$bbtitle
Apple Stock: 199.92 ( -0.59 )
RSS RSS Twitter Twitter
Search:
AppleInsider.com Archives News Bytes Reviews Anonymous Mailer Submit Story AppleInsider Forums Mac Prices Polls Advertise on AppleInsider Contact AppleInsider
Save up to $280 on new MacBook Pros and up to $165 on brand new iMacs with special coupons: Mac Pricing Guide updated Nov 20th (Find the best prices on Macs).
Wednesday, July 29, 2009

SMS hack could leave "every" iPhone vulnerable

By Katie Marsal

Published: 05:45 PM EST

A single character sent by text message could allegedly compromise every iPhone released to date.

Talking at the Black Hat security conference in Las Vegas, experts Charlie Miller and Collin Mulliner say they've discovered a bug in the iPhone's approach to SMS that exposes it completely to remote control through a subsequent hack, including the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.

The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk -- a real problem as the trick could also be used to make an iPhone send more messages of its own.

"Someone could pretty quickly take over every iPhone in the world with this," Miller claimed to Forbes on Wednesday.

An extra vulnerability would simply be used to frustrate individual owners and would use a series of SMS messages to keep the iPhone offline for 10 seconds at a time, creating the mobile equivalent of a denial of service attack for as long as the malicious programmer saw fit.

Both of the experts reiterated that they notified Apple of the flaws roughly a month ago. In its typically silent approach to security, however, the company hasn't issued an update to patch either of the security breaches and hasn't provided an update on whether or not it can release a patch before the end of the month.

Regardless of the Cupertino firm's response, the new exploits underscore a small but noteworthy history of security risks that, among others, have included a since-fixed Safari flaw that would compromise an iPhone just by visiting a website with hidden but hostile code.

Apple is all the same not isolated from these sorts of issues. Google's Android in its current form is vulnerable to the same 10-second knockout as the iPhone, and Windows Mobile can also be controlled through a burst of text messages.
Filed under : iPhone 88 Comments ] 
Story topics: Android, Windows Mobile   Print ] [ Story Link ] 


Download Parallels 5.0 Today
RSS
RSS
RSS
Mac Poker players can play Full Tilt Poker for Mac and get 100% to $600 free with bonus code MP600, courtesy of Online Poker Mac
AppleInsider Features
Hot Forum Topics

Recent Articles
Smoking may void Applecare warranty due to "health hazard"
Inside Google's Android and Apple's iPhone OS as software markets
Apple's App Store approval process gets partially automated
TomTom to release iPod touch-specific GPS car kit
China Unicom expects 10% of 3G users on iPhone in 3 years
Steve Jobs e-mails terse response to upset Apple developer
Hack re-enables Atom processor compatibility for Mac OS X 10.6.2
Microsoft shareholders grill CEO about Apple, iPhone
Google outlines Chrome OS plans for netbooks
Sony announces iTunes competitor for music, movies, books
Apple investigates space-age fitness tracking technology
Web search statistics show Bing stagnant, Google growing
New apps said to make iPod touch more prominent in Apple stores
Piper: Apple tablet no more than $700, launch timing irrelevant
Major publisher preps for Apple tablet as delay, OLED rumors surface
AT&T faces setback in legal battle over Verizon ads [u]
TomTom app updated to support iPod touch, first-gen iPhone
Oct. estimates suggest Apple will sell 2.9M Macs this quarter
Microsoft retail store gets odd viral marketing buzz
Rumored 'Google Phone' said to be coming in 2010
Evidence suggests Apple at work on Mac OS X 10.7
iPhone approved in South Korea; China Mobile talks continue
AT&T upgrades network as wireless traffic quadruples over past year
Apple store in upscale Greenwich, Conn., to open Saturday
Needham downgrades Apple stock on technicality
Verizon rumored to embrace Palm in 2010 to combat iPhone
Apple's iPhone App Store takes off in China
Belgian heist lands thousands of stolen Apple iPhones
Verizon responds to AT&T in court: 'The truth hurts'
Apple said to release iPhone app for in-store appointments
OnLive cloud gaming service demonstrated on Apple's iPhone
Apple tablet speculation: high-end graphics, several models
Microsoft looks to combat Apple globally with Zune content
Apple met with AdMob weeks before acquisition by Google
Apple earns key legal victory against Psystar
Apple looks to hire AAA game developer for in-house iPhone team
Apple's next-gen iPhone power amp; NASA chemical sensor app
Bill Gates praises Steve Jobs for saving Apple
AT&T responds to 'false and misleading' Verizon ads
Apple unveils browser-based iTunes Preview

AppleInsider Market Place

Sell your Laptop - working or not. Free shipping.: Get an instant online quote and sell your laptop today !

Believe in Office: Save Up To 25% on Office 2004 For Mac. Visit Our Site for Details!

IBackup - SMB Online Backup: IBackup is the preferred online storage and backup service of choice for SMBs for its ease of use, security and value. Offers automated backup and restore, file selection and securiy.

Download free software - everyday updated freeware files

 
Advertisements








AppleInsider RSS Feed
AppleInsider © 1997-2008
Please review our Privacy Policy.
Written/Edited/Compiled by the AppleInsider Staff.