AAPL Stock: 124.25 ( -0.18 )

Printed from

SMS, other hacks for iPhone shown at Black Hat

updated 11:45 pm EDT, Thu July 30, 2009

iPhone vulnerable to hacks

True to their word, security experts on Thursday demoed a flaw in the iPhone's operating software that enables attackers to control any iPhone by sending special SMS messages to the phone was revealed on Thursday. The software hole was demonstrated by researchers Charlie Miller and Colin Mulliner at the Black Hat conference in Las Vegas. The flaw could be used by a hacker to make calls, steal data, send text messages, power-down the device and operate any application on the iPhone. Miller contacted Apple about the problem six weeks ago. Although the company said it would release a patch to resolve the issue by the end of the month, no iPhone OS updates have been released.

The researched additionally revealed a similar texting bug in Windows Mobile that allows control of Microsoft-based devices and a pair of SMS bugs that affect both the iPhone and Google's Android phones. The bugs allow hackers to knock the phones off its wireless network for about 10 seconds. Google has patched the bug since being contacted by the pair, but the second iPhone bug still remains.

Miller also exposed problems in the iPhone software in 2007, using a website to remotely hijack an iPhone using a flaw in its browser. When Miller alerted Apple in July of that year, the company patched the vulnerability before Miller publicized the bug at the Black Hat conference the following month.

Other SMS message attacks were showcased at the conference, including one that attacks virtually all GSM phones and GSM wireless operators. Security researchers Zane Lackey and Luis Miras revealed an iPhone application they call TAFT which can transmit various digital attacks against vulnerable phone models such as the iPhone and devices running Windows Mobile 5.

by MacNN Staff





  1. ajhoughton

    Joined: Dec 1969



    Explain to me again why a security researcher should be able to tell everyone else what to do, under threat of releasing sensitive information (in this case a bug that could be exploited for malicious purposes).

    While I appreciate that it's good for security holes to be fixed, it strikes me that there is a strong similarity between this "patch before date X or we'll publish so malicious people can hack your customers" attitude that some security researchers seem to have adopted and a good old-fashioned protection racket. The only difference is that with the old-style protection racket, it's the people making the threat who directly hurt you, whereas in this case they're relying on an unrelated third party doing the hurting.

  1. dogzilla

    Joined: Dec 1969


    re: hmmmm

    Are you insane?

    The reason why researchers go public with security flaws by a deadline is because, when they don't, the relevant corporations never patch the holes. This has been shown time and again to be the case.

    You seem to be think that a corporation is like your good buddy, that he'll do the right thing if you just cut him some slack. You are living in some disney world. Corporations have no personality, no loyalty and no responsibility to anyone save the one to maximize profits in every way shape and form possible. They must be forced to do even the minimally right thing, in some cases by forcing them into action with the public release of potentially harmful information.

  1. NapMan

    Joined: Dec 1969


    re: hmmmm

    I believe their thinking is that if they can figure out the hack surely someone else can figure it out too. And that person would likely not go to Apple but still might distribute it.
    It's not like they are going to make money on it but they are pressuring Apple to fix it.

  1. testudo

    Joined: Dec 1969


    Information is power

    That's an old phrase, but it is true. In a perfect world, one would hope to get this information public as soon as possible, so people know what threats they face.

    By wanting them to keep quiet is like wanting the government to not tell you that they know there's a serial murderer on the loose in your town, who kills anyone wearing red and whistles 'Dixie', because, well, they haven't had a chance to stop the guy yet, and if no one else knows about it, maybe no one else will get hurt.

  1. Donevan

    Joined: Dec 1969


    Update coming Saturday

    Apple has told its telecom partners that a patch will be available through iTunes tomorrow (Saturday 1 August).

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Apple 13-inch MacBook Pro (Early 2015)

Although the new darling of the Apple MacBook line up is the all-new MacBook, Apple has given its popular 13-inch MacBook Pro with Ret ...

Griffin Twenty

A few years ago Griffin launched the original Twenty, a small digital amp that used an AirPort Express to turn any set of passive spea ...

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill th ...


Most Commented