Skip to main content

iPhone SMS Security Hole is Real, Scary

Mac OS X security experts Charlie Miller and Colin Mulliner revealed last night at the Black Hat cybersecurity conference in Las Vegas an iPhone critical security flaw that could remotely crash the device with a single text message.

The hackers detailed the bug at the conference and confirmed it to be tested and effective against iPhones running on networks of four carriers in Germany along with AT&T in the U.S., reported Reuters. Since the flaw is in the SMS system of the iPhone, the exploit should be effective regardless of network.

The security bug is unusual for the iPhone as most applications on the device run inside their own sandboxes, which should restrict them from tapping into portions of the device that it shouldn't be accessible. But for one reason or another, the SMS function isn't as protected and could give an attacker root access.

"It's scary. I don't want people taking over my iPhone," said Miller.

Despite the scariness of the security hole, the hackers don't believe that keeping quiet is the safe way to go.

"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mulliner said.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller said in a Forbes interview. "Someone could pretty quickly take over every iPhone in the world with this."

The security experts have already shared their findings with Apple, and an updated firmware is now available on iTunes.