iPhone SMS exploit patch expected this weekend

Posted:
in iPhone edited January 2014
A day after experts revealed a major text message-based security flaw in the iPhone, the BBC reports that Apple is expected to release a fix for the exploit through iTunes on Saturday.



The news that a patch is coming soon came from a spokesperson for O2, the iPhone's wireless carrier in the U.K. It was not immediately made clear whether a patch would be made available for all iPhone users, or just those in the U.K. The exploit also affects Google Android and Windows Mobile phones. Google has reportedly taken steps to fix the security hole.



Security researcher Charlie Miller, co-author of The Mac Hacker?s Handbook, demonstrated the hack Thursday at the Black Hat 2009 conference in Las Vegas. The attack takes advantage of a vulnerability in the phone?s short messaging service, or SMS, feature, allowing an outside party into the phone?s root access without the owner?s knowledge.



When the hack was first revealed by Miller early in July, Apple was expected to release a fix before the Black Hat conference, where he gave greater detail. But that fix never came before Miller's talk.



The exploit takes advantage of the fact that SMS can send binary code to a phone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone. The exploit supposedly exposes the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari. It occurs regardless of hardware revision or which version of the iPhone OS is running.



The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk -- a real problem as the trick could also be used to make an iPhone send more messages of its own.
«1

Comments

  • Reply 1 of 21
    al_bundyal_bundy Posts: 1,525member
    this is just a hotfix, service pack 1 isn't due till september
  • Reply 2 of 21
    I'll be looking forward to check it out. Sounds interesting.
  • Reply 3 of 21
    julesltjuleslt Posts: 26member
    Thought : to what degree is it worth letting out news of a security problem break, and then issuing a fix within 48 hours, knowing people will want to install it - versus the problems that are patched and fixed without ever breaking as news?



    It makes you look like you respond fast, while ensuring people update fast too.
  • Reply 4 of 21
    wingswings Posts: 261member
    I've been searching all morning for a report from someone who was there (the Black Hat conf.) and witnessed the exploit actually being used to extract someone's personal info and/or to cause the iPhone to send a text msg to another iPhone to propagate the exploit. I've found nothing except one reporter who says her iPhone was crashed by them sending an SMS to her, as a demo.



    All I've seen about the serious exploit is that "Miller claims....".



    Where's the nitty-gritty? Post a link please.
  • Reply 5 of 21
    al_bundyal_bundy Posts: 1,525member
    Quote:
    Originally Posted by Wings View Post


    I've been searching all morning for a report from someone who was there (the Black Hat conf.) and witnessed the exploit actually being used to extract someone's personal info and/or to cause the iPhone to send a text msg to another iPhone to propagate the exploit. I've found nothing except one reporter who says her iPhone was crashed by them sending an SMS to her, as a demo.



    All I've seen about the serious exploit is that "Miller claims....".



    Where's the nitty-gritty? Post a link please.



    it's illegal to even try what you say



    the fact that this is a buffer overflow exploit is very bad. Most of Microsoft's patches for windows 2000 and 2003 were for buffer exploits for x86 code. a lot of programmers are lazy and if are going to put say 10KB of data into a memory area you're supposed to enforce it. in a lot of cases they don't and overflowing that memory area with data is what causes this.



    and makes you wonder how many other buffer overflows you can find i the iPhone OS?
  • Reply 6 of 21
    mazda 3smazda 3s Posts: 1,613member
    Quote:
    Originally Posted by Wings View Post


    I've been searching all morning for a report from someone who was there (the Black Hat conf.) and witnessed the exploit actually being used to extract someone's personal info and/or to cause the iPhone to send a text msg to another iPhone to propagate the exploit. I've found nothing except one reporter who says her iPhone was crashed by them sending an SMS to her, as a demo.



    All I've seen about the serious exploit is that "Miller claims....".



    Where's the nitty-gritty? Post a link please.





    Does it matter? The exploit was big enough that Apple is releasing a patch this weekend to resolve the issue -- so it it is meaningful to THEM. Who gives a *&^@ about the why? They have a fix for the problem so move on.
  • Reply 7 of 21
    Quote:
    Originally Posted by al_bundy View Post


    it's illegal to even try what you say...

    the fact that this is a buffer overflow exploit is very bad...

    and makes you wonder how many other buffer overflows you can find i the iPhone OS?



