iPhone SMS Vulnerability: Should You be Scared?

By  |  Wednesday, July 29, 2009 at 10:25 am

iPhone ScreamRun for the hills! That’s the message iPhone owners are receiving after multiple reports say security researchers will tomorrow unveil an iPhone vulnerability that could allow the popular device to be taken over via simple SMS (or text) message.

The bug, discovered by iPhone hacker Charlie Miller, will be outlined during a presentation at the Black Hat security conference in Las Vegas on Thursday. Miller’s presentation will supposedly show, as Forbes’ headline screams, “How To Hijack ‘Every iPhone In The World’”. To do so, attackers only need to send a series of specially-formatted SMS messages to an iPhone in order to take over functions such as dialing and turning on the camera and microphone, as well spreading the attack via an affected iPhone’s contact list.

Apple, which Miller notified about the bug six weeks ago, has not commented on the vulnerability and as of this writing has not released a patch for the problem. What can iPhone owners do in the meantime? Miller tells Forbes about the only thing that will surely protect the device is to turn it off.

Miller’s talk isn’t the only centered around SMS vulnerabilities. Other talks will show a somewhat similar flaw in Windows Mobile that would allow for complete control of a device to be achieved through a SMS hack. A third Black Hat talk will center around how an SMS flaw that affects both iPhone and Google Android devices could be used to knock impacted phones off a carrier network for upwards of ten seconds via a blast of SMS messages.

Should you be scared of these newest flaws and really turn off your iPhone in anticipation of an attack? I don’t think so. The SMS attack vector is not all that new. This past spring, CSO Online did a video demonstration of such an attack against various smart phones (see parts one and two of the video).

While the various Black Hat presentations this week will show SMS as being a newer vector for attacking popular smartphone platforms, the odds are still relatively low that any one device will be hit. Most likely (or hopefully), device makers like Apple and carriers will come up with a patch for the SMS flaws well before any mainstream attacks occur. You have a greater chance of being bitten by a Twitter-based hack than an SMS attack.

 
5 Comments


Read more: , ,

2 Comments For This Post

  1. Joe Says:
    July 30th, 2009 at 9:23 am

    Interesting that Google sorted the same flaw in Android almost immediately, yet Apple don’t seem tht bothered.

    Personally it feels like OS3.0 was rushed as I’ve experienced many problems with it and news of security breaches could also be explained by this.

  2. Rangga Aditya Says:
    July 30th, 2009 at 9:18 pm

    I guess, the more this phone famous, the more virus will come. Typical. Just like Nokia with their symbian os. That is why i am not interested in iphone (other reason is i could not afforded, hehe)

3 Trackbacks For This Post

  1. Web Media Daily – July 29, 2009 Says:
    July 29th, 2009 at 10:56 am

    […] iPhone SMS Vulnerability: Should You be Scared?…   Technologizer […]

  2. iPhone SMS Vulnerability: Should You be Scared? | Technologizer | Hack In The Box Says:
    July 29th, 2009 at 2:20 pm

    […] more: iPhone SMS Vulnerability: Should You be Scared? | Technologizer Share and […]

  3. Objective Point » Blog Archive » "Taking Over the iPhones of the World, One SMS at a Time" and related posts Says:
    July 30th, 2009 at 1:20 am

    […] iPhone SMS Vulnerability: Should You be Scared? – Technologizer […]