SMS hack could leave "every" iPhone vulnerable

[AppleInsider]

A single character sent by text message could allegedly compromise every iPhone released to date.

Talking at the Black Hat security conference in Las Vegas, experts Charlie Miller and Collin Mulliner say they've discovered a bug in the iPhone's approach to SMS that exposes it completely to remote control through a subsequent hack, including the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.

The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk -- a real problem as the trick could also be used to make an iPhone send more messages of its own.

"Someone could pretty quickly take over every iPhone in the world with this," Miller claimed to Forbes on Wednesday.

An extra vulnerability would simply be used to frustrate individual owners and would use a series of SMS messages to keep the iPhone offline for 10 seconds at a time, creating the mobile equivalent of a denial of service attack for as long as the malicious programmer saw fit.

Both of the experts reiterated that they notified Apple of the flaws roughly a month ago. In its typically silent approach to security, however, the company hasn't issued an update to patch either of the security breaches and hasn't provided an update on whether or not it can release a patch before the end of the month.

Regardless of the Cupertino firm's response, the new exploits underscore a small but noteworthy history of security risks that, among others, have included a since-fixed Safari flaw that would compromise an iPhone just by visiting a website with hidden but hostile code.

Apple is all the same not isolated from these sorts of issues. Google's Android in its current form is vulnerable to the same 10-second knockout as the iPhone, and Windows Mobile can also be controlled through a burst of text messages.

[ View this article at AppleInsider.com ]

[JeffDM]

I hope this isn't true. As it is, I already resent the fact that I have to accept SMS messages as part of the service (for $0.20 a pop) and have no control that I've seen to block or only accept messages from certain people. I can choose not to accept a phone call, not so with SMS that I've found. I get the message and I'm automatically charged for it.

I don't think it's the money that's a problem for me, it's just the total lack of control and it just seems like a potential way to rack up my bill without my permission and I can't do much of anything about it without spending even more time and money.

[iCarbon]

Quote:

Originally Posted by JeffDM

I hope this isn't true. As it is, I already resent the fact that I have to accept SMS messages as part of the service (for $0.20 a pop) and have no control that I've seen to block or only accept messages from certain people. I can choose not to accept a phone call, not so with SMS that I've found. I get the message and I'm automatically charged for it.

I don't think it's the money that's a problem for me, it's just the total lack of control and it just seems like a potential way to rack up my bill without my permission and I can't do much of anything about it without spending even more time and money.

You can choose to block all texts -- just tell your wireless carrier to block all text messages, and they will be blocked.

I agree that this sounds a wee bit hokey -- invisible texts or strange characters? I'm not sure that makes much of any sense, but I'm no expert -- I can only hope.

[technohermit]

Quote:

Originally Posted by JeffDM

I hope this isn't true. As it is, I already resent the fact that I have to accept SMS messages as part of the service (for $0.20 a pop) and have no control that I've seen to block or only accept messages from certain people. I can choose not to accept a phone call, not so with SMS that I've found. I get the message and I'm automatically charged for it.

I don't think it's the money that's a problem for me, it's just the total lack of control and it just seems like a potential way to rack up my bill without my permission and I can't do much of anything about it without spending even more time and money.

Agreed. I think it's only us here in the States that are forced into this pay as you receive garbage. I'm not sure, but maybe anyone in other countries can verify you are pay for outgoing only by law? It should be a requirement by law, imo. Paying for incoming is dumb.

[Rot'nApple]

Quote:

Originally Posted by JeffDM

I hope this isn't true. As it is, I already resent the fact that I have to accept SMS messages as part of the service (for $0.20 a pop) and have no control that I've seen to block or only accept messages from certain people. I can choose not to accept a phone call, not so with SMS that I've found. I get the message and I'm automatically charged for it.

I don't think it's the money that's a problem for me, it's just the total lack of control and it just seems like a potential way to rack up my bill without my permission and I can't do much of anything about it without spending even more time and money.

Precisely why I'm waiting for the T-Mobile iPhone... at least on the plan I have, T-Mobile gives a courtesy 50 SMS and that covers those all important text messages I receive from unknown senders who like to send messages like the following...

"Just because! lol"

If AT&T thinks I'm paying them .20¢ for that, they have a whole other thing coming!

[Mr. H]

I was shocked when I found out you guys have to pay to receive text messages. And on top of that, that it's an astronomical $0.20 per message! I'm on a pay-as-you-go tariff (no monthly fee), and it costs me nothing to receive and only 4p (less than $0.07) to send a text.

[Rot'nApple]

Quote:

Originally Posted by AppleInsider

"Someone could pretty quickly take over every iPhone in the world with this,"

Has anyone received an SMS text message requesting... "one hundred million dollars" (put finger to mouth)...

