Recently, Apple has struggled with the security ramifications of a higher commercial profile, and seeing an increasing number of OS X malware. Now another security flaw has been found, this time in the iPhone OS. The flaw allows attackers to gain root access to the iPhone's underlying OS, allowing them to install and execute malicious programs at will.
The iPhone apparently automatically executes binary code sent in SMS messages. Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles. While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.
Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday introduced the vulnerability to the public. He declined to go into specific details or offer his proof-of-concept code to the public, as he has entered under an agreement with Apple. Mr. Miller did state, "SMS is a great vector to attack the iPhone."
He went on to describe several examples of how such an attack could prove beneficial to malicious parties. Among his ideas were to use the phone's GPS technology to track people, to turn on the phone's microphone to snoop on meetings or conversations, and to use groups of the infected phones to form a botnet and launch distributed denial-of-service attacks.
Apple will have a fix ready by the end July, it says. Mr. Miller says he will hold off on releasing details of his attack until then. He will present the attack in its full glory at the Black Hat USA 2009 conference in Las Vegas. Mr. Miller is the author of The Mac Hacker's Handbook, one of the leading resources for prospective Apple hackers.
He praises Apple's efforts with the iPhone saying that the stripped down version of OS X provides less attack opportunities. He says that lack of support for Adobe Flash and Java while an annoyance to users actually aid security, as these are traditional attack vectors. He also notes the phone's provisions to only run Apple-signed code and to provide hardware encryption as other promising features.
Many of these features were added in the new iPhone 3G S, but were not present in the iPhone 3G leading the iPhone 3G to receive failing marks in a recent security study. Mr. Miller concludes, "The iPhone is more secure than OS X, but SMS could be a critical vulnerability."
quote: Lack of cut and paste support for over two years on a product that debuted at $600
quote: Lack of a user replaceable battery
quote: intermittent 3G dropouts, poor phone call quality
quote: iTunes requirement
quote: Fascist content restrictions in the App store
quote: approval from apple is MANDATORY if you have created software that runs on the mac NATIVELY. if you do not get that, your software is never published and even if it was, it would never install successfully on a mac
quote: does not even allow you to switch between windows of the same application if they are hidden behind others
quote: at least with the task bar i an click to any windows i want from any application whether it is visible or not
quote: the office here would like more insight on how the code from one company can make the cpu overheat but code from the other makes it stay cool
quote: no the dock only lists the application but not the individual windows of an application
quote: Lexus lacked manual transmission too.
quote: Compensated by longer internal battery life and external batteries.
quote: Are you malware author? ;-)
quote: Longer battery life than what?
quote: external batteries are a poor solution
quote: you only even debated 5 of the previous poster's 9 comments
quote: you've been living in a cave