Source: Tom's Guide US | Keywords: iphone, sms, text, message, flaw | Themes: Smartphones, 3GSM
A text message can cripple your iPhone.
A critical security flaw has been found in the SMS system for the iPhone. According to IDG, Mac OS X security experts Charlie Miller and Colin Mulliner revealed that a specially coded text message could remotely crash an iPhone.
It's possible that the security hole could pave the way for an attacker to run malicious code on the iPhone that would allow it to access the GPS, microphone or internet connection.
Miller did admit that he hadn't found a way to access those functions, but doesn't ruled it out. "I don't have a working exploit for it, just a suspicious looking crash," he said.
The stripped down version of OS X that powers the iPhone is still relatively secure, according to Miller. Applications on the phone run inside their own sandboxes, which should restrict them from tapping into portions of the device that it shouldn't be available. But for one reason or another, the SMS function isn't as protected and could give an attacker root access.
The security experts have already shared their findings with Apple, which hopefully means the hole will be patched up in an upcoming software update – preferably before someone takes advantage of the security flaw with nefarious intentions.
-
Previous News Article
Apple Shoots Down Obama's Hope -
Next News Article
Wife of New MI6 Boss Posts...
I'm confused - so he doesn't have a working exploit for it but he suspects there's a suspicious looking crash? LOL Now that's really scientific!
What they have managed to do, is to prove that the SMS service on an iPhone most likely have root access. They build this prof on the fact that code sent through an SMS has crashed their iPhone without the users involvement.
The reason they're coming out with their warning is because they fear someone could use this exploit for worse things than just an annoying crash, such as installing software for surveillance(location, video and voice access) or the buildup of a botnet using iPhones.
As for Apple I expect they will say it's unlikely someone will use the exploit and won't fix it until after the first real attack is documented, instead of now when they got the warning.
IT JUST WORKS !!!! ROFL
yeah, full of shit. Apple has failed again. LMAO
I'm confused - so he doesn't have a working exploit for it but he suspects there's a suspicious looking crash? LOL Now that's really scientific!
He can code a txt message to crash the iPhone, but he can't use any other code he knows of to make...lets say a botnet of iPhones, or how to tap in to your microphone or camera to see what your doing. He can crash it, but not use it to his advantage is what it says.
iphone 3Gs faster, better, will die more and more zeesh how many iphone stories do we have already for the week.
thanks for telling me. now i can work on that code to bring down all iphones.
if you have a security problem you probably should tell the whole world were the week spot is. it would be like me telling you - yeah this house is all secure and locked up no one can get in.... except the window over there if you go through that you can steal my stereo
I can see the new M$ ad now......
great! The new iPhone cooks and crashes! Now all it needs is a controversial app stor... oh wait...
thanks for telling me. now i can work on that code to bring down all iphones.if you have a security problem you probably should tell the whole world were the week spot is. it would be like me telling you - yeah this house is all secure and locked up no one can get in.... except the window over there if you go through that you can steal my stereo
except that unlike you, Apple can be sued.
The media creates more problems then they report. Telling would-be hackers of a security flaw is just asking for them to make the hack that DOES access the areas of the phone the security guy couldnt.
I read it was already patched
I'm confused - so he doesn't have a working exploit for it but he suspects there's a suspicious looking crash? LOL Now that's really scientific!
Your reading comprehension is most excellent, NOT.
http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
This has to be easy to fix or prevent.
Fix: the service provider can edit text messages for non-text characters (a-z, 0-9, and special characters like !#&*$%). Obviously, anyone sending a message with code in it is up to something.
Prevent: Can't the user control who sends them text messages? Otherwise you would get endlessly spammed.
The media creates more problems then they report. Telling would-be hackers of a security flaw is just asking for them to make the hack that DOES access the areas of the phone the security guy couldnt.
Its because Apple is notorious for holes in their security until its exposed to the world. If you dont expose they go on lying and saying they are completely secure which they are not.
Hence the past 2 years in a row at Own 2 Pwn.
"
Its because Apple is notorious for holes in their security until its exposed to the world"
Edit:
What I ment to say is, "Its because Apple is notorious for NOT FIXING holes".
BS, I don't believe any of this. They just want to force people to patch the phone. Root access through an SMS? LOL
I need to find out how I can do this so I can send one to my friend who is so in love with his Iphone he can't accept the fact that there are a lot of flaws with it and thinks this is all media BS. That'll teach em!!
I need to find out how I can do this so I can send one to my friend who is so in love with his Iphone he can't accept the fact that there are a lot of flaws with it and thinks this is all media BS. That'll teach em!!
its VERY easy to do.
rofl. I just crashed a few of my friends with it. they were like "WTF HAPPENED?"
I was like
Happy July 4th Bitches ! LOL !
Even if the exploit to cause the crash doesn't exist yet, it's only a matter of time.
Security through obscurity is no security at all and we should be glad that people like this are looking for the tricks they can find.
its VERY easy to do.rofl. I just crashed a few of my friends with it. they were like "WTF HAPPENED?"I was likeHappy July 4th Bitches ! LOL !
Care to share with us how?
Almost as bad is TH's editing staff. It really crashes the integrity of a site that can't seem to write five small paragraphs without several grammatical errors, and this happens routinely.
A security hole in an Apple OS? IMPOSSIBLE!!!!
BS, I don't believe any of this. They just want to force people to patch the phone. Root access through an SMS? LOL
Yea this is the same thing that was said about the holes in Safari until it was demonstrated for all the world to see.
Yeah, and Apple will be happy to charge you $9.95 for version 3.1.
mabey apple will finally realise what makes a platform prone to exploitation. it's not so much lack of security, it's POPULARITY! if only this would humble apple's arrogance when it comes to "security". if only...
sounds like the same hole they found in osx a while ago where they were getting into laptops and accessing the cameras and mics
People should use less popular phones so as not to be a target. Go Windows Mobile. Its lack of popularity combined with its unrivaled ability to use windows based Office applications make it the phone to work when you are worried about viruses and 'just want it to work'.
Sound familiar?
[/sarcasm]
Some of us out here are smarter than your average hack, so exploit all you want my 3gs 32 gb iPhone is working just fine. The ones that bought white iPhones the cases are making them discolored not the phones. White is for girls and sissies anyway. For all you iPhone haters you can suck on a donkey d***.