$bbtitle
Apple Stock: 199.92 ( -0.59 )
RSS RSS Twitter Twitter
Search:
AppleInsider.com Archives News Bytes Reviews Anonymous Mailer Submit Story AppleInsider Forums Mac Prices Polls Advertise on AppleInsider Contact AppleInsider
Save up to $280 on new MacBook Pros and up to $165 on brand new iMacs with special coupons: Mac Pricing Guide updated Nov 20th (Find the best prices on Macs).
Thursday, July 2, 2009

Apple working to fix unreleased iPhone SMS exploit

By Neil Hughes

Published: 03:00 PM EST

Tipped off by a Mac OS X security expert, Apple is working to repair a serious security flaw in the iPhone’s operating system – one that could allow an attacker to track the phone’s location via GPS, eavesdrop on conversations via the microphone, or create a mobile bot net capable of unleashing denial of service attacks.

The attack takes advantage of a vulnerability in the phone’s short messaging service, or SMS, feature, allowing an outside party into the phone’s root access without the owner’s knowledge. Security researcher Charles Miller, co-author of The Mac Hacker’s Handbook, announced his discovery Thursday at the SyScan Conference in Singapore, according to Computerworld.

Apple plans to have the fix released later this month, before Miller gives his scheduled speech at the Black Hat Technical Security Conference in Los Angeles. At the July 25-30 conference, Miller will be joined by Colin Mulliner for a talk entitled “Fuzzing the Phone in Your Phone,” which will show attendees how to discover vulnerabilities in a variety of smartphones.

Miller has not specifically detailed how the SMS exploit is done, citing an agreement with Apple. But he will discuss the attack in length at the Black Hat conference.

The exploit takes advantage of the fact that SMS can send binary code to an iPhone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.

For a widely-adopted platform, Apple’s iPhone has had remarkably little in the way of discovered vulnerabilities in its short history. In 2007, a security firm – including Miller – notified Apple of the phone’s first security flaw, soon after the hardware had been released. It was subsequently fixed by Apple.

Miller said that the iPhone’s stripped-down version of OS X makes it more secure than the full-fledged operating system. And because it lacks support for Adobe Flash and Java, isolates individual applications from one another, and only allows software that has been digitally signed by Apple, it is less likely to have security flaws than a full-form computer.
Filed under : iPhone 23 Comments ] 
Story topics: Security   Print ] [ Story Link ] 


Download Parallels 5.0 Today
Mac Poker players can play Full Tilt Poker for Mac and get 100% to $600 free with bonus code MP600, courtesy of Online Poker Mac
AppleInsider Features
Hot Forum Topics

Recent Articles
Apple's App Store approval process gets partially automated
TomTom to release iPod touch-specific GPS car kit
China Unicom expects 10% of 3G users on iPhone in 3 years
Steve Jobs e-mails terse response to upset Apple developer
Hack re-enables Atom processor compatibility for Mac OS X 10.6.2
Microsoft shareholders grill CEO about Apple, iPhone
Google outlines Chrome OS plans for netbooks
Sony announces iTunes competitor for music, movies, books
Apple investigates space-age fitness tracking technology
Web search statistics show Bing stagnant, Google growing
New apps said to make iPod touch more prominent in Apple stores
Piper: Apple tablet no more than $700, launch timing irrelevant
Major publisher preps for Apple tablet as delay, OLED rumors surface
AT&T faces setback in legal battle over Verizon ads [u]
TomTom app updated to support iPod touch, first-gen iPhone
Oct. estimates suggest Apple will sell 2.9M Macs this quarter
Microsoft retail store gets odd viral marketing buzz
Rumored 'Google Phone' said to be coming in 2010
Evidence suggests Apple at work on Mac OS X 10.7
iPhone approved in South Korea; China Mobile talks continue
AT&T upgrades network as wireless traffic quadruples over past year
Apple store in upscale Greenwich, Conn., to open Saturday
Needham downgrades Apple stock on technicality
Verizon rumored to embrace Palm in 2010 to combat iPhone
Apple's iPhone App Store takes off in China
Belgian heist lands thousands of stolen Apple iPhones
Verizon responds to AT&T in court: 'The truth hurts'
Apple said to release iPhone app for in-store appointments
OnLive cloud gaming service demonstrated on Apple's iPhone
Apple tablet speculation: high-end graphics, several models
Microsoft looks to combat Apple globally with Zune content
Apple met with AdMob weeks before acquisition by Google
Apple earns key legal victory against Psystar
Apple looks to hire AAA game developer for in-house iPhone team
Apple's next-gen iPhone power amp; NASA chemical sensor app
Bill Gates praises Steve Jobs for saving Apple
AT&T responds to 'false and misleading' Verizon ads
Apple unveils browser-based iTunes Preview
AT&T asks court to pull Verizon's 'misleading' iPhone ads
Conflicting reports within Qualcomm suggest Verizon-only iPhone

AppleInsider Market Place

Sell your Laptop - working or not. Free shipping.: Get an instant online quote and sell your laptop today !

Believe in Office: Save Up To 25% on Office 2004 For Mac. Visit Our Site for Details!

IBackup - SMB Online Backup: IBackup is the preferred online storage and backup service of choice for SMBs for its ease of use, security and value. Offers automated backup and restore, file selection and securiy.

Download free software - everyday updated freeware files

 
Advertisements








AppleInsider RSS Feed
AppleInsider © 1997-2008
Please review our Privacy Policy.
Written/Edited/Compiled by the AppleInsider Staff.