Researchers Charlie Miller and Collin Mulliner claim that they have found a security vulnerability in the iPhone's SMS messaging system which could allow hackers to in theory "take over every iPhone in the world". It occurs regardless of hardware revision or which version of the iPhone OS is running.
They plan to reveal the details of the security hole at the Black Hat conference in Las Vegas.
Here is the brief description of the security flaw and the risks involved:
"Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking."
The attack was demonstrated on the iPhone of Cnet’s Elinor Mills. This is what she had to say of how this attack works in practice:
“Here’s what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I’m talking to Miller and the next minute my phone is dead, and this time it’s not AT&T’s fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.“
The only thing you can do to stop the attack is to turn off your iPhone quickly.
According to the report, the researches informed Apple about the security flaw over a month ago but Apple is yet to release a patch to address the bug.
Miller had also discovered a vulnerability in the original iPhone soon after it was launched. At that time, Apple was prompt in addressing the security hole. They had fixed it in iPhone OS 1.0.1 just two days before Miller was set to reveal the details at that year's Black Hat conference.
Let's hope Apple releases a fix for this one soon. We will let you know if we get any more details.
Update (July 31, 2009):
Apple has released iPhone OS 3.0.1 to fix the SMS Vulnerability
[via MacRumors]
- Hey Brain, what do you want to do tonight?
- Same thing we do every night Pinky… try to take over every iPhone in the world!!
Now I can stop ppl from calling me who wanna chat just cause it's mobile 2 mobile.
"I got one that can see !"
http://www.theyliveandwesleep.com
Interesting. So if my new 3gs like blows up from these hackers or stops functioning will it be covered under warranty?
nope, won't be covered under warranty since that focuses only on hardware failure or 'manufacturers defects' in hardware only (not software).
So much for apple's argument that jailbroken phones were a problem. It seems it is the iphone's shoddy security that is a problem. Apple resembles micro$oft more and more.
Wow. It's apples fault tho. We probly won't see an update that fixes it untill 3.1 comes out which is supposed to be released in September.
I have not received any texts from any unknowns, but both my 3GS and my wife's 3g have mysteriously shut off today (not at same time). Both are jailbroken & 3.0. 3G -> Redsn0w 3GS -> Purplera1n. Both on AT&T, neither one unlocked (no need yet). Could this be Apple testing for jailbreak or unlock?
Anyone else had a similar issue?
Caco I think that hackers are gonna go for the masses that's why they attack windows pc so much, and now with the iPhone getting up to 30 million they've found a base. I hope I don't have to run a mobile version of trend micro MCcillin. Lol
on a more personal note Caco are U Jose Manuel?
okes watch out the sms r already releases,,,
the best thing is to switch off ur phone until apple fix that in the nxt version,, put ur iphone into safe mode,,
this is for jailbroken iphone,,,
one of my friend got it ,,,so BLACK HAT control his phone n sending the sms in all his contacts.,
guys the game has start ,,,
let just wait n c,
We should be seeing an update that fixes this bug tomorrow!!!!!
Source: http://news.bbc.co.uk/2/hi/technology/8177755.stm
Update: it's out! Just waiting for jailbreak before update
nobody is going to keep their phones off just because of this exploit. And even if you did keep your phone of for how ever many days,weeks,months it takes for apple to officially release the fix, as soon as you turn your phone on to update, you will get the SMS and your phone will be hacked.
how gay…
what if you use another sms app instead of apples ?
Thanks for sharing, i really like your posting…nice..nice
hihihi
right, so all of the press leading up to this talk was about how the iPhone had been totally hacked, that we should be expecting maybe an iPhone virus, that attackers could dial out and completely control the phone through SMS… then the talk comes and all they can do is crash an iPhone… i want to live in the media's world… it's so much cooler in the media's world… hackers work in high tech labs with hundreds of monitors and plant viruses on the president's phone… in the real world it turns out that the so-called hackers can just cause your phone to stop working until you reboot it… pretty _amazing_ stuff there, charlie… these researchers certainly do have media-trolling down to a science though…
Please i realy need the sms iphone hack.. help
Hi all, So my Iphone G4 (4.3.5) was hacked last night (October 13th, 2011) NOT so COOL!! be careful also programs out to incept your sms messages. Just a heads up.
Take care