Sounds like Dr. Evil! Where is Austin Powers when you need him?!

[Techslacker]

You can have sms blocked. I don't have an sms plan for my iphone and have it blocked...just talk to them. You might be able to do it online even but I had my wife take care of it so she called and had it taken care of.

[PG4G]

Quote:

Originally Posted by technohermit

Agreed. I think it's only us here in the States that are forced into this pay as you receive garbage. I'm not sure, but maybe anyone in other countries can verify you are pay for outgoing only by law? It should be a requirement by law, imo. Paying for incoming is dumb.

You are correct. In Australia it would be considered disgusting to charge someone for something they didn't request, or have any control over.

Basically, if you are in control over the charge, thats fair. If you are out of control, then anyone can make you lose as much money as they like. That isn't your choice, and that would be considered ludicrous.

[2 cents]

>>>In Australia it would be considered disgusting to charge someone for something they didn't request, or have any control over.

Well, that's the difference between the US and the rest of civilized world. Nothing here is considered disgusting if it will make someone a profit.

[bklynkid]

Well, you can't hack me, I've had my SMS disabled by AT&T since I got my iPhone.

[paxman]

Quote:

Originally Posted by Mr. H

I was shocked when I found out you guys have to pay to receive text messages. And on top of that, that it's an astronomical $0.20 per message! I'm on a pay-as-you-go tariff (no monthly fee), and it costs me nothing to receive and only 4p (less than $0.07) to send a text.

Not only that - I have to pay when somebody calls ME! And while we are at it.... What about those roaming charges. I am in Canada and if I go to Europe I have to pay 3 cents per KB. That's 30 dollars per MB. Anyone have any clue what the mark-up is on that?

[vercordio]

I feel like this hasn't been a good couple of weeks for Apple. First the Foxconn suicide, then the Google Voice fiasco, now this. I'm not saying anything about Apple's responsibility in any of these, but just from a PR standpoint it's been quite a lot of crap in a very short period of time.

[adamsnothere]

Hmmm.... this is somewhat disconcerting. Starting from about 4pm this afternoon I received 7 text messages within the span of 30 minutes. All of the texts were blank (no characters). I am in Toronto, using Fido. It came from number 416-930-2211. Anyone else had this?

Did the security experts mention any fix? Or any way to know if your phone has been compromised?

[JimDreamworx]

Wanna control every iPhone in the world?

There's an app for that!

[Dlux]

Quote:

Originally Posted by PG4G

If you are out of control, then anyone can make you lose as much money as they like. That isn't your choice, and that would be considered ludicrous.

AT&T themselves could contract with some third party to blast out text messages to all of their customers.

Not that this is likely to happen without serious scrutiny, but imagine if they did it on a partial basis every other month or so, so as to merely appear as a 'nuisance'. Multiply their user base by $.20 and do the math...

[ad4m.phillips]

You guys have to pay to receive a text message? That's the stupidest thing I've ever heard.

[Rot'nApple]

Quote:

Originally Posted by vercordio

I feel like this hasn't been a good couple of weeks for Apple. First the Foxconn suicide, then the Google Voice fiasco, now this. I'm not saying anything about Apple's responsibility in any of these, but just from a PR standpoint it's been quite a lot of crap in a very short period of time.

As long as Apple's stock is on the rise... Don't worry, it's hard to keep a good company down... (I know I inserted the word "company" in lieu of "man" but it seemed to fit).

[Dlux]

Quote:

Originally Posted by ad4m.phillips

You guys have to pay to receive a text message? That's the stupidest thing I've ever heard.

Pretty much. It's even worse than this:

http://www.youtube.com/watch?v=Zrpx4NAtsFQ

[webfrasse]

Quote:

Originally Posted by ad4m.phillips

You guys have to pay to receive a text message? That's the stupidest thing I've ever heard.

...we have to pay to receive a call too! That's in the GREATEST nation in the world where everything is free and everyone can go to the moon if they want;-)

[dualie]

Quote:

Originally Posted by ad4m.phillips

That's the stupidest thing I've ever heard.

That's not as stupid as the people who actually pay it.

Anybody who bends over and lets AT&T have its way with them is asking to be double charged for text messages.

[ad4m.phillips]

No wonder text messaging hasn't really taken off over there then. We moan over here (UK) about only getting a poxy 500 (to send) free, I'd pass out if I got charged for every text I received

[ghostface147]

Anyone else feel that the iPhone is soon going to become the security nightmare that Windows currently is? After all, don't the hackers attack the very popular platforms?

