting SMS messaging on...
Add a Comment
great, just as I was starting to enjoy being on 3.0. where are my paranoia pills!
July 31 2009 at 2:54 PM Report abuse Permalink rate up rate down ReplyApple has delivered bugfixes within a two week window before. Six weeks is plenty of time, and considering how much the iPhone is worth to Apple's image, they should have assigned this to more than one or two people to get this out the door.
July 31 2009 at 11:41 AM Report abuse Permalink rate up rate down Reply"flaunting that there are none."
I think they're usually flaunting that there are no active viruses. Maybe this Black Hat will finally turn up some, but I doubt it.
Six months would have been fair. Timing it so that you can ensure that Apple won't have enough time to fix it, make sure you have something juicy to present at BlackHat (who wants to hear about Blackberry or Windows mobile exploits?) and then complain that you're not getting a response, is not.
From the article
"The two researchers plan to demonstrate how a series of 512 SMS message"
Pretty expensive hack IMHO as it sound like the hacker would have to send 512 text messages to exploit it from what I'm reading from the article.
@ken
That is more than enough time to roll out a bugfix.
I work for a Federal Agency, and this hack was demonstrated by a security contractor to our IT department last month.
They warned us all to turn off our iPhones, Blackberrys, and other smartphones, before the demo, because they noted that their demo would expose userid's, passwords, etc., on the screen when it was working.
Over five people failed to take this seriously, and were exposed.
This contractor told us that he has demonstrated this at the NSA, and had taken control of as many as 14 Blackberry's at one time in one meeting there.
This is NOT an Apple only hack.
Um, how did they know all your phone numbers to send text messages too?
July 31 2009 at 6:30 AM Report abuse Permalink rate up rate down ReplyI don't think the hacker actually sends a 1-character SMS. Isn't he sending a whole bunch of stuff that overflows and gets executed as code?
Yes, the overflow is usually shellcode surrounded by a NOP sled and a jmp to the start of the shellcode. The "one character" is typically a way to bypass shell restrictions to gain access to higher level directories. Say the OS doesn't allow directly typing ../ to move to the next upper level of the filesystem up until the root. But, sending ../ in hexadecimal usually bypasses the restriction.
July 30 2009 at 3:31 PM Report abuse Permalink rate up rate down Reply@Oz Is six weeks long enough? In my opinion, that's not even long enough to test if the a potential fix would break anything else.
July 30 2009 at 2:06 PM Report abuse Permalink rate up rate down ReplyCouldn't the server provider block this sort of attack?
July 30 2009 at 1:02 PM Report abuse Permalink rate up rate down ReplyAT&T ... being responsive?
LOL.
Sure, the SMS relays could block 1-character SMS's (despite the fact that it may piss off some customers), but you actually think AT&T can manage that?
They can't even figure out how to price tethering to iPhone customers.
It's pretty simple, they just take out the code that they had in there for DHS to monitor our text messages, and modify it to block arbitrary code.
From what I'm reading, they haven't actually shown that they are capable of controlling the phone (only crashing it) so I'll wait to freak out until after the announcement.
What a great idea!!! Let's get the news to all the world so everyone thinks like Noah.. and screw people's phones... Way to go kid you are really something!!!
On the other hand, what about the update on OS 3.1 ??? Heard of it? Most likely they know the exploit is there and will be fixed there.
Is your phone dead or whacked due to that? If not, then zip it...
Hot Apps on TUAW
Deals of the Day
more deals- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Bling Diamond Snap-On Shell Case for iPhone 4 / 4S for $2 + $2 s&h
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
- Philips wOOx Alarm Clock Radio for Apple iPod / iPhone for $60 + free shipping
- iWatchz Elemetal Collection Bracelet for iPod nano for $75 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
29 Comments