Added on 31 Jul 2009(694 Views)
Security expert Charlie Miller issued a warning about a serious security problem affecting the iPhone about a month ago – now the expert, alongside Colin Mulliner, has presented the flaw at the Black Hat 2009 event (25th through 30th of July, Caesar’s Palace, Las Vegas). Charlie Miller presented a method of injecting SMS messages into the iPhone and taking complete control of the device. The vulnerability could allow a person with malicious intent to remotely install and run unsigned software code with root access on the device. The attacker could for example send software code on the iPhone via SMS and thanks to this malicious code the attacker could turn on the device’s microphone and listen in to your conversation, could turn on the device’s GPS and know precisely where you are, or could add the iPhone to a botnet or distributed denial of service attack.
Senior Writer with CNet, Elinor Mills, recounts how Miller and Mulliner exploited this vulnerability and crashed her iPhone: “Although an attacker could exploit the hole to make calls, steal data, send text messages, and do basically anything that I can do with my iPhone, the researchers were kind and merely rendered it temporarily inoperable. While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I'm talking to Miller and the next minute my phone is dead, and this time it's not AT&T's fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.”
According to Charlie Miller, the problem stems from a serious memory corruption bug in the way the device handles SMS messages. Apple has been informed about the problem about a month ago, but a patch has yet to be issued. Without a patch, how can you protect yourself? Charlie Miller says that you should turn off your iPhone immediately after you get an SMS message with a single square character. “That small cipher will likely be your only warning that someone has taken advantage of the bug,” explained Miller.
But wait, it gets better: the same SMS injecting technique can be used to compromise Android and Windows Mobile-powered devices as well, not just iPhones.
UPDATE: Apple released iPhone OS 3.0.1 to solve this SMS vulnerability (details here).
Don't forget to:
RSSTags: Charlie Miller, Black Hat, SMS, Apple, Security
Link to this article:
Add comment:
Software News
Chromium OS Goes Open-Source
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
20 Nov 2009
Office 2010 Beta Downloads Available to the Public
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
20 Nov 2009
Mozilla Releases: Firefox 3.6 Beta 3
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
20 Nov 2009
New Labs Feature for Gmail: Green Robot!
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
20 Nov 2009
Opera Mobile 10 Beta for Windows Mobile Is Out Also
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
19 Nov 2009
Beta Testing is Over, Stable Version of Trillian for iPhone Released
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
19 Nov 2009
Recommended Tools
Registry Booster 2010 Enhanced, deeper and faster error scan performance. Now also in 5 languages! Free Scan
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent