Apple working to fix unreleased iPhone SMS exploit

Posted:
in iPhone edited January 2014
Tipped off by a Mac OS X security expert, Apple is working to repair a serious security flaw in the iPhone?s operating system ? one that could allow an attacker to track the phone?s location via GPS, eavesdrop on conversations via the microphone, or create a mobile bot net capable of unleashing denial of service attacks.



The attack takes advantage of a vulnerability in the phone?s short messaging service, or SMS, feature, allowing an outside party into the phone?s root access without the owner?s knowledge. Security researcher Charles Miller, co-author of The Mac Hacker?s Handbook, announced his discovery Thursday at the SyScan Conference in Singapore, according to Computerworld.



Apple plans to have the fix released later this month, before Miller gives his scheduled speech at the Black Hat Technical Security Conference in Los Angeles. At the July 25-30 conference, Miller will be joined by Colin Mulliner for a talk entitled ?Fuzzing the Phone in Your Phone,? which will show attendees how to discover vulnerabilities in a variety of smartphones.



Miller has not specifically detailed how the SMS exploit is done, citing an agreement with Apple. But he will discuss the attack in length at the Black Hat conference.



The exploit takes advantage of the fact that SMS can send binary code to an iPhone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.



For a widely-adopted platform, Apple?s iPhone has had remarkably little in the way of discovered vulnerabilities in its short history. In 2007, a security firm ? including Miller ? notified Apple of the phone?s first security flaw, soon after the hardware had been released. It was subsequently fixed by Apple.



Miller said that the iPhone?s stripped-down version of OS X makes it more secure than the full-fledged operating system. And because it lacks support for Adobe Flash and Java, isolates individual applications from one another, and only allows software that has been digitally signed by Apple, it is less likely to have security flaws than a full-form computer.
«1

Comments

  • Reply 1 of 23
    thespazthespaz Posts: 71member
    First!
  • Reply 2 of 23
    mactrippermactripper Posts: 1,328member
    Quote:

    For a widely-adopted platform, Apple’s iPhone has had remarkably little in the way of discovered vulnerabilities in its short history. In 2007, a security firm – including Miller – notified Apple of the phone’s first security flaw, soon after the hardware had been released. It was subsequently fixed by Apple.





    Oh, I beg to differ greatly and I have a link to prove that 46 vulnerabilities were fixed in iPhone 3.0.



    I'll be right back with a link.





    Quote:

    iPhone OS 3.0 fixes 46 vulnerabilities



    Apple has released version 3.0 of its iPhone mobile operating system. The update not only includes several new features, but also fixes 46 security vulnerabilities. Version 3.0 of the iPhone OS fixes 23 vulnerabilities in WebKit and Safari alone. According to Apple, many of the problems could have lead to the execution of arbitrary code when visiting a maliciously crafted website. Other vulnerabilities include unexpected application termination or arbitrary code execution when opening a maliciously crafted PDF document or image file and possible disclosure of sensitive information when connecting to a malicious Exchange server.



    http://www.h-online.com/security/iPh...--/news/113563





    http://arstechnica.com/apple/news/20...rabilities.ars





    http://blogs.zdnet.com/security/?p=3644







    Also Apple can replace the iPhone glass at retail stores. It uses a suction type device to pull the old one off.
  • Reply 3 of 23
    alecthekingalectheking Posts: 206member
    Quote:
    Originally Posted by thespaz View Post


    First!



    why do you come to the forums just to say that?
  • Reply 4 of 23
    Quote:
    Originally Posted by alectheking View Post


    why do you come to the forums just to say that?



    I think I know of him from MacRumors and he seems to have self-esteem issues.
  • Reply 5 of 23
    virgil-tb2virgil-tb2 Posts: 1,416member
    What's *not* stated in Miller's description of the vulnerability is that the other apps are sandboxed anyway, so even if the hacker sends an SMS with (presumably a picture attachment), gets the code to run and gets root access, all they have access to is the low level system stuff and the automatic messages. It's hard to tell until he fully describes it, but it doesn't seem like this would give anyone access to your data, just some low level phone hardware items.
  • Reply 6 of 23
    virgil-tb2virgil-tb2 Posts: 1,416member
    Quote:
    Originally Posted by Napoleon_PhoneApart View Post


    I think I know of him from MacRumors and he seems to have self-esteem issues.



    Also anyone who uses "the spaz" as a nickname has some fairly obvious self-esteem issues.
  • Reply 7 of 23
    rnp1rnp1 Posts: 175member
    Quote:
    Originally Posted by thespaz View Post


    First!



    I already covered this in the previous thread!
  • Reply 8 of 23
    quadra 610quadra 610 Posts: 6,757member
    This "vulnerability" does nothing of any real consequence.



    More FUD from those unwilling to stomach that Apple is rearranging entire industries as we speak.
  • Reply 9 of 23
    trajectorytrajectory Posts: 647member
    So I guess this means you should refrain from making homemade sex videos with your iPhone until this security hole has been plugged.
  • Reply 10 of 23
    alecthekingalectheking Posts: 206member
    Quote:
    Originally Posted by Napoleon_PhoneApart View Post


    I think I know of him from MacRumors and he seems to have self-esteem issues.



    Damn, well he needs to stay there and not do that its just plain stupid. Teckstud should show him his way back and stay with him there to keep company.
  • Reply 11 of 23
    oc4theooc4theo Posts: 294member
    Quote:
    Originally Posted by AppleInsider View Post


    The attack takes advantage of a vulnerability in the phone?s short messaging service, or SMS, feature, allowing an outside party into the phone?s root access without the owner?s knowledge.





