Source: Tom's Guide US | Keywords: iPhone, SMS, Security, text, message | Themes: Smartphones, 3GSM
Beware of hacks by text, if you have an iPhone.
Mac OS X security experts Charlie Miller and Colin Mulliner revealed last night at the Black Hat cybersecurity conference in Las Vegas an iPhone critical security flaw that could remotely crash the device with a single text message.
The hackers detailed the bug at the conference and confirmed it to be tested and effective against iPhones running on networks of four carriers in Germany along with AT&T in the U.S., reported Reuters. Since the flaw is in the SMS system of the iPhone, the exploit should be effective regardless of network.
The security bug is unusual for the iPhone as most applications on the device run inside their own sandboxes, which should restrict them from tapping into portions of the device that it shouldn't be accessible. But for one reason or another, the SMS function isn't as protected and could give an attacker root access.
"It's scary. I don't want people taking over my iPhone," said Miller.
Despite the scariness of the security hole, the hackers don't believe that keeping quiet is the safe way to go.
"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mulliner said.
"This is serious. The only thing you can do to prevent it is turn off your phone," Miller said in a Forbes interview. "Someone could pretty quickly take over every iPhone in the world with this."
The security experts have already shared their findings with Apple, and an updated firmware is now available on iTunes.
-
Previous News Article
PlayStation 3 Manufacturing... -
Next News Article
Nintendo's Black Wii for $334
It might take over your phone, but does it kill it??
If it doesn't, a hard reset would solve it?
Which ones are affected? 1st gen? 3G? 3GS?
Well if it's so serious then get on the ball Apple and fix it!
Apple isnt so god damn perfect after all.
Well if it's so serious then get on the ball Apple and fix it!
"updated firmware is now available on iTunes."
They did.
It is great that somebody found this out and speak up before somebody/some iphones actually get hurt.
It might take over your phone, but does it kill it??If it doesn't, a hard reset would solve it?Which ones are affected? 1st gen? 3G? 3GS?
1. Potentialy yes, it can.
2. In theory one could write something to kill it, but thankfully that hasn't happened yet.
3. All are affected.
Updating your iPhone OS to 3.01 should be a top priority.
"updated firmware is now available on iTunes."They did.It is great that somebody found this out and speak up before somebody/some iphones actually get hurt.
Shhh don't tell anyone.
We DON'T want them to update!!!
Next the gov will propose a bill to force all samrtphones and computers to run anti-virus software in order to protect our selves from a terrorist plot to gain control over all of our machines in effort to measure the buoyancy of penguin shit in the Mojave desert.
Nah, wait a minute you saying people are figuring out how to hack apple products?! With something as simple as a stupid text message, you mean like an email on a windows machine?!
-sarcasm off
It was bound to happen sooner or later and this won't be the last one, guess what? iphones are popular and are on the top of mobile hackers to do list. Not saying I won't buy apple but it just proves that it doesn't matter what you buy, sh*t happens.
Yea, but does it play crysis?
If I update my iPhone firmware to 3.0.1 that means that it will un-jailbreak the phone or it's just an update without any "side-effects"?
Thanks, Martin
I agree with Glorian completely.
Apple has been able to sneak under the radar and avoid having their flaws pointed out cause they were so small no one really cared.
I think they're about to get hit pretty hard. Welcome to the big time Apple.
Well said Zeuss.
Thats the same thing I've been telling my friends whenever they talk about buying a new laptop/desktop.
Hackers want to attack as many people as possible, so the way to go is usually Windows. The moment Apple makes the move into the big leagues (allowing OSX in any machine) all kind of hacks will start appearing.
Hasn't this been already posted like 4 times? Enough already. We get it. You can hack the phone via SMS. Yay. I don't own one, and never will.
Actually as was pointed out in several Black Hat articles on other websites today, all CDMA phones running Windows Mobile, Android and the iPhone are all open to SMS hacks due to the way that SMS is written and the carriers implemented it in their phone configurations.
The researchers for this one hack used the iPhone for their platform, two other groups used windows mobile phones from four different manufacturers to do their demonstrations.
All of them were hacked through the SMS features though.
Wait. I thought the only danger to iPhones was if you jailbreak them? Isn't that what Apple has implied? The whole world is only in danger if the iPhone is jailbroken, so we must expend our thoughts and energies on keeping that from happening. Just ignore the man (with the black hat) behind the curtain, who is sending out that SMS.
Not concerned, personally. No iPhone and where I live, the providers charge outrageous fees for text messaging. Besides, I'm old enough to not need texting. Or do they leave it active anyway? Hmmm.
"remotely crash the device with a single text message"
Ok I give up whats the single text message that wrecks the iphone ??
Seems strange the story is double take hypocritical as well something doesnt add up.
1st part says crashes your iphone, then later in the story, says they now can steal your whole phone from you and all your personal data ??
Story is pretty vague as to purpose of single text message event what it actually does. That message is like some unlock code gives anyone whom types this message access for it. That point doesnt add up to also "Crashes" the iphone?? Which is it a hack for all personal data control over someones iphone, or a SMS sytems bug crashes that protocal which requires a reboot -p
Alot of other data and actions info has to transpire to get selected data off your phone and sent to some unknown hidden hacker, those 2 events alone the data to do that under SMS is not single text oriented for sure.
iphone sucks anyway
DOS all Iphones.
Apple needs to fix this and stop milking their stupid Appstore with useless apps / policing apps.
Let's see those applauding apple store employees now. You bought the iPhone?, Ya Da man!
flaw -> media -> company -> fix/cover -> clowns talking about it.
This is a quarter of the story. This exploit works on Windows Mobile and Android smart phones as well. Why all the focus on the iPhone?
just a thought maybe they planned it that way so that they can remote kill your iphone when they get the coerce government to sign a law to make illegal jail break. you know this company wants total control of theyr toys. its just that someone else found it, and they dont want any regular guy to find out.
"It's scary. I don't want people taking over my iPhone," said Miller.
LOL, from what I've herd, if he was a real security expert, he would have avoided the iphone like the plague.
Gone are the days of apple not being plagued by viruses and exploits everyone boast about it.
It was under the radar for so long, that most hackers didn't consider it worth bothering.
Apple needs to wake up and realize the more popularity they get, the more they will catch up to MS on these problems.
Not have viruses and exploits, and no one LOOKING for them is 2 totally different things.