A Security Exploit in my iPhone? It's More Likely Than You Think

[Stiker]

I made a small post in the iPhone thread, but after doing a little bit more digging, it appears that this is indeed some big news. Simply Googling "iPhone SMS hack" will bring up quite a few articles on this. But here's one from the top of said list:

SMS Hack Can Hijack "Every iPhone In The World" | HULIQ

SMS Hack Can Hijack "Every iPhone In The World"



The Black Hat conference is an annual security get-together that frequently demos newly exposed security holes. And boy, this iPhone SMS hack is a doozy.



Cybersecurity researcher Charlie Miller and his fellow researcher Collin Mulliner plan to present research on a huge iPhone security hole Thursday at the Black Hat cybersecurity conference in Las Vegas. Not an iPhone virus, but rather an SMS hack, the issue can allow a hacker complete control over an iPhone.


According to the researchers, they will demonstrate how to send a series of mostly invisible SMS "bursts" that can give a hacker complete control of the iPhone. That control will include dialing the phone, visiting Web sites, turning on the device's camera and microphone, and more. The hacker will also be able to send more text messages to facilitate spreading the iPhone SMS hack to other iPhones.


To an end user, the evidence that someone is trying to use the iPhone's SMS hack on your device will be a text message on your iPhone containing only a single square character. The only way to avoid being hacked would be to quickly turn off the device. In terms of the amount of control, this hack sounds, quite honestly, very similar to how certain Trojans can turn a PC into a bot, and similarly control it remotely.


Charlie Miller told Forbes:
"This is serious. The only thing you can do to prevent it is turn off your phone. Someone could pretty quickly take over every iPhone in the world with this."

That's a bit of hyperbole, as first a hacker would have to know the appropriate phone numbers to use to hack an iPhone (and there are plenty of phone numbers assigned to other devices). It is obviously very serious, and despite the researchers sharing their results with Apple over a month ago, there has been no movement on a fix as of yet.


Interestingly, the researchers also found a similar "remote control" texting bug in Windows Mobile, and other bugs in Android and the iPhone that can let hackers boot the phones off the network. The Android bug has been closed, but the second iPhone bug has not.


Miller and Mulliner also found a hole in the iPhone's Safari browser way back in 2007 when it was first launched.

Considering these guys have found security holes in the iPhone before, I'd say this would be quite legit. I'm still digging around, but I haven't seen any official updates from Apple.

Here is another question though. While I do see the value of demoing hacks at conference like Black Hat -- wouldn't it be a bit more prudent to maybe hold of on your presentation until Apple fixes the issue?

[Ragnell]

So there is virus' for apple eh?

[Ragnell]

Also lol Blackberry bold

[Stiker]

So there is virus' for apple eh?

Apple touting they never had viruses was always retarded. Hackers would just focus on the larger PC/Windows population.

Anyways, found a CNET article and these guys actually crashed the authors phone...some scary shit lol:

Researchers attack my iPhone via SMS | InSecurity Complex - CNET News

LAS VEGAS--Researchers have discovered a way to take complete control over an iPhone merely by sending special SMS messages and demonstrated it on my iPhone at the Black Hat security conference on Wednesday.

Although an attacker could exploit the hole to make calls, steal data, send text messages, and do basically anything that I can do with my iPhone, the researchers were kind and merely rendered it temporarily inoperable.

Here's what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I'm talking to Miller and the next minute my phone is dead, and this time it's not AT&T's fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.

The attack is enabled by a serious memory corruption bug in the way the iPhone handles SMS messages, said Miller, a senior security researcher at Independent Security Evaluators. There is no patch, despite the fact that Apple was notified of the problem about six weeks ago, he said.

The attack is similar to an SMS attack demonstration CNET News wrote about in April in which mobile security firm Trust Digital was able to send an SMS to a phone that opened up a Web browser and directed the phone to a malicious Web site where malware could be downloaded.

In the more recent research, Android-based phones were found to be similarly susceptible to an SMS attack, only an attacker could temporarily knock the phone off the cell network but not take control, according to Mulliner, who's getting his PhD at the Technical University of Berlin. Google patched the hole last week within a day or two of being notified of the problem, he said.

