Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

SMS hack could leave "every" iPhone vulnerable

Katie Marsal |

A single character sent by text message could allegedly compromise every iPhone released to date.

Talking at the Black Hat security conference in Las Vegas, experts Charlie Miller and Collin Mulliner say they've discovered a bug in the iPhone's approach to SMS that exposes it completely to remote control through a subsequent hack, including the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.

The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk — a real problem as the trick could also be used to make an iPhone send more messages of its own.

"Someone could pretty quickly take over every iPhone in the world with this," Miller claimed to Forbes on Wednesday.

An extra vulnerability would simply be used to frustrate individual owners and would use a series of SMS messages to keep the iPhone offline for 10 seconds at a time, creating the mobile equivalent of a denial of service attack for as long as the malicious programmer saw fit.

Both of the experts reiterated that they notified Apple of the flaws roughly a month ago. In its typically silent approach to security, however, the company hasn't issued an update to patch either of the security breaches and hasn't provided an update on whether or not it can release a patch before the end of the month.

Regardless of the Cupertino firm's response, the new exploits underscore a small but noteworthy history of security risks that, among others, have included a since-fixed Safari flaw that would compromise an iPhone just by visiting a website with hidden but hostile code.

Apple is all the same not isolated from these sorts of issues. Google's Android in its current form is vulnerable to the same 10-second knockout as the iPhone, and Windows Mobile can also be controlled through a burst of text messages.

 

Sponsored Content

article thumbnail

Buckle and Band offers a new take on designer Apple Watch bands for sophisticated owners

Top Stories

article thumbnail

New iPad Air & iPad Pro models are coming soon - what to expect

article thumbnail

The long nightmare may be over — iPad could finally get a Calculator app

article thumbnail

The best of WWDC — the developer conference that shapes technology for the rest of us

article thumbnail

Apple Silicon might get used for AI chips in server farms

article thumbnail

The history — and triumph — of Arm and Apple Silicon

article thumbnail

Best Buy kicks off new M3 MacBook Air sale, blowout M2 deals up to $400 off still available