    1. No, it's not.



    2. It's Very bad from a security perspective and worrying from a user perspective, but much more work would have to be done to get from crash to Virus.



    3. And yes, yes it does make you wonder. It also makes you wonder why (or whether) the SMS process even has access to any other part of the phone.
  • Reply 8 of 21
    al_bundyal_bundy Posts: 1,525member
    Quote:
    Originally Posted by Roc Ingersol View Post


    1. No, it's not.



    2. It's Very bad from a security perspective and worrying from a user perspective, but much more work would have to be done to get from crash to Virus.



    3. And yes, yes it does make you wonder. It also makes you wonder why (or whether) the SMS process even has access to any other part of the phone.





    the article says that this exploit will give the attacker root access to the iphone
  • Reply 9 of 21
    I'm still waiting for o2 to connect me after 8 days of waiting!

    - perhaps I should leave it until after the weekend!

  • Reply 10 of 21
    irnchrizirnchriz Posts: 1,617member
    OK, this will fix the issue on the iPhone but what about all of the other types of smartphones which are affected by this exploit. At the conference they demoed an app which could be used to attack numerous models of smartphone including winmobs and even sony ericsson handsets.



    read more here http://technologizer.com/2009/07/30/...text-messages/
  • Reply 11 of 21
    virgil-tb2virgil-tb2 Posts: 1,416member
    Quote:
    Originally Posted by AppleInsider View Post


    A day after experts revealed a major text message-based security flaw in the iPhone, the BBC reports that Apple is expected to release a fix for the exploit through iTunes on Saturday. ... When the hack was first revealed by Miller early in July, Apple was expected to release a fix before the Black Hat conference, where he gave greater detail. But that fix never came before Miller's talk. ...



    If I was Apple, even if I had the fix I would wait until the day after his talk to implement it anyway.



    Miller is just playing PR games with Apple and is full of himself to say the least. Giving the company a schedule to fix it, and then making a big blah, blah,blah, announcement that they "didn't do it in time" etc. It's all just a bad case of too much hutzpah on his part.



    Apple has to maintain the upper hand by purposely *not* adhering to Miller's artificial schedule. It's childish, but necessary when you're dealing with similarly childish people who are out to make you look bad.
  • Reply 12 of 21
    john.bjohn.b Posts: 2,742member
    Quote:
    Originally Posted by al_bundy View Post


    the article says that this exploit will give the attacker root access to the iphone



    Agreed. Someone is making a quite name for himself, but in typical form the tech media don't bother to do their jobs to make him, oh, you know, prove his claims with an actual demonstration of an actual hacked iPhone.



    As of now, this guy is getting a free ride on the notoriety express, nothing more.
  • Reply 13 of 21
    Only took them 6 weeks!!!



    Now it seems Apple is having a hard time fixing the stupid wifi issues!!!
  • Reply 14 of 21
    Why am I not worried?
  • Reply 15 of 21
    john.bjohn.b Posts: 2,742member
    Quote:
    Originally Posted by al_bundy View Post


    the article says that this exploit will give the attacker root access to the iphone



    Exactly, but no one except Miller has seen this.



    I'm not saying their isn't a buffer overflow vulnerability, but I am saying that it's a huge leap from vulnerability to root access.
  • Reply 16 of 21
    Filter Input - Escape Output
  • Reply 17 of 21
    foo2foo2 Posts: 1,077member
    Quote:
    Originally Posted by irnchriz View Post


    OK, this will fix the issue on the iPhone but what about all of the other types of smartphones which are affected by this exploit. At the conference they demoed[...]



    I've been wondering why the service providers don't just patch their own systems! Why would a NUL byte need to be sent by anyone?
  • Reply 18 of 21
    italiankiditaliankid Posts: 279member
    OS 3.0.1 is out
  • Reply 19 of 21
    youngjmyoungjm Posts: 8member
    The patch is out as of 1:05pm Eastern.
  • Reply 20 of 21
    The patch is out via software update 3.0.1 now. Get it!
Sign In or Register to comment.