Apple working to fix unreleased iPhone SMS exploit

[AppleInsider]

Tipped off by a Mac OS X security expert, Apple is working to repair a serious security flaw in the iPhone’s operating system – one that could allow an attacker to track the phone’s location via GPS, eavesdrop on conversations via the microphone, or create a mobile bot net capable of unleashing denial of service attacks.

The attack takes advantage of a vulnerability in the phone’s short messaging service, or SMS, feature, allowing an outside party into the phone’s root access without the owner’s knowledge. Security researcher Charles Miller, co-author of The Mac Hacker’s Handbook, announced his discovery Thursday at the SyScan Conference in Singapore, according to Computerworld.

Apple plans to have the fix released later this month, before Miller gives his scheduled speech at the Black Hat Technical Security Conference in Los Angeles. At the July 25-30 conference, Miller will be joined by Colin Mulliner for a talk entitled “Fuzzing the Phone in Your Phone,” which will show attendees how to discover vulnerabilities in a variety of smartphones.

Miller has not specifically detailed how the SMS exploit is done, citing an agreement with Apple. But he will discuss the attack in length at the Black Hat conference.

The exploit takes advantage of the fact that SMS can send binary code to an iPhone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.

For a widely-adopted platform, Apple’s iPhone has had remarkably little in the way of discovered vulnerabilities in its short history. In 2007, a security firm – including Miller – notified Apple of the phone’s first security flaw, soon after the hardware had been released. It was subsequently fixed by Apple.

Miller said that the iPhone’s stripped-down version of OS X makes it more secure than the full-fledged operating system. And because it lacks support for Adobe Flash and Java, isolates individual applications from one another, and only allows software that has been digitally signed by Apple, it is less likely to have security flaws than a full-form computer.

[ View this article at AppleInsider.com ]

[thespaz]

First!

[MacTripper]

Quote:

For a widely-adopted platform, Apple’s iPhone has had remarkably little in the way of discovered vulnerabilities in its short history. In 2007, a security firm – including Miller – notified Apple of the phone’s first security flaw, soon after the hardware had been released. It was subsequently fixed by Apple.

Oh, I beg to differ greatly and I have a link to prove that 46 vulnerabilities were fixed in iPhone 3.0.

I'll be right back with a link.

Quote:

iPhone OS 3.0 fixes 46 vulnerabilities

Apple has released version 3.0 of its iPhone mobile operating system. The update not only includes several new features, but also fixes 46 security vulnerabilities. Version 3.0 of the iPhone OS fixes 23 vulnerabilities in WebKit and Safari alone. According to Apple, many of the problems could have lead to the execution of arbitrary code when visiting a maliciously crafted website. Other vulnerabilities include unexpected application termination or arbitrary code execution when opening a maliciously crafted PDF document or image file and possible disclosure of sensitive information when connecting to a malicious Exchange server.

http://www.h-online.com/security/iPh...--/news/113563


http://arstechnica.com/apple/news/20...rabilities.ars


http://blogs.zdnet.com/security/?p=3644



Also Apple can replace the iPhone glass at retail stores. It uses a suction type device to pull the old one off.

[alectheking]

Quote:

Originally Posted by thespaz

First!

why do you come to the forums just to say that?

[Napoleon_PhoneApart]

Quote:

Originally Posted by alectheking

why do you come to the forums just to say that?

I think I know of him from MacRumors and he seems to have self-esteem issues.

[Virgil-TB2]

What's *not* stated in Miller's description of the vulnerability is that the other apps are sandboxed anyway, so even if the hacker sends an SMS with (presumably a picture attachment), gets the code to run and gets root access, all they have access to is the low level system stuff and the automatic messages. It's hard to tell until he fully describes it, but it doesn't seem like this would give anyone access to your data, just some low level phone hardware items.

[Virgil-TB2]

Quote:

Originally Posted by Napoleon_PhoneApart

I think I know of him from MacRumors and he seems to have self-esteem issues.

Also anyone who uses "the spaz" as a nickname has some fairly obvious self-esteem issues.

[rnp1]

Quote:

Originally Posted by thespaz

First!

I already covered this in the previous thread!

[Quadra 610]

This "vulnerability" does nothing of any real consequence.

More FUD from those unwilling to stomach that Apple is rearranging entire industries as we speak.

[Trajectory]

So I guess this means you should refrain from making homemade sex videos with your iPhone until this security hole has been plugged.

[alectheking]

Quote:

Originally Posted by Napoleon_PhoneApart

I think I know of him from MacRumors and he seems to have self-esteem issues.

Damn, well he needs to stay there and not do that its just plain stupid. Teckstud should show him his way back and stay with him there to keep company.

[OC4Theo]

Quote:

Originally Posted by AppleInsider

The attack takes advantage of a vulnerability in the phone’s short messaging service, or SMS, feature, allowing an outside party into the phone’s root access without the owner’s knowledge.

[ View this article at AppleInsider.com ]

Yesterday I saw an ad in Los Angeles Craigslist for SMS on iPhone without jailbreaking your iPhone.
I called the guy who listed his number with the ad. He explained his business which jailbreaks any smartphone, has discovered a way to let anyone with an iPhone 3G or 3GS send SMS with pics or video right now, without paying a dime to AT&T. His fee? Just $10. Oh, he can also install a program to tether your laptop to any iPhone for only $30. And your fee to AT&T, is $0. I did not take his bet. I love my iPhone, and I don't want anybody messing with it. I intend to wait for AT&T's lazy ass.

Now, I understand what he meant after reading this. Nothing is impossible, if you are willing to keep trying!

[PatsFan83]

Anyone have stats for viruses/attacks on windows mobile phones?

