or Connect
AppleInsider › Forums › Mobile › iPhone › Apple releases iPhone 3.0.1 software to fix SMS exploit
New Posts  All Forums:Forum Nav:

Apple releases iPhone 3.0.1 software to fix SMS exploit

post #1 of 92
Thread Starter 
Responding to a dangerous security exploit unveiled this week, Apple released an update to its iPhone operating system Friday to patch the security hole.

Firmware 3.0.1 is now available for the iPhone, iPhone 3G and iPhone 3GS through iTunes. The update is around 300MB. There is no indication that there are any new features or fixes other than the text message exploit patch.

Earlier Friday, it was reported that Apple would release a fix for the exploit Saturday, but the iPhone maker beat that deadline Friday afternoon.

Security researcher Charlie Miller, co-author of The Mac Hackers Handbook, demonstrated the hack Thursday at the Black Hat 2009 conference in Las Vegas. The attack takes advantage of a vulnerability in the phones short messaging service, or SMS, feature, allowing an outside party into the phones root access without the owners knowledge.

The exploit takes advantage of the fact that SMS can send binary code to a phone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone. The exploit supposedly exposes the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.



The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk -- a real problem as the trick could also be used to make an iPhone send more messages of its own.
post #2 of 92
>"Apple released an update to its iPhone operating system Thursday"

Pretty sure you mean "Friday", not "Thursday".
post #3 of 92
downloading it now
post #4 of 92
Quote:
Originally Posted by al_bundy View Post

downloading it now

Is it snappier?
post #5 of 92
Mine is only 230.1 MB.

"Be aware of wonder." ~ Robert Fulghum

Reply

"Be aware of wonder." ~ Robert Fulghum

Reply
post #6 of 92
Quote:
Originally Posted by DanaCameron View Post

Mine is only 230 MB.

You win first prize for best complaint - EVER!
post #7 of 92
Quote:
Originally Posted by teckstud View Post

Is it snappier?

seems the same, will see. Slacker is working. had some problems with slacker and pandora today with connection timing out. i thought AT&T was cutting me off. 1 week into my billing cycle and i'm up to 428MB of data
post #8 of 92
Quote:
Originally Posted by ktappe View Post

>"Apple released an update to its iPhone operating system Thursday"

Pretty sure you mean "Friday", not "Thursday".

Or Saturday, if you're in China, where they're made.
post #9 of 92
The exploit also affects Windows Mobile, apparently. As far as I can tell, Microsoft hasn't fixed it--Apple was first. Is that the case?

(I'm not sure about Google Android.)
post #10 of 92
It affects Android as well.

And I didn't get to go to 3.01 for my touch, and I PAID for my update to OS 3.0, so I'm pouting, even if it doesn't do me any good because I don't have SMS! Wah!

So, my download is only..... ZERO!

Wah!
post #11 of 92
Quote:
Originally Posted by teckstud View Post

Is it snappier?

Wow. All Snappiness jokes aside, it's significantly faster sync-wise for me.

I haven't used the iPhone itself extensively, since the update yet, but After the Update to 3.0.1, my iPhone backed-up, synced a half dozen purchased apps, photo's, songs, notes, etc. in like 35-40 seconds. The sync bars were screaming. On a 16GB 3GS, with 300MB to spare.

Never ever seen that before.
post #12 of 92
mine seemed to backup faster as well

i have around 23GB of data on mine and usually takes 10 minutes to backup. will see how it goes when i get home
post #13 of 92
Quote:
Originally Posted by GregoriusM View Post

It affects Android as well.

And I didn't get to go to 3.01 for my touch, and I PAID for my update to OS 3.0, so I'm pouting, even if it doesn't do me any good because I don't have SMS! Wah!

So, my download is only..... ZERO!

Wah!

But it seems that Android is fixed--even before Apple did (according to someone posting at MR, anyway). So, everyone but Microsoft has a patch?

As for Touch users... the best feature of a Touch is that it CAN'T get annoying SMS messages from your friends
post #14 of 92
Quote:
Originally Posted by nagromme View Post

The exploit also affects Windows Mobile, apparently. As far as I can tell, Microsoft hasn't fixed it--Apple was first. Is that the case?

(I'm not sure about Google Android.)

Apple was notified long before 3.0 came out, and did not issue a patch until over six-weeks later when the OS was released. They did not delay its release to fix this significant flaw, leaving their customers vulnerable for almost two months.

Android had a similar exploit that basically could kick a phone offline indefinitely, which was immediately patched. Microsoft's phone are also affected, but they've only had since Monday (less than a week) to work on it. The WinMo exploit was only found by the guy earlier this week, so they have not had nearly enough time to issue a patch.

Apple, for all their praise and glory, is LAUGHABLE when it comes to security of its products and its customers. It took them 9 months to fix a severe security vulnerability in Java, and that was only because the security researcher released the code to the public. Again, Apple has had ample time to patch a potentially more DANGEROUS flaw in their phones that could give an attacker access to the GPS, knowing exactly where it was in the world. They, once again, only released a patch when the method was known to the public.

Apple sucks at security.
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
post #15 of 92
Quote:
Originally Posted by nagromme View Post

But it seems that Android is fixed--even before Apple did (according to someone posting at MR, anyway). So, everyone but Microsoft has a patch?

Google and Apple have had months of notification before it was discussed publicly. Microsoft's flaw, however, was only discovered this past Monday, meaning they've had less than a week to work on a patch. So in defense of Microsoft, they just haven't had enough time to patch it yet.

Apple on the other hand waited months after knowing about it before they issued a patch, leaving their customers vulnerable. Android was patched much sooner.
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
post #16 of 92
Have there been any documented instances of this flaw being used maliciously?
post #17 of 92
Is the update "safe" for jailbroken and unlocked i Phones?
post #18 of 92
eugh! i'm on 3.1, is there a 3.1.1 beta yet??
post #19 of 92
AI... you missed this text with the update from Apple:

"We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms. This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."

Kinda important, no? Charlie Miller is full of crap.

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply
post #20 of 92
anyone know if this update breaks the IPCC tethering hack? \
post #21 of 92
Quote:
Originally Posted by yuusharo View Post

Apple was notified long before 3.0 came out, and did not issue a patch until over six-weeks later when the OS was released. They did not delay its release to fix this significant flaw, leaving their customers vulnerable for almost two months.

This is just not true at all.

They had a month from the time Miller announced it, to the day of the black hat conference where he said he would talk about it whether they fixed it or not. He issued a press release a couple of days ago saying how they were "slow" and they fixed it today.

Quote:
Originally Posted by yuusharo View Post

... Microsoft's phone are also affected, but they've only had since Monday (less than a week) to work on it. The WinMo exploit was only found by the guy earlier this week, so they have not had nearly enough time to issue a patch. ...

This is just misleading. They had a reasonable expectation when this was announced a month ago that the same exploit would also affect them. The fact that a guy only proved this was the case a week ago is irrelevant to the fact that any dimwit could see that the bug was almost certainly going to affect them also. It's Microsoft that sucks at security and always has. They are the only ones to dat the haven't fixed it, even though Miller never even mentions them in his chest pounding press releases.

it's also worth mentioning that the character has no business being sent to a phone in the first place and if blame is to be apportioned, the carrier is probably more at fault than anyone for not filtering it out in the first place.
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
post #22 of 92
Also wondering if this breaks tethering hack........... anyone?
post #23 of 92
Wow, Apple didn't put the input validation code in there in the first place? Shame on them.
post #24 of 92
Finally can turn my 3gs back on lol
White Nexus 7 8GB
Black & Slate iPhone 5 32GB AT&T
Reply
White Nexus 7 8GB
Black & Slate iPhone 5 32GB AT&T
Reply
post #25 of 92
Quote:
Originally Posted by teckstud View Post

You win first prize for best complaint - EVER!

Yay!! I drew an attack from Teckstud! That wasn't a complaint, genius. Just an observation for those who might be interested. Geesh you're funny!

"Be aware of wonder." ~ Robert Fulghum

Reply

"Be aware of wonder." ~ Robert Fulghum

Reply
post #26 of 92
Quote:
Originally Posted by nagromme View Post

The exploit also affects Windows Mobile, apparently. As far as I can tell, Microsoft hasn't fixed it--Apple was first. Is that the case?

(I'm not sure about Google Android.)

Quote:
Originally Posted by GregoriusM View Post

It affects Android as well.

I don't get it, why are three different platforms affected by the same bug? Is everyone making the same mistake? It doesn't seem like there should be shared code like when several operating systems were using the BSD TCP/IP stack, including Microsoft.
post #27 of 92
Quote:
Originally Posted by nagromme View Post

The exploit also affects Windows Mobile, apparently. As far as I can tell, Microsoft hasn't fixed it--Apple was first. Is that the case?

(I'm not sure about Google Android.)

Google Android is also affected. It has to do with SMS specifically, not any particular implementation.
post #28 of 92
Quote:
Originally Posted by JeffDM View Post

I don't get it, why are three different platforms affected by the same bug? Is everyone making the same mistake?

http://tools.ietf.org/html/draft-iet...p-01#section-7

Quote:

7. Security Considerations


Please see the discussions on security considerations for the
registrations of Enumservice "sms:smpp" and URI scheme "smpp" in
Sections 8.1 and 8.2 respectively.



8. IANA Considerations


This document registers the "smpp" Enumservice using the subtype
"smpp" under the existing type "sms" in the Enumservice registry
described in the IANA considerations in RFC 3761 [2] and draft-ietf-
enum-enumservices-guide-07 [12]. This document also registers with
the IANA the "smpp" URI scheme per RFC 4395 [5]. Details of the two
registrations can be found in Sections 8.1 and 8.2 below.



8.1. IANA Registration for Enumservice "sms:smpp"


Enumservice Name: smpp

Enumservice Class: Common Application

Enumservice Type: sms

Enumservice subtype: smpp

URI scheme: smpp

Functional Specification: This Enumservice indicates that the
resource identified by the associated URI is capable of receiving
short messages using the SMPP protocol [13].

Security Considerations: Use of the "sms:smpp" Enumservice shall
either be within a service provider's internal network, or on a
private basis between one or more parties. It is assumed that
this Enumservice is used in an environment where entities are
trusted and general public or attackers are not supposed to have
access to the DNS RRs containing the "smpp" URI.


The initial purpose of this Enumservice and the "smpp" URI is to
indicate that the remote resource can receive short messages using
SMPP. It is recommended that only the <hostport> appears in the
URI. If the <userinfo> is present, it is recommended that it
contains the international telephone number with the leading "+"
so as not to convey user-specific information in the "smpp" URI.

post #29 of 92
Quote:
Originally Posted by Virgil-TB2 View Post

This is just not true at all.

They had a month from the time Miller announced it, to the day of the black hat conference where he said he would talk about it whether they fixed it or not. He issued a press release a couple of days ago saying how they were "slow" and they fixed it today.

Correct... Apple WAS slow in fixing this flaw. Miller first notified the public of the bug's existence a few days before 3.0 was released. My understanding is he gave Apple plenty of time before then to issue a patch. The fact that we waited at least six weeks after a known vulnerability was out there before it was finally patched (essentially forced to, since the flaw is now public) is pretty damning on Apple's part. Again, I say this as an iPhone owner and Mac user.

Google was also notified of a similar, but less-severe SMS exploit around the same time. They, however, managed to patch their Android platform within a few days.

Quote:
This is just misleading. They had a reasonable expectation when this was announced a month ago that the same exploit would also affect them. The fact that a guy only proved this was the case a week ago is irrelevant to the fact that any dimwit could see that the bug was almost certainly going to affect them also.

In case you didn't notice, iPhone OS, Android and Windows Mobile are three separate operating systems . Each has their own unique code base and systems that govern the phone. Just because one platform is vulnerable doesn't mean the others are as well.

For example, the iPhone is in the worst shape because of the severe nature of the exploit, vs Android, which only had a minor bug that was more of an annoyance than severe. Windows Mobile was *NOT* vulnerable to either of these exploits, which is why Microsoft wasn't notified of any such problem. However, a *NEW* problem with Windows Mobile was discovered on Monday, and Microsoft hadn't been notified. I'm certain Windows Mobile users can expect a security update to their devices within the coming days, hopefully much sooner than Apple's six-week delay.

Quote:
It's Microsoft that sucks at security and always has. They are the only ones to dat the haven't fixed it, even though Miller never even mentions them in his chest pounding press releases.

Once again, this is because the flaw in Windows Mobile is a separate one from the iPhone and Android. Miller doesn't mention Microsoft in his "chest pounding" as you put it, because again, this discovery was made less than a week ago, and more than likely hasn't been engineered into an actual exploit yet. I'm certain that Miller has informed Microsoft to the problem, and they'll issue a patch once they properly test it on a wide range of devices.

Remember, its not as easy as writing some code and sending it out. You have to test it properly, or else you could have WORSE problems than you did before. Look up Seagate and the bad firmware update story from a year ago, and see what I mean.

Quote:
it's also worth mentioning that the character has no business being sent to a phone in the first place and if blame is to be apportioned, the carrier is probably more at fault than anyone for not filtering it out in the first place.

While I do think the carrier has a responsibility to monitor some of this stuff, the fact is millions and millions of text messages are processed every day. The way this exploit works is not sending just one malformed character, but sending nearly 500 of them invisibly.

But even still, how would you filter it out? How do you know its not just a regular text from another customer? Why do they need to worry about filtering when issues like this have never really been brought up before?

There's more to it than just "filter it."
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
post #30 of 92
Quote:
Originally Posted by mdriftmeyer View Post

Google Android is also affected. It has to do with SMS specifically, not any particular implementation.

Android was also patched a few weeks ago. If you have an android phone, make sure you accept those updates.
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
Video editor, tech enthusiast, developer.

http://www.yuusharo.com
http://www.studioyuu.com
Reply
post #31 of 92
Quote:
Originally Posted by al_bundy View Post

mine seemed to backup faster as well

i have around 23GB of data on mine and usually takes 10 minutes to backup. will see how it goes when i get home

The backup only backs up SMS, settings, notes, application settings, etc, it does not backup applications, photos, music, videos, etc.

Any content that is synced via iTunes is not part of the backup as it can always be resyned to the iPod from iTunes.
post #32 of 92
still has trouble connecting with wifi, my macbook has 3 bars iphone zero bars.
i guess this is a known problem with weak wifi connection doesn't find my network till i'm in the same room with the router then it will keep it for a while
but update went fine
I APPLE THEREFORE I AM
Reply
I APPLE THEREFORE I AM
Reply
post #33 of 92
Quote:
Originally Posted by IsmOfAm View Post

Is the update "safe" for jailbroken and unlocked i Phones?

I've heard that once you jailbroke your 3GS , you cannot update or you will permanently brick your phone, no option to restore through Itunes or re-jailbreak. I'm not %100 on this, but wouldn't take the chance if I were you.
post #34 of 92
Quote:
Originally Posted by Boogerman2000 View Post

I've heard that once you jailbroke your 3GS , you cannot update or you will permanently brick your phone, no option to restore through Itunes or re-jailbreak. I'm not %100 on this, but wouldn't take the chance if I were you.

You wont brick your device, but you not be able to jailbreak it for awhile if the exploit gets patched in the update. Best just not to update until Dev Team gives you the go ahead.
post #35 of 92
for some odd reason i got a major boost in cell phone reception from 1-2 bar to 3-5 bar 3g on my new 3gs! i dont know if this is a fluke or just that maybe people who jailbroken their phones now have bricks that has freed up AT&T towers from their interference cause by their hacked phonesmaybe apple is onto something by updating software to clear phones periodically of hacked software. i am loving all of my new found freedom of making calls anywhere in my home without worrying about losing quality or dropped calls, for now at least until the jailbroken community comes back online. i wish there was a way for apple and that community to join forces to offer all of the cool apps that seems to be so popular to make people to want to jailbreak in the first place! until then i will wait like a good little mac geek too scared to screw up his new toy. everyone else who has the guts enjoy i hope to be there soon where we can live in peace!
post #36 of 92
Quote:
Originally Posted by yuusharo View Post

Correct... ...

No offence (as I can see you took a while on the response, but this is all just a lot of blah, blah, blah form my perspective. You kind of re-iterate everything you asserted in your first post (the one I replied to), but don't actually add anything substantive to the argument or seriously refute any of my statements.

IMO the nature of the bug(s) is such that MS can be considered to have got it's "warning" at the same time as everyone else which, according to Miller's own words was "a month" (not two) but I'm not going to do research on that to find out exactly what the times were because I just don't really care. Apple fixed the bug in a reasonable amount of time AFAICS, but I'll give you that their wording on "fixing it 48 hours after it was successfully demonstrated" is kind of a lame dodge. The Android *community* (not necessarily just Google), did fix it faster and I never doubted that. Microsoft still hasn't fixed their bug and I don't think they have any real excuse to hang that on, but on the other hand this is really not that dangerous a bug in the real world.

The fact that Charlie Miller is a big blowhard bent on self aggrandisement and with a big anti-Apple bias is pretty well-known so I won't bother defending that. The fact that the media just repeated all his words verbatim without any real analysis or even looking into the facts is also a given IMO.

I think all the companies with the exception of Microsoft, Mr. Miller and the media, did their jobs rather well in fact, and the whole situation is just another "tempest in a teapot" from Mr. Miller at the end of the day.

I think he will actually have to cross over to the dark side and do an exploit himself if he really wants to satisfy his urges to prove Apple's security sucks.
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
post #37 of 92
Quote:
Originally Posted by gto65l View Post

Have there been any documented instances of this flaw being used maliciously?

No Not a One. Its a wonder what everyone is crying about.

Quote:
Originally Posted by yuusharo View Post


Apple sucks at security.

This is a pretty strong statement with nothing whatsoever to back it up. Why does apple suck at security any more then anyone else. \
post #38 of 92
I doubt Android and Windows Mobile will be patched as T-Mobile has patched the network side of things and I assume all carriers will eventually.

I think Apple obviously had to patch the iPhone due to the fact of all the bad press.

The fact is Android is not patched and the only reason Google said its taken care of is because T-Mobile has done something with their network. Thats what I have heard.

Nokia Lumia 920, iPhone, Surface RT, Intel i3 Desktop with Windows 7 & Hackintosh, Power Cube G4

Reply

Nokia Lumia 920, iPhone, Surface RT, Intel i3 Desktop with Windows 7 & Hackintosh, Power Cube G4

Reply
post #39 of 92
Quote:
Originally Posted by Virgil-TB2 View Post

...

The fact that Charlie Miller is a big blowhard bent on self aggrandisement and with a big anti-Apple bias is pretty well-known so I won't bother defending that. The fact that the media just repeated all his words verbatim without any real analysis or even looking into the facts is also a given IMO.

I think all the companies with the exception of Microsoft, Mr. Miller and the media, did their jobs rather well in fact, and the whole situation is just another "tempest in a teapot" from Mr. Miller at the end of the day.

I think he will actually have to cross over to the dark side and do an exploit himself if he really wants to satisfy his urges to prove Apple's security sucks.

Accept the facts. Apple didn't fix the security Flaw. If you don't believe it was a flaw then I would expect that you are smarter than the Apple Team that rushed to get this out ASAP after this guy gave them more than enough time to FIX IT and called them on it and made them look foolish for letting this go.

Windows found about it on Monday (I would expect they are working on a fix).
If not he will likely do the same thing for Microsoft as hes concerned with the security of the end user.

Android fixed the security Flaw.

Sleep well this weekend knowing that you are smarter than Apple and would have left the security flaw go unfixed.

yuusharo and many others on the forum did an excellent job explaining the entire history and when & who was notified and who took action. They put it in terms the average 3rd grader could understand.
post #40 of 92
Quote:
Originally Posted by Logisticaldron View Post

You won’t brick your device, but you not be able to jailbreak it for awhile if the exploit gets patched in the update. Best just not to update until Dev Team gives you the go ahead.

Yes, actually you will brick your phone. I was told this by the guy who jailbroke my phone, and now as of today people are updating and bricking their phones. The link is below. Dfu mode does NOT work, restoring, hard reset etc., they all don't work with a jailbroken 3GS so be warned everybody that had their 3GS jailbroken/unlocked.

http://forums.macrumors.com/showthread.php?t=756956
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple releases iPhone 3.0.1 software to fix SMS exploit