updated 11:45 pm EDT, Thu July 30, 2009
iPhone vulnerable to hacks
True to their word, security experts on Thursday demoed a flaw in the iPhone's operating software that enables attackers to control any iPhone by sending special SMS messages to the phone was revealed on Thursday. The software hole was demonstrated by researchers Charlie Miller and Colin Mulliner at the Black Hat conference in Las Vegas. The flaw could be used by a hacker to make calls, steal data, send text messages, power-down the device and operate any application on the iPhone. Miller