macnn news
Text Size

Apple working to patch iPhone SMS vulnerability

updated 09:35 am EDT, Thu July 2, 2009

Apple patching iPhone SMS

Apple is working to fix a critical vulnerability in the iPhone's text messaging function, says security researcher Charlie Miller. Presenting at the SyScan conference in Singapore, Miller explains that while he has agreed with Apple to avoid details -- at least until the next Black Hat USA meeting -- he can say that the vulnerability might allow a hacker to run exploits on a remote phone, using code sent through SMS. In theory an affected phone could be used to track a person's location, or listen in on ambient conversations; alternately, it could be made to participate in a botnet or a denial-of-service attack.

Because Apple knows of the vulnerability, the company is already said to be planning a patch for release later this month. Miller comments though that the iPhone OS is generally more secure than its equivalent on desktop Macs, mainly as a result of being stripped down. It omits Flash, Java and other attack vectors, and by default it can only run applications signed by Apple.

At the same time memory is hardware-protected, and apps are sandboxed, restricting the amount of damage one exploit can do. SMS has been given an unusual amount of freedom however, and by sending multiple SMS messages in binary, complete programs can be delivered. It may also be possible to gain root access to an iPhone, says Miller.

By MacNN Staff

Article Tags :

E-Mail
Print
Comments (7)
digg
buzz up
slashdot
del.icio.us
tweet

Related Articles

Recent Articles

 
Previous Comments
Comment buried. Show

bullshits..

07/02, 10:55am reply

I wonder if does someone here checks what is published..
SMS are only TEXT MESSAGES, no attachments or binaries can be included, only text..
So the only vulnerability I can send/receive is the form of URL I can click and launch Safari with the same consequencies of going to an untrusted site..

ERG

Fresh-Faced Recruit

Joined: May 2003

-10

SMS binary

07/02, 11:25am reply

I believe it's fairly obvious that what they're saying is that the SMS is sent in binary, not that a binary (a not-quite-accurate term Windowz people use to refer to an application) would be attached to it. It's certainly possible, otherwise it wouldn't be a problem worth Apple trying to fix it.

jondesu

Fresh-Faced Recruit

Joined: May 2008

+2

Re: bullshits

07/02, 01:03pm reply

Um, that's why it is called an 'exploit'.

Most exploits are by 'specifically constructing' a URL or other data so as to 'exploit' the problem (usually a buffer overflow) that would cause the content to be written into an executable block of code. No one sends EXEs anymore to break into systems. That's so 1990s.

testudo

Fresh-Faced Recruit

Joined: Aug 2001

+3

SMS binaries or EXE

07/02, 03:38pm reply

I wonder if you all know what travel through the waves when you send an SMS at least in Europe..(jondesu, you're an a****** with your first post... Whoever you're since by looking at your previous posts here I get a "Sorry - no matches. Please try some different terms.") (Testudo, I really appreciate your technical comment!) you can only send TEXT in ASCII, and the software to recognize what travels only rebuilds that TEXT!This happens on every cellphone: this is is called standard! just like how email messages are to be constructed to be recognized by every mail-reading system..

ERG

Fresh-Faced Recruit

Joined: May 2003

-4

never had so many...

07/03, 03:18pm reply

negatives evaluations..
Probably my fault is in having said Testudo' comments are not the way the people here is painting them..
But the main comment in my mind is for that f****** a****** JONDESU (never made a comment/thread before)..
I used this kind of terms just to see if someone at mcnn read what it's published or they just want to make BULLSHITS

ERG

Fresh-Faced Recruit

Joined: May 2003

-1

to whoever care about the

07/14, 10:44am reply

I finally got time to get updated on the claimed assertions by Mr. Miller (derived by a look at a crashlog!)

Technically would be possible to send someone a "binary SMS" and here's detailed how (including how-to instructions):
http://mobiforge.com/developing/story/binary-sms-sending-rich-content-devices-using-sms

Try by yourself to do that to an iPhone and you'll find that:
1) iPhone OS doesn't support J2ME (Java 2 Micro Edition), one of the requisites
2) you should've been able to send that SMS to a particular port and that's not possible on almost every country: you hand the SMS to the carrier and they take care of delivering it through their architecture...


ERG

Fresh-Faced Recruit

Joined: May 2003

0

more details here

07/14, 10:48am reply

http://download.oracle.com/docs/cd/E1414801/wlcp/ocsg41otn/appdev/ews-binsms.html

ERG

Fresh-Faced Recruit

Joined: May 2003

0

Popular News