iPhone SMS Vulnerability

Forum Moderators: bakedjake

Message Too Old, No Replies

iPhone SMS Vulnerability

engine

10:58 am on Jul 31, 2009 (gmt 0)

iPhone SMS Vulnerability [pcworld.com]

At the Black Hat security conference in Las Vegas, an iPhone security flaw has come to light. The iPhone security flaw--which exploits a weakness in SMS text messaging to take control of the device--appears real, but will probably be addressed before it becomes a serious issue.The truth is that there are millions of iPhones in use today, and while many have been jailbroken, I am unaware of a single report of someone having their phone hacked in the wild. Of course, this might change now that the cat is out of the bag, but I wouldn’t lose any sleep until there are reports of iPhones actually being exploited.

engine

6:04 pm on Jul 31, 2009 (gmt 0)

Apple to Patch iPhone Security Flaw [news.bbc.co.uk]

Apple is set to release a software patch to address a recently described security flaw in the iPhone, the UK network operator 02 has said.
An O2 spokesperson said the patch would be available Saturday through iTunes.
"We will be communicating to customers both through the website and proactively," the spokesperson added.

rustybrick

6:49 pm on Jul 31, 2009 (gmt 0)

The patch is out now.

LifeinAsia

7:45 pm on Jul 31, 2009 (gmt 0)

"We will be communicating to customers both through the website and proactively," the spokesperson added.

Through SMS? :)

JS_Harris

8:18 pm on Jul 31, 2009 (gmt 0)

The truth is that there are millions of iPhones in use today, and while many have been jailbroken, I am unaware of a single report of someone having their phone hacked in the wild.

I seem to remember iphone hacking people's units themselves with an undisclosed "back door", much like Amazon did with Kindle devices. Since Amazon was sued and class action status is requested on that I wonder if I can get apple to patch the back door off my phone too? I mean, it would "fix a vulnerability" afterall.

travelin cat

8:41 pm on Jul 31, 2009 (gmt 0)

It's interesting that a writer for PC World would leave off this important fact - the vulnerability is not unique to the iPhone:

Researchers Charlie Miller and Colin Mulliner revealed the flaw during a presentation at the Black Hat USA 2009 conference in Las Vegas. The vulnerability was demonstrated on iPhone, Android and Windows Mobile smartphones and, according to reports, can be prevented only by turning the handset off.

From Yahoo News [uk.news.yahoo.com].

GaryK

9:35 pm on Jul 31, 2009 (gmt 0)

Does this exploit affect things like the iPod Touch running an SMS app like Textfree?

maximillianos

10:00 pm on Jul 31, 2009 (gmt 0)

Microsoft is the top sponsor for the event. Might come into play why only the iPhone was mentioned. Perhaps they had a controlled release of the information?

In any case seems like the fix is already available for iPhone. Is there a fix yet for Windows Mobile or Android?

koan

7:09 am on Aug 1, 2009 (gmt 0)

It's interesting that a writer for PC World would leave off this important fact - the vulnerability is not unique to the iPhone:

From what I've heard, other phone OS have already patched the vulnerability and Apple is the tardy one.