[roncraft]

Quote:

Originally Posted by iCarbon

You can choose to block all texts -- just tell your wireless carrier to block all text messages, and they will be blocked.

I agree that this sounds a wee bit hokey -- invisible texts or strange characters? I'm not sure that makes much of any sense, but I'm no expert -- I can only hope.

When I upgraded to the 3GS I declined the SMS option. I was surprised that I continued to get text messages from others and was irritated that I was being billed for these snippets of bad prose. The CSR said she needed a supervisor to perform an override and that was accomplished. She said that I could neither send nor receive any more text messages except from AT&T (free). I wish I could delete the icon but it's a "core" feature. I don't understand why SMS exists at all.

[JeffDM]

Quote:

Originally Posted by dualie

That's not as stupid as the people who actually pay it.

Anybody who bends over and lets AT&T have its way with them is asking to be double charged for text messages.

Not just AT&T. I think all the major carriers here are like that unless you pay them protection money, er, upgrade to a higher plan where you get 200 or unlimited, that is $5 and $10, respectively. T-Mob might be an exception, but they're almost not a major carrier either.

[charlituna]

Quote:

Originally Posted by technohermit

Agreed. I think it's only us here in the States that are forced into this pay as you receive garbage. I'm not sure, but maybe anyone in other countries can verify you are pay for outgoing only by law? It should be a requirement by law, imo. Paying for incoming is dumb.

Congress is actually investigating pricing issues as well as the whole device locking issue.

[nagromme]

The way I see it, AT&T gets $1.20 for a typical text message.

There's the message, a response, and then a closing back. RARELY is text exchange just one message--it's usually at least 3, even if nothing else is discussed.

- Dinner tonight at 8?
- OK.
- See you there.

Three messages, and each party pays 20 cents, both sender and receiver.

That's $1.20. Just pick up the phone and talk! :o

[silverpraxis]

Getting charged for incoming calls and texts does seem outrageous, however I remember some time back someone here throwing up mobile plans in a European country and I thought that they were paying as much as I do for about half the call minutes and texts. Then when you factor in half the minutes and texts I pay for are incoming, it balanced out. Maybe we can compare different countries' plans and factor in whether incoming calls and texts are charged before we start talking about how ridiculous it is.

[sapporobabyrtrns]

Let's see:

Unlimited data: €14.90 (not the fair usage crap but real unlimited)
3.6 to 7.2 mb/s (free)
1000 mins talk time: €20.90
500 SMS: €4.90

Oh, did I mention unlocked iPhone as well.

Sonera makes it simple in Finland. Thank you State Department for sending me here. Another year please.

[TonyHoyle]

Quote:

Originally Posted by nagromme

The way I see it, AT&T gets $1.20 for a typical text message.

You *are* joking, right? $1 a text?

Over here all but the most crappy plans now have 'unlimited' texts (I think they'd complain if you sent 10,000 of them or something). I get 'unlimited' text and data for £20 a month*.

Even outside those plans.. a text will cost between £0.04 and £0.08 depending on which plan you're on (pay as you talk plans generallly being more expensive, but even these have unlimited text options now).

SMS costs the carrier almost nothing.. at £0.04 they're making a profit.. even with the unlimited free deals they're making more out of the contract than they'll lose in text.

If they tried to charge the kind of money you're talking about there would be riots on the streets - SMS is the primary form of communication around here (my SMS outnumber phone calls by at least 20:1).

* In the UK unlimited doesn't follow the dictionary definition.. they actually mean 'limited' but it seems phone companies are either fraudsters or very bad spellers...

[enzos]

The US-er pays, eh?

Consumer rights groups, the ombudsman, etc. in Oz would have a field day with such diabolical nonsense. And no wonder SMS and MMS are so much less popular there than in most of the world. (The high sender and receiver-pay charges in the USA also explains [to non Americans] Mr Jobs' bemusement at why anyone would want to send pictures by MMS instead of free by email).

[Virgil-TB2]

Grammar police!

Quote:

Originally Posted by AppleInsider

... Apple is all the same not isolated from these sorts of issues. Google's Android in its current form is vulnerable to the same 10-second knockout as the iPhone, and Windows Mobile can also be controlled through a burst of text ...

This should read as ... "All the same, Apple is not alone in experiencing these sorts of issues" or "All the same, these sorts of issues are not confined to Apple alone."

The sentence you used has completely the reverse of the meaning you intended.

It would also be nice to put this rather heavy disclaimer, (which kind of invalidates all the hand-wringing and shock tactics of the body of the article), at the beginning instead of at the end. You guys make it sound almost literally like the end of the world or something, ("Someone could pretty quickly take over every iPhone in the world with this," Miller claimed to Forbes ...), but then we find out at the very end (if we can decode the grammar that is), that the same bug applies to Android, and that WinMobile has a worse one.

