Skip to main content

iPhone SMS Security Hole is Real, Scary

Mac OS X security experts Charlie Miller and Colin Mulliner revealed last night at the Black Hat cybersecurity conference in Las Vegas an iPhone critical security flaw that could remotely crash the device with a single text message.

The hackers detailed the bug at the conference and confirmed it to be tested and effective against iPhones running on networks of four carriers in Germany along with AT&T in the U.S., reported Reuters. Since the flaw is in the SMS system of the iPhone, the exploit should be effective regardless of network.

The security bug is unusual for the iPhone as most applications on the device run inside their own sandboxes, which should restrict them from tapping into portions of the device that it shouldn't be accessible. But for one reason or another, the SMS function isn't as protected and could give an attacker root access.

"It's scary. I don't want people taking over my iPhone," said Miller.

Despite the scariness of the security hole, the hackers don't believe that keeping quiet is the safe way to go.

"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mulliner said.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller said in a Forbes interview. "Someone could pretty quickly take over every iPhone in the world with this."

The security experts have already shared their findings with Apple, and an updated firmware is now available on iTunes.

  • ricardok
    It might take over your phone, but does it kill it??
    If it doesn't, a hard reset would solve it?
    Which ones are affected? 1st gen? 3G? 3GS?
    Reply
  • doomtomb
    Well if it's so serious then get on the ball Apple and fix it!
    Reply
  • MrBradley
    Apple isnt so god damn perfect after all.
    Reply
  • pharge
    doomtombWell if it's so serious then get on the ball Apple and fix it!"updated firmware is now available on iTunes."

    They did.

    It is great that somebody found this out and speak up before somebody/some iphones actually get hurt.
    Reply
  • bourgeoisdude
    RicardoKIt might take over your phone, but does it kill it??If it doesn't, a hard reset would solve it?Which ones are affected? 1st gen? 3G? 3GS?
    1. Potentialy yes, it can.
    2. In theory one could write something to kill it, but thankfully that hasn't happened yet.
    3. All are affected.

    Updating your iPhone OS to 3.01 should be a top priority.
    Reply
  • the_one111
    pharge"updated firmware is now available on iTunes."They did.It is great that somebody found this out and speak up before somebody/some iphones actually get hurt.Shhh don't tell anyone.

    We DON'T want them to update!!!

    Reply
  • ravenware
    Next the gov will propose a bill to force all samrtphones and computers to run anti-virus software in order to protect our selves from a terrorist plot to gain control over all of our machines in effort to measure the buoyancy of penguin shit in the Mojave desert.
    Reply
  • Glorian
    Nah, wait a minute you saying people are figuring out how to hack apple products?! With something as simple as a stupid text message, you mean like an email on a windows machine?!
    -sarcasm off

    It was bound to happen sooner or later and this won't be the last one, guess what? iphones are popular and are on the top of mobile hackers to do list. Not saying I won't buy apple but it just proves that it doesn't matter what you buy, sh*t happens.
    Reply
  • Yea, but does it play crysis?
    Reply
  • cyberlordmkd
    If I update my iPhone firmware to 3.0.1 that means that it will un-jailbreak the phone or it's just an update without any "side-effects"?

    Thanks, Martin
    Reply