    Yesterday I saw an ad in Los Angeles Craigslist for SMS on iPhone without jailbreaking your iPhone.

    I called the guy who listed his number with the ad. He explained his business which jailbreaks any smartphone, has discovered a way to let anyone with an iPhone 3G or 3GS send SMS with pics or video right now, without paying a dime to AT&T. His fee? Just $10. Oh, he can also install a program to tether your laptop to any iPhone for only $30. And your fee to AT&T, is $0. I did not take his bet. I love my iPhone, and I don't want anybody messing with it. I intend to wait for AT&T's lazy ass.



    Now, I understand what he meant after reading this. Nothing is impossible, if you are willing to keep trying!
  • Reply 12 of 23
    patsfan83patsfan83 Posts: 156member
    Anyone have stats for viruses/attacks on windows mobile phones?



    A quick search on google turns up 6 million results each for 'iphone viruses' and 'blackberry viruses'. windows mobile brings 34 million results. not very scientific but should tell you something.
  • Reply 13 of 23
    Quote:
    Originally Posted by MacTripper View Post


    Also Apple can replace the iPhone glass at retail stores. It uses a suction type device to pull the old one off.



    lol...random?!
  • Reply 14 of 23
    adamj84adamj84 Posts: 5member
    Quote:
    Originally Posted by clickmyface View Post


    lol...random?!



    That's what I thought!!ha
  • Reply 15 of 23
    ericvet8bericvet8b Posts: 70member
    Mmmmmmmm... So I wasn't too far on my thread "danger in opening OS"... Shame to hear this though.... At least it has been detected soon and it seems that Apple will have it fixed soon .
  • Reply 16 of 23
    Quote:
    Originally Posted by Quadra 610 View Post


    This "vulnerability" does nothing of any real consequence.



    More FUD from those unwilling to stomach that Apple is rearranging entire industries as we speak.



    WTF? I'm afraid you are an abject AppleWhore. The vulnerability discribed is triggered by sending SMSes to a phone (can happen at any time) and allows full control over the phone, including input devices and outgoing communication.



    Quote:
    Originally Posted by Trajectory View Post


    So I guess this means you should refrain from making homemade sex videos with your iPhone until this security hole has been plugged.



    It means until this is fixed, under the right circumstances someone can make homemade sex videos of you and your girlfriend and post them to YouTube without your knowledge.



    Even if the gizmo wasn't pointing directly at your asses, h4XX0Rs could take audio recordings of your tender couplings and post them as soundtracks to Michael Bolton videos.
  • Reply 17 of 23
    Quote:
    Originally Posted by PatsFan83 View Post


    Anyone have stats for viruses/attacks on windows mobile phones?



    A quick search on google turns up 6 million results each for 'iphone viruses' and 'blackberry viruses'. windows mobile brings 34 million results. not very scientific but should tell you something.



    As someone who used Windows Mobile before the iPhone, I will tell you I never had an issues or heard anything that was worthwile. Some companies did offer virus scans for the platform, but they never sold.



    Also I would like to note that Windows with the word Virus will bring up quite alot results as a Windows PC can be made mobile etc... In addition Windows Mobile has a longer past including lots of discussion about viruses back in the day, again something that to this date has happened because for one thing Windows Mobile is more locked down than PCs. All software must be signed (like the iPhone App store) though you can disable this requirement, its there by default on phones.



    I find it amazing that iPhone as young as it is has 6 million results for iPhone Viruses... seems odd as even this isn't a virus per say but a security exploit where the person would have to send you a SMS and know you have an iPhone as well.
  • Reply 18 of 23
    aiaddictaiaddict Posts: 487member
    Quote:
    Originally Posted by hypercommunist View Post


    soundtracks to Michael Bolton videos.



    If that is not a violation of Federal and international laws, it should be!
  • Reply 19 of 23
    aiaddictaiaddict Posts: 487member
    Quote:
    Originally Posted by Quadra 610 View Post


    This "vulnerability" does nothing of any real consequence.



    More FUD from those unwilling to stomach that Apple is rearranging entire industries as we speak.



    HUH? Your data is all stored on the phone in files that the hacker can access via this exploit to steal , delete or modify. He can also control the hardware and record sound, pictures, video, track your location etc. None of that is of real consequence?
  • Reply 20 of 23
    aiaddictaiaddict Posts: 487member
    Quote:
    Originally Posted by Virgil-TB2 View Post


    What's *not* stated in Miller's description of the vulnerability is that the other apps are sandboxed anyway, so even if the hacker sends an SMS with (presumably a picture attachment), gets the code to run and gets root access, all they have access to is the low level system stuff and the automatic messages. It's hard to tell until he fully describes it, but it doesn't seem like this would give anyone access to your data, just some low level phone hardware items.



    If you ever poked around on a jail broken phone, your data is all there, stored in files in /var, right where a UNIX guy would expect to find them. Same goes for files stored by your non apple apps. The apps can not actively exchange data, but that is by rule, not because there is no file system where they could access each others files.



    Examples from Bigboss....



    /var/mobile/Library/AddressBook - Contacts

    /var/mobile/Library/Calendar - Your calendar

    /var/mobile/Library/Notes - your notes database

    /var/mobile/Library/Safari - your bookmarks and cookies

    /var/mobile/Library/SMS - your text messages.



    see http://thebigboss.org/2009/06/17/iphone-30-preparation/ for the source.
Sign In or Register to comment.