Sign in with
Sign up | Sign in

A Single Text Message Can Cripple Your iPhone

By - Source: Tom's Guide US | B 27 comments

A text message can cripple your iPhone.

A critical security flaw has been found in the SMS system for the iPhone. According to IDG, Mac OS X security experts Charlie Miller and Colin Mulliner revealed that a specially coded text message could remotely crash an iPhone.

It's possible that the security hole could pave the way for an attacker to run malicious code on the iPhone that would allow it to access the GPS, microphone or internet connection.

Miller did admit that he hadn't found a way to access those functions, but doesn't ruled it out. "I don't have a working exploit for it, just a suspicious looking crash," he said.

The stripped down version of OS X that powers the iPhone is still relatively secure, according to Miller. Applications on the phone run inside their own sandboxes, which should restrict them from tapping into portions of the device that it shouldn't be available. But for one reason or another, the SMS function isn't as protected and could give an attacker root access.

The security experts have already shared their findings with Apple, which hopefully means the hole will be patched up in an upcoming software update – preferably before someone takes advantage of the security flaw with nefarious intentions.

Discuss
Display all 27 comments.
This thread is closed for comments
Top Comments
  • 15 Hide
    Anonymous , July 4, 2009 3:12 AM
    What they have managed to do, is to prove that the SMS service on an iPhone most likely have root access. They build this prof on the fact that code sent through an SMS has crashed their iPhone without the users involvement.
    The reason they're coming out with their warning is because they fear someone could use this exploit for worse things than just an annoying crash, such as installing software for surveillance(location, video and voice access) or the buildup of a botnet using iPhones.

    As for Apple I expect they will say it's unlikely someone will use the exploit and won't fix it until after the first real attack is documented, instead of now when they got the warning.
  • 11 Hide
    Honis , July 4, 2009 5:52 AM
    great! The new iPhone cooks and crashes! Now all it needs is a controversial app stor... oh wait...
Other Comments
  • -8 Hide
    omnimodis78 , July 4, 2009 2:29 AM
    I'm confused - so he doesn't have a working exploit for it but he suspects there's a suspicious looking crash? LOL Now that's really scientific!
  • 15 Hide
    Anonymous , July 4, 2009 3:12 AM
    What they have managed to do, is to prove that the SMS service on an iPhone most likely have root access. They build this prof on the fact that code sent through an SMS has crashed their iPhone without the users involvement.
    The reason they're coming out with their warning is because they fear someone could use this exploit for worse things than just an annoying crash, such as installing software for surveillance(location, video and voice access) or the buildup of a botnet using iPhones.

    As for Apple I expect they will say it's unlikely someone will use the exploit and won't fix it until after the first real attack is documented, instead of now when they got the warning.
  • 3 Hide
    NYCGPS , July 4, 2009 3:45 AM
    IT JUST WORKS !!!! ROFL

    yeah, full of shit. Apple has failed again. LMAO
  • 8 Hide
    brendano257 , July 4, 2009 3:55 AM
    omnimodis78I'm confused - so he doesn't have a working exploit for it but he suspects there's a suspicious looking crash? LOL Now that's really scientific!


    He can code a txt message to crash the iPhone, but he can't use any other code he knows of to make...lets say a botnet of iPhones, or how to tap in to your microphone or camera to see what your doing. He can crash it, but not use it to his advantage is what it says.
  • 6 Hide
    IzzyCraft , July 4, 2009 3:59 AM
    iphone 3Gs faster, better, will die more and more zeesh how many iphone stories do we have already for the week.
  • 8 Hide
    cal8949 , July 4, 2009 4:50 AM
    thanks for telling me. now i can work on that code to bring down all iphones.

    if you have a security problem you probably should tell the whole world were the week spot is. it would be like me telling you - yeah this house is all secure and locked up no one can get in.... except the window over there if you go through that you can steal my stereo
  • -2 Hide
    IronRyan21 , July 4, 2009 5:25 AM
    I can see the new M$ ad now......
  • 11 Hide
    Honis , July 4, 2009 5:52 AM
    great! The new iPhone cooks and crashes! Now all it needs is a controversial app stor... oh wait...
  • -1 Hide
    Kami3k , July 4, 2009 5:58 AM
    cal8949thanks for telling me. now i can work on that code to bring down all iphones.if you have a security problem you probably should tell the whole world were the week spot is. it would be like me telling you - yeah this house is all secure and locked up no one can get in.... except the window over there if you go through that you can steal my stereo


    except that unlike you, Apple can be sued.
  • -3 Hide
    hacker91 , July 4, 2009 11:58 AM
    The media creates more problems then they report. Telling would-be hackers of a security flaw is just asking for them to make the hack that DOES access the areas of the phone the security guy couldnt.
  • -5 Hide
    Regulas , July 4, 2009 12:57 PM
    I read it was already patched
  • 3 Hide
    Harby , July 4, 2009 2:42 PM
    omnimodis78I'm confused - so he doesn't have a working exploit for it but he suspects there's a suspicious looking crash? LOL Now that's really scientific!


    Your reading comprehension is most excellent, NOT.
  • -2 Hide
    DXRick , July 4, 2009 6:32 PM
    This has to be easy to fix or prevent.

    Fix: the service provider can edit text messages for non-text characters (a-z, 0-9, and special characters like !#&*$%). Obviously, anyone sending a message with code in it is up to something.

    Prevent: Can't the user control who sends them text messages? Otherwise you would get endlessly spammed.
  • 0 Hide
    Sicundercover , July 4, 2009 7:05 PM
    hacker91The media creates more problems then they report. Telling would-be hackers of a security flaw is just asking for them to make the hack that DOES access the areas of the phone the security guy couldnt.


    Its because Apple is notorious for holes in their security until its exposed to the world. If you dont expose they go on lying and saying they are completely secure which they are not.

    Hence the past 2 years in a row at Own 2 Pwn.
  • 0 Hide
    Sicundercover , July 4, 2009 7:06 PM
    "
    Its because Apple is notorious for holes in their security until its exposed to the world"

    Edit:

    What I ment to say is, "Its because Apple is notorious for NOT FIXING holes".
  • 0 Hide
    Anonymous , July 5, 2009 2:03 AM
    BS, I don't believe any of this. They just want to force people to patch the phone. Root access through an SMS? LOL
  • 0 Hide
    cabose369 , July 5, 2009 2:53 AM
    I need to find out how I can do this so I can send one to my friend who is so in love with his Iphone he can't accept the fact that there are a lot of flaws with it and thinks this is all media BS. That'll teach em!!
  • 0 Hide
    NYCGPS , July 5, 2009 3:36 AM
    cabose369I need to find out how I can do this so I can send one to my friend who is so in love with his Iphone he can't accept the fact that there are a lot of flaws with it and thinks this is all media BS. That'll teach em!!


    its VERY easy to do.

    rofl. I just crashed a few of my friends with it. they were like "WTF HAPPENED?"

    I was like

    Happy July 4th Bitches ! LOL !
  • 0 Hide
    squatchman , July 5, 2009 7:27 AM
    Even if the exploit to cause the crash doesn't exist yet, it's only a matter of time.

    Security through obscurity is no security at all and we should be glad that people like this are looking for the tricks they can find.
  • 0 Hide
    Harby , July 5, 2009 1:07 PM
    NYCGPSits VERY easy to do.rofl. I just crashed a few of my friends with it. they were like "WTF HAPPENED?"I was likeHappy July 4th Bitches ! LOL !


    Care to share with us how?
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter