Security researchers to unveil iPhone SMS vulnerability later today
Two security researchers, Charlie Miller and Collin Mulliner, have discovered a serious security vulnerability affecting SMS messaging on the iPhone that will be unveiled later today at the Black Hat security conference in Las Vegas. This flaw affects all iPhones and can allow an attacker to gain complete control of an iPhone, including the ability to make calls, browse the web and access the camera. This exploit is caused by corruption in the iPhone's memory handling and is executed by sending a burst of text messages by using a uncommon text character or by sending a hidden message.So far, Apple has been rumored to have a fix in the works, but there's been no confirmation yet when it will be available. The researchers also say that there's nothing you can do to protect your iPhone from this vulnerability, other than to turn off the phone. More details on this issue will be discussed later today at Black Hat, hopefully outlining a path to fix this issue.
Meanwhile, the two developers have already demonstrated this flaw in action to CNET's Elinor Mills, proving its existence and extent of the threat.
We'll be providing more coverage on this issue once it's unveiled, so stay tuned to TUAW.
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Jordan said 11:52AM on 7-30-2009
So here's the thing...
Bring the security hole to the attention of Apple, they damn well better provide a fix.
But then don't go public about it, if there's no way to protect users, why blurt out loud the security flaw and basically invite hackers in?
Reply
oZ said 11:58AM on 7-30-2009
These things are never announced at a conference 'first'. They're communicated to a company, and a company has a responsibility to fix it. After a long enough period of time, the flaw is presented so people can study it for later. The company has an opportunity to fix that problem before it's announced, and if they don't, the announcement allows people to be aware of the issue and possibly get around it.
Apple dropped the ball.
KeynoteKen said 2:12PM on 7-30-2009
@Oz Is six weeks long enough? In my opinion, that's not even long enough to test if the a potential fix would break anything else.
Nick Catalano said 3:41AM on 7-31-2009
@ken
That is more than enough time to roll out a bugfix.
oZ said 11:41AM on 7-31-2009
Apple has delivered bugfixes within a two week window before. Six weeks is plenty of time, and considering how much the iPhone is worth to Apple's image, they should have assigned this to more than one or two people to get this out the door.
rosasblanca said 11:56AM on 7-30-2009
Yet another reason to hate SMS . . . it's a total rip-off, there's no way to disable it, and now, your iPhone may be vulnerable to a malicious attack with, again, basically no way to protect yourself (because, again, there's no way to TURN IT OFF).
Reply
heybebeh said 12:01PM on 7-30-2009
Actually, you can turn it off. Hold the top button (the one that turns off the screen) for 5 or so seconds, and a slider that says "Slide to power off" will appear. Slide it. To turn back on, hold the same button until you see an Apple logo appear on the screen.
Michael said 12:26PM on 7-30-2009
Some phone service providers can turn it off. If you are in the States... AT&T will turn of all SMS for you.
Darren Hiebert said 10:54PM on 7-30-2009
Actually, you can request AT&T to temporarily disable receipt of text messages. I just called and did it myself.
Noah said 12:05PM on 7-30-2009
I'm excited to use this exploit on my friends iPhones. Hopefully there's an easy to use website made soon, that only requires you to enter the phone number of an iPhone user to gain full access to their personal data.
I expect one to be live by the end of the day.
Reply
KeynoteKen said 10:48AM on 7-31-2009
Do you have the URL?
Defcon5 said 2:02PM on 7-30-2009
Turning off your phone is hardly a way to avoid it. When your phone is turned back on the messages will come through... I would expect a barage of spam txt's in the next days for all cell phones with a AT&T prefix
Reply
teiresias said 12:18PM on 7-30-2009
This is the second time in a few months where a security exploit had to be released into the wild before Apple would get off of their butts and actually fix it. They were informed of both, but failed to provide timely fixes.
This same exploit was found in Android and has been fixed already. If Apple insists on not being responsive to security exploits - perhaps because of some "head in the sand" complex where they're used to being able to compare themselves favorably to Windows in this area - then they deserve any bad press they get when security researchers and hackers are forced to release exploits because Apple isn't taking them seriously.
Reply
KeynoteKen said 1:47PM on 7-30-2009
The ONLY reason to present their findings in this way is self-promotion. There are REAL security researchers that find things, flag the company, then get on with their busy lives.
oedipus said 3:06PM on 7-30-2009
Honestly, it's not just two hacks. I know of several issues with the iPhone, and OSX that haven't been taken care of yet The thing is no publicity usually gets out about these things unless they either cause major problems or do something Apple doesn't want you to do. I've been reading through the notes from the BlackHat conferences (http://www.blackhat.com/) going on now, and it seems like Apple's actually starting to get some real attention, and I don't mean the good kind. The thing is there will always be hacks, but my problem has always been Apple and it's some of it's users flaunting that there are none.
teiresias said 4:28PM on 7-30-2009
The process of alerting a company and then releasing it into the wild as a way to alert users and put pressure on the makers of the affected software is the way this has been done for a while. It's hardly specific to Apple or Blackhat for that matter, I don't see why Apple should be given anymore leeway in these things than Microsoft or any other software maker has been. They're always alerted, and if they choose not to release a timely fix, then the vulnerability they're pretending isn't there is revealed to the world. Seems pretty damn fair to me.
JDavila said 12:38PM on 7-30-2009
What a great idea!!! Let's get the news to all the world so everyone thinks like Noah.. and screw people's phones... Way to go kid you are really something!!!
On the other hand, what about the update on OS 3.1 ??? Heard of it? Most likely they know the exploit is there and will be fixed there.
Is your phone dead or whacked due to that? If not, then zip it...
Reply
Jarrod said 12:49PM on 7-30-2009
From what a friend at Blackhat has told me, Apple had at least 3 months to respond to this, and has even gone so far as ignoring his emails and letters. It sounds like Apple's had closer to six months to a year, though.
So when you're asking "Where's OS 3.1", understand that selling OS3.0 was put in front of the concern for the customers
KeynoteKen said 2:12PM on 7-30-2009
Respond? Apple responds if they need more information to recreate the problem. If not, when you check the bugtracker, you'll see that it's either closed because it's a duplicate OR it just stays open until it's fixed. Do we even know if he filed a bugtracker report or did he just send an email to sjobs@apple.com then wait for a response?
KeynoteKen said 2:12PM on 7-30-2009
From another site:
"McMillan reports, "Miller reported the flaw to Apple about six weeks ago,"
so, not even three months. Why didn't they wait? Because, if they showed a flaw that's already lathes, they wouldn't be as "special" as they are now. They're not interested in giving a company enough time to fix a serious security issue, they wanted something cool to talk about NOW, so dump standard procedure ;)