SMS a Serious Problem for the iPhone, other Mobile Phones
Article by George Norman
On 31 Jul 2009
Security expert Charlie Miller issued a warning about a serious security problem affecting the iPhone about a month ago – now the expert, alongside Colin Mulliner, has presented the flaw at the Black Hat 2009 event (25th through 30th of July, Caesar’s Palace, Las Vegas). Charlie Miller presented a method of injecting SMS messages into the iPhone and taking complete control of the device.

The vulnerability could allow a person with malicious intent to remotely install and run unsigned software code with root access on the device. The attacker could for example send software code on the iPhone via SMS and thanks to this malicious code the attacker could turn on the device’s microphone and listen in to your conversation, could turn on the device’s GPS and know precisely where you are, or could add the iPhone to a botnet or distributed denial of service attack.


Senior Writer with CNet, Elinor Mills, recounts how Miller and Mulliner exploited this vulnerability and crashed her iPhone: “Although an attacker could exploit the hole to make calls, steal data, send text messages, and do basically anything that I can do with my iPhone, the researchers were kind and merely rendered it temporarily inoperable. While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I'm talking to Miller and the next minute my phone is dead, and this time it's not AT&T's fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.”

According to Charlie Miller, the problem stems from a serious memory corruption bug in the way the device handles SMS messages. Apple has been informed about the problem about a month ago, but a patch has yet to be issued. Without a patch, how can you protect yourself? Charlie Miller says that you should turn off your iPhone immediately after you get an SMS message with a single square character. “That small cipher will likely be your only warning that someone has taken advantage of the bug,” explained Miller.

But wait, it gets better: the same SMS injecting technique can be used to compromise Android and Windows Mobile-powered devices as well, not just iPhones.

UPDATE: Apple released iPhone OS 3.0.1 to solve this SMS vulnerability (details here).

Tags: Charlie Miller, Black Hat, SMS, Apple, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
SMS a Serious Problem for the iPhone, other Mobile Phones
HTML Linking Code