A quick search on google turns up 6 million results each for 'iphone viruses' and 'blackberry viruses'. windows mobile brings 34 million results. not very scientific but should tell you something.

[clickmyface]

Quote:

Originally Posted by MacTripper

Also Apple can replace the iPhone glass at retail stores. It uses a suction type device to pull the old one off.

lol...random?!

[adamj84]

Quote:

Originally Posted by clickmyface

lol...random?!

That's what I thought!!ha

[ericvet8b]

Mmmmmmmm... So I wasn't too far on my thread "danger in opening OS"... Shame to hear this though.... At least it has been detected soon and it seems that Apple will have it fixed soon .

[hypercommunist]

Quote:

Originally Posted by Quadra 610

This "vulnerability" does nothing of any real consequence.

More FUD from those unwilling to stomach that Apple is rearranging entire industries as we speak.

WTF? I'm afraid you are an abject AppleWhore. The vulnerability discribed is triggered by sending SMSes to a phone (can happen at any time) and allows full control over the phone, including input devices and outgoing communication.

Quote:

Originally Posted by Trajectory

So I guess this means you should refrain from making homemade sex videos with your iPhone until this security hole has been plugged.

It means until this is fixed, under the right circumstances someone can make homemade sex videos of you and your girlfriend and post them to YouTube without your knowledge.

Even if the gizmo wasn't pointing directly at your asses, h4XX0Rs could take audio recordings of your tender couplings and post them as soundtracks to Michael Bolton videos.

[UltimateKylie]

Quote:

Originally Posted by PatsFan83

Anyone have stats for viruses/attacks on windows mobile phones?

A quick search on google turns up 6 million results each for 'iphone viruses' and 'blackberry viruses'. windows mobile brings 34 million results. not very scientific but should tell you something.

As someone who used Windows Mobile before the iPhone, I will tell you I never had an issues or heard anything that was worthwile. Some companies did offer virus scans for the platform, but they never sold.

Also I would like to note that Windows with the word Virus will bring up quite alot results as a Windows PC can be made mobile etc... In addition Windows Mobile has a longer past including lots of discussion about viruses back in the day, again something that to this date has happened because for one thing Windows Mobile is more locked down than PCs. All software must be signed (like the iPhone App store) though you can disable this requirement, its there by default on phones.

I find it amazing that iPhone as young as it is has 6 million results for iPhone Viruses... seems odd as even this isn't a virus per say but a security exploit where the person would have to send you a SMS and know you have an iPhone as well.

[AIaddict]

Quote:

Originally Posted by hypercommunist

soundtracks to Michael Bolton videos.

If that is not a violation of Federal and international laws, it should be!

[AIaddict]

Quote:

Originally Posted by Quadra 610

This "vulnerability" does nothing of any real consequence.

More FUD from those unwilling to stomach that Apple is rearranging entire industries as we speak.

HUH? Your data is all stored on the phone in files that the hacker can access via this exploit to steal , delete or modify. He can also control the hardware and record sound, pictures, video, track your location etc. None of that is of real consequence?

[AIaddict]

Quote:

Originally Posted by Virgil-TB2

What's *not* stated in Miller's description of the vulnerability is that the other apps are sandboxed anyway, so even if the hacker sends an SMS with (presumably a picture attachment), gets the code to run and gets root access, all they have access to is the low level system stuff and the automatic messages. It's hard to tell until he fully describes it, but it doesn't seem like this would give anyone access to your data, just some low level phone hardware items.

If you ever poked around on a jail broken phone, your data is all there, stored in files in /var, right where a UNIX guy would expect to find them. Same goes for files stored by your non apple apps. The apps can not actively exchange data, but that is by rule, not because there is no file system where they could access each others files.

Examples from Bigboss....

/var/mobile/Library/AddressBook - Contacts
/var/mobile/Library/Calendar - Your calendar
/var/mobile/Library/Notes - your notes database
/var/mobile/Library/Safari - your bookmarks and cookies
/var/mobile/Library/SMS - your text messages.

see http://thebigboss.org/2009/06/17/iphone-30-preparation/ for the source.

[retroneo]

Quote:

Originally Posted by Quadra 610

This "vulnerability" does nothing of any real consequence.

Dude... This is the most incredible vulnerability!

It lets me listen in to your microphone whereever you are just from knowing your phone number, without you knowing at all.

It lets me check your location anytime and you can never tell.

All you see is "No Service" instead of signal bars for a moment.

It can also be used to create a botnet for attacking other phones or computers.

The demos of it are very cool. This is a very high profile vulnerability... There is no workaround and all iPhones are wide open.

Thankfully Apple will fix this before it becomes public knowledge.

[sapporobabyrtrns]

Quote:

Originally Posted by Quadra 610

This "vulnerability" does nothing of any real consequence.

More FUD from those unwilling to stomach that Apple is rearranging entire industries as we speak.

Behold, the consummate Apple apologist, and resident Steve Jobs pants dweller. This kind of thinking is what gives Apple enthusiasts a bad reputation.

[Quadra 610]

Quote:

Originally Posted by sapporobabyrtrns

Behold, the consummate Apple apologist, and resident Steve Jobs pants dweller. This kind of thinking is what gives Apple enthusiasts a bad reputation.

Apple isn't the only one to have SMS vulnerabilities.

Symbian was hit with one in January.

And this looks like fun:

http://www.pcauthority.com.au/News/1...d-and-sms.aspx

But who cares about these??

Whenever an Apple product so much starts up a second slower than expected everyone's all over it.

This kind of coverage and hand-wringing is happening because it's Apple and expectations are that mich higher. The device can perform beautifully 99 times out of 100, outclassing all the also-rans. But that one time is what gets the hits.