Print 82 comment(s) - last by callmeroy.. on Jul 7 at 8:48 AM

  (Source: Attack of the Show)

A gaping hole in the iPhone 3G S's beefed up security, allows a packet of code to be fired into it via SMS and compromise the entire system. Apple says that it will fix the major flaw by the end of July.  (Source: AppleIPhoneReview)
IPhone SMS vulnerability could allow malicious users to install and execute malware

Recently, Apple has struggled with the security ramifications of a higher commercial profile, and seeing an increasing number of OS X malware.  Now another security flaw has been found, this time in the iPhone OS.  The flaw allows attackers to gain root access to the iPhone's underlying OS, allowing them to install and execute malicious programs at will.

The iPhone apparently automatically executes binary code sent in SMS messages.  Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles.  While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.

Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday introduced the vulnerability to the public.  He declined to go into specific details or offer his proof-of-concept code to the public, as he has entered under an agreement with Apple.  Mr. Miller did state, "SMS is a great vector to attack the iPhone."

He went on to describe several examples of how such an attack could prove beneficial to malicious parties.  Among his ideas were to use the phone's GPS technology to track people, to turn on the phone's microphone to snoop on meetings or conversations, and to use groups of the infected phones to form a botnet and launch distributed denial-of-service attacks.

Apple will have a fix ready by the end July, it says.  Mr. Miller says he will hold off on releasing details of his attack until then.  He will present the attack in its full glory at the Black Hat USA 2009 conference in Las Vegas.  Mr. Miller is the author of The Mac Hacker's Handbook, one of the leading resources for prospective Apple hackers.

He praises Apple's efforts with the iPhone saying that the stripped down version of OS X provides less attack opportunities.  He says that lack of support for Adobe Flash and Java while an annoyance to users actually aid security, as these are traditional attack vectors.  He also notes the phone's provisions to only run Apple-signed code and to provide hardware encryption as other promising features.  

Many of these features were added in the new iPhone 3G S, but were not present in the iPhone 3G leading the iPhone 3G to receive failing marks in a recent security study.  Mr. Miller concludes, "The iPhone is more secure than OS X, but SMS could be a critical vulnerability."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: fsardis and his iDick debacle
By fsardis on 7/2/2009 7:12:52 PM , Rating: 1
was the toshiba the same price as the iphone and did it force you to take 2 years contract? was the toshiba so hyped and did they market is as the hottest thing around that just works?

not a screen problem, but indeed a problem when you use an external screen. your point is invalid because the problem is still valid. an annoying problem made even more frustrating by a company that patches slower than a 2 legged tortoise.

the sata ssd offered as an upgrade for the mbp is infact capable of 220MB/s and it is being capped at 110MB/s due to the screw up. you once again demonstrate how clueless you are. thanks for the laugh.

i see you cannot even make a bait thread without failing hard. one day you will realise that when the majority thinks you are a wanker, they are not the jerks but you are.

RE: fsardis and his iDick debacle
By Pirks on 7/2/2009 8:05:24 PM , Rating: 2
Majority owns iPods as you know, this is why I piss on the majority, and on you especially ;)

P.S. You won't notice a real life difference between 150 MB/sec Samsung SSD and 200 MB/sec same SSD, even if you are a winzealot :P

RE: fsardis and his iDick debacle
By eddieroolz on 7/3/2009 1:14:23 AM , Rating: 2
Actually, only three of my friends own an iPod - and even then they all hate iTunes.

Oh yea, iTunes took 20 seconds to start on my friend's laptop. WMP took 2 seconds.

Where's your Lord?

RE: fsardis and his iDick debacle
By Pirks on 7/3/2009 3:06:42 AM , Rating: 1
my lord uses either macs or itunes alternatives for windows, in either case startup time is same 2 seconds, my poor friend :P

RE: fsardis and his iDick debacle
By fsardis on 7/3/2009 5:42:47 AM , Rating: 2
majority owns ipods because it is indeed a good product that does exactly what it says on the tin. not everything from apple sucks. the majority means much. you have to accept that you are not smarter than everyone else and by the looks of things your intelligence is far below average. darwin says you should not have kids.

no difference on ssd in sata1 eh? not only did it add a couple of extra seconds but in large file operations it added a few extra minutes. and all that for nothing since the battery life is still 8 hours on my mbp after the firmware update.

by the way, you call me a winzealot but i am using linux, osx and windows vista/7. you are only using vista and still kissing iAss. you are the winzealot here and you are the iAsskisser too.

keep the comments coming. it is friday and we would like a few laughs at work. you have practically started a culture here.

RE: fsardis and his iDick debacle
By sbtech on 7/3/2009 8:49:44 AM , Rating: 3
Majority? Aha.

Well well well. What is the market share of Windows and what is the market share of Macs? That is majority right there for you Pirks.

Have a nice weekend :)

"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki