Katie MarsalThe news that a patch is coming soon came from a spokesperson for O2, the iPhone's wireless carrier in the U.K. It was not immediately made clear whether a patch would be made available for all iPhone users, or just those in the U.K. The exploit also affects Google Android and Windows Mobile phones. Google has reportedly taken steps to fix the security hole.
Security researcher Charlie Miller, co-author of The Mac Hacker’s Handbook, demonstrated the hack Thursday at the Black Hat 2009 conference in Las Vegas. The attack takes advantage of a vulnerability in the phone’s short messaging service, or SMS, feature, allowing an outside party into the phone’s root access without the owner’s knowledge.
When the hack was first revealed by Miller early in July, Apple was expected to release a fix before the Black Hat conference, where he gave greater detail. But that fix never came before Miller's talk.
The exploit takes advantage of the fact that SMS can send binary code to a phone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone. The exploit supposedly exposes the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.
The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk — a real problem as the trick could also be used to make an iPhone send more messages of its own.
Andrew Orr
Christine McKee
Sponsored Content
Wesley Hilliard
AppleInsider Staff
Amber Neely
21 Comments
this is just a hotfix, service pack 1 isn't due till september
I'll be looking forward to check it out. Sounds interesting.
Thought : to what degree is it worth letting out news of a security problem break, and then issuing a fix within 48 hours, knowing people will want to install it - versus the problems that are patched and fixed without ever breaking as news?
It makes you look like you respond fast, while ensuring people update fast too.
I've been searching all morning for a report from someone who was there (the Black Hat conf.) and witnessed the exploit actually being used to extract someone's personal info and/or to cause the iPhone to send a text msg to another iPhone to propagate the exploit. I've found nothing except one reporter who says her iPhone was crashed by them sending an SMS to her, as a demo.
All I've seen about the serious exploit is that "Miller claims....".
Where's the nitty-gritty? Post a link please.
I've been searching all morning for a report from someone who was there (the Black Hat conf.) and witnessed the exploit actually being used to extract someone's personal info and/or to cause the iPhone to send a text msg to another iPhone to propagate the exploit. I've found nothing except one reporter who says her iPhone was crashed by them sending an SMS to her, as a demo.
All I've seen about the serious exploit is that "Miller claims....".
Where's the nitty-gritty? Post a link please.
it's illegal to even try what you say
the fact that this is a buffer overflow exploit is very bad. Most of Microsoft's patches for windows 2000 and 2003 were for buffer exploits for x86 code. a lot of programmers are lazy and if are going to put say 10KB of data into a memory area you're supposed to enforce it. in a lot of cases they don't and overflowing that memory area with data is what causes this.
and makes you wonder how many other buffer overflows you can find i the iPhone OS?