toggle

AAPL Stock: 118.58 ( + 0.98 )

Printed from http://www.macnn.com

Apple working to patch iPhone SMS vulnerability

updated 09:35 am EDT, Thu July 2, 2009

Apple patching iPhone SMS

Apple is working to fix a critical vulnerability in the iPhone's text messaging function, says security researcher Charlie Miller. Presenting at the SyScan conference in Singapore, Miller explains that while he has agreed with Apple to avoid details -- at least until the next Black Hat USA meeting -- he can say that the vulnerability might allow a hacker to run exploits on a remote phone, using code sent through SMS. In theory an affected phone could be used to track a person's location, or listen in on ambient conversations; alternately, it could be made to participate in a botnet or a denial-of-service attack.

Because Apple knows of the vulnerability, the company is already said to be planning a patch for release later this month. Miller comments though that the iPhone OS is generally more secure than its equivalent on desktop Macs, mainly as a result of being stripped down. It omits Flash, Java and other attack vectors, and by default it can only run applications signed by Apple.

At the same time memory is hardware-protected, and apps are sandboxed, restricting the amount of damage one exploit can do. SMS has been given an unusual amount of freedom however, and by sending multiple SMS messages in binary, complete programs can be delivered. It may also be possible to gain root access to an iPhone, says Miller.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

    Comment buried. Show
  1. ERG

    Joined: Dec 1969

    -10

    bullshits..

    I wonder if does someone here checks what is published..
    SMS are only TEXT MESSAGES, no attachments or binaries can be included, only text..
    So the only vulnerability I can send/receive is the form of URL I can click and launch Safari with the same consequencies of going to an untrusted site..

  1. jondesu

    Joined: Dec 1969

    +2

    SMS binary

    I believe it's fairly obvious that what they're saying is that the SMS is sent in binary, not that a binary (a not-quite-accurate term Windowz people use to refer to an application) would be attached to it. It's certainly possible, otherwise it wouldn't be a problem worth Apple trying to fix it.

  1. testudo

    Joined: Dec 1969

    +3

    Re: bullshits

    Um, that's why it is called an 'exploit'.

    Most exploits are by 'specifically constructing' a URL or other data so as to 'exploit' the problem (usually a buffer overflow) that would cause the content to be written into an executable block of code. No one sends EXEs anymore to break into systems. That's so 1990s.

  1. ERG

    Joined: Dec 1969

    -4

    SMS binaries or EXE

    I wonder if you all know what travel through the waves when you send an SMS at least in Europe..(jondesu, you're an a****** with your first post... Whoever you're since by looking at your previous posts here I get a "Sorry - no matches. Please try some different terms.") (Testudo, I really appreciate your technical comment!) you can only send TEXT in ASCII, and the software to recognize what travels only rebuilds that TEXT!This happens on every cellphone: this is is called standard! just like how email messages are to be constructed to be recognized by every mail-reading system..

  1. ERG

    Joined: Dec 1969

    -1

    never had so many...

    negatives evaluations..
    Probably my fault is in having said Testudo' comments are not the way the people here is painting them..
    But the main comment in my mind is for that f****** a****** JONDESU (never made a comment/thread before)..
    I used this kind of terms just to see if someone at mcnn read what it's published or they just want to make BULLSHITS

  1. ERG

    Joined: Dec 1969

    0

    to whoever care about the

    I finally got time to get updated on the claimed assertions by Mr. Miller (derived by a look at a crashlog!)

    Technically would be possible to send someone a "binary SMS" and here's detailed how (including how-to instructions):
    http://mobiforge.com/developing/story/binary-sms-sending-rich-content-devices-using-sms

    Try by yourself to do that to an iPhone and you'll find that:
    1) iPhone OS doesn't support J2ME (Java 2 Micro Edition), one of the requisites
    2) you should've been able to send that SMS to a particular port and that's not possible on almost every country: you hand the SMS to the carrier and they take care of delivering it through their architecture...


  1. ERG

    Joined: Dec 1969

    0

    more details here

    http://download.oracle.com/docs/cd/E1414801/wlcp/ocsg41otn/appdev/ews-binsms.html

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

toggle

Most Commented