Meanwhile, a bug in the code written by HTC that controls the user interface on Windows Mobile devices could also be exploited via the SMS messages to make it so there are no buttons to push so the phone can't be used, said Miller.

For the attack to work, an attacker must send hundreds of SMS control messages, which are different from regular SMS messages, according to Miller. Only the initial SMS may be seen, he said.

The researchers will demonstrate the attack on an Android phone and an iPhone during their presentation on Thursday.

Previous iPhone attacks required an attacker to lure the iPhone user to visit a malicious Web site or open a malicious file, but this attack requires no effort on the part of the user and requires only that an attacker have the victim's phone number, Miller said.

Once inside a victim's phone, the attacker could then send an SMS to anyone in the victim's address book and spread the attack from phone to phone, he said.

Previously, Miller discovered a hole in the mobile version of Safari shortly after the iPhone was launched in 2007 and earlier this year he won a contest at CanSecWest by exploiting a hole in Safari.

Asked what an iPhone user can do when attacked, Miller replied: "Rebooting wouldn't be a bad idea. It would stop all but the most sophisticated attacker. However, it doesn't take but a second to grab all your personal info from the device, and as soon as you turn it back on, the bad guy could attack you again. That's why I think this is so serious."

[Ragnell]

holy fuck, thats awesome, remote control hacks!

[Vandole]

that is beyond awesome.

[Ragnell]

Heh, Blackberry is still save after reading that :3

[Kajii]

Also lol Blackberry bold

also lol blackberry tour

just wish i had wifi... wtf Verizon

[Skjie]

Apple has had a long history of ignoring known flaws with their products. Apple has a worse track record by a long shot than Microsoft for time to patch known vulnerabilities. Also, Charlie Miller is one of the best known Apple hackers. He's actually won Pwn2Own at CanSecWest two years in a row first on an Apple computer.

[Skjie]

Heh, Blackberry is still save after reading that :3

Blackberries are the most secure phone you can buy. As far as I am aware there are no published attacks for them that don't require bluetooth.

[Linliel]

And this is why you don't put your phone number up on places like facebook and then say "HAY GUYS I JUST BOUGHT AN IPHONE LOL".

Actually this is why you don't put your phone number online full stop.

Actually this *isn't* why, but it's another reason why.

Good morning!

[thebearofscience]

Good. iPhones are for fags.

[miokomioko]

Good. iPhones are for people who can afford them.

I know, right?

[Kerberoz]

insinuating that iPhones cost more than alternatives

wut

[Akucaen]

Oh, I thought this topic was going to be about Apple's retarded comments saying the iphone could be used to destroy cell towers if 3rd party apps are allowed to be used.

After reading that, it's kinda a cool hack. Not to be used, just what it can do with a simple text message.

[EternalSnow]

I know, right?

Haha. I have a iPhone too. I hope I don't get a message like that /cry

[Takedown3]

lots of RIM hate

[Norellicus]

Here is another question though. While I do see the value of demoing hacks at conference like Black Hat -- wouldn't it be a bit more prudent to maybe hold of on your presentation until Apple fixes the issue?

Publicizing the issue puts heat on apple to actually get it fixed; most stuff that turns up at black hat or similar has already been sent to the major corporation(s) responsible in private.

[Stiker]

Oh, I thought this topic was going to be about Apple's retarded comments saying the iphone could be used to destroy cell towers if 3rd party apps are allowed to be used.

Yeah, I remember reading that. Was the most absurd argument I've ever seen.

Publicizing the issue puts heat on apple to actually get it fixed; most stuff that turns up at black hat or similar has already been sent to the major corporation(s) responsible in private.

Yeah, after reading more articles on the issue I'm on board with it going public. Apple had 6 weeks notice to patch and didn't even as much give a public statement to the issue, which is pretty pathetic.

[Gunitsoldier]

Haha. I have a iPhone too. I hope I don't get a message like that /cry

you're gay right? serious question