It's also relevant whether or not the individual companies or communities are trying to fix it and how long they have known about it.

- Has the Android community known about this even longer?
- How long has the WinMobile bug been around?
- Is anyone trying to fix any of them?

None of these questions are answered or even raised in this article. No offence, but this is a crappy, sensationalistic "junk" piece. You are just fanning the flames here with the shock headline and the the total lack of any real framing of the situation.

Why not just let Charlie Miller spout off himself if you're just going to repeat his alarmist remarks verbatim?

[floccus]

Quote:

Originally Posted by iCarbon

I agree that this sounds a wee bit hokey -- invisible texts or strange characters? I'm not sure that makes much of any sense, but I'm no expert -- I can only hope.

To actually be on topic.. an "invisible" text would most likely be a non-ascii character string that the iPhone OS doesn't recognize as a proper character but rather some type of control string. This "flaw" may have possibly been a non-documented system control signal that would allow your carrier or Apple to submit certain commands to the phone, such as in remote trouble shooting, or push system updates on the carrier's part.

And yes, the US has the worst cell policy on earth. Pogue wrote about it last week in the NYT and Verizon's pres/CEO wrote a rather pointless letter back attempting to refute Pogue's gripes.

[Lafe]

Quote:

Originally Posted by AppleInsider

A single character sent by text message could allegedly compromise every iPhone released to date.

Couldn't AT&T fix this by simply not allowing their system to send out SMS content that is not upper case text / lower case text / numbers / a set list of symbols?

[Roos24]

Quote:

Originally Posted by charlituna

Congress is actually investigating pricing issues as well as the whole device locking issue.

What does this mean? We'll hear nothing for the next four, five years...?

[Wiggin]

Quote:

Originally Posted by ad4m.phillips

You guys have to pay to receive a text message? That's the stupidest thing I've ever heard.

Yeah, and we have to use minutes to receive phone calls, too. I believe much of the rest of the world does not, correct? You only have to pay for out going calls.

That's why comparing plan costs is tricky. It may look like our per minute and per text prices are reasonable, but we pay for both incoming and outgoing.

[JimDreamworx]

Quote:

Originally Posted by ghostface147

Anyone else feel that the iPhone is soon going to become the security nightmare that Windows currently is? After all, don't the hackers attack the very popular platforms?

That's exactly how it works. Which is why Apache has much more virus (or whatever you want to call them) problems than Apache because it is more popular... oh, wait...

Troll much?

[Wiggin]

Quote:

Originally Posted by AppleInsider

A single character sent by text message could allegedly compromise every iPhone released to date.

Might I suggest that the author read the article beyond the banner ad halfway through it? It's not a single character. From the article the author linked to (if you bother to read the 2nd half of the article):

"The two researchers plan to demonstrate how a series of 512 SMS messages can exploit the bug, with only one of those messages actually appearing on the phone, showing a small square."

The attacker has to send 512 messages, not one message with a single character. Yes, you'd only see one of the messages. But I assume the messages have to arrive at your phone in a particular order, which may or may not happen if they are sent in a very short time period (if SMS transmission is like email, the messages may or may not arrive in the same order they were sent). And how hard would it be for ATT or Apple to detect a sudden burst of 512 messages from a single sender?

Finally, just my opinion, but a month seems like a pretty short timeframe to examine the exploit, figure out a fix that doesn't break anything else, put it through QA and testing, and distribute it to customers.

[OC4Theo]

Yes, the world will come to an end one day. So what? Stop living? Hell, no!

What were these idiots doing when they discovered these softwares holes? Well, look at it this way; a house can burn down no matter what materials were used to build it. All you have to do is set fire to it.

These guys need to get a real job, and stop scaring people for every nonsense just to get publicity. May be they should stop holding their stupid Black Hat "insecurity" conference and have a White conference instead.

Yeah! What next? May be the nuclear war will be started with an iPhone! I hate you bastards!!

[ghostface147]

Quote:

Originally Posted by JimDreamworx

That's exactly how it works. Which is why Apache has much more virus (or whatever you want to call them) problems than Apache because it is more popular... oh, wait...

Troll much?

Not at all. There are exceptions of course. I think it makes sense that they will go after the iPhone more and more and as it gains more market share. Other smartphone platforms will have their issues as well, but given Apple's history on being late and quiet on glaring security issues, it's only a matter of time. This is not to say they will get complacent, but it's just a theory. I am happy with my iPhone, I just hope Apple gets very serious about security and fixes holes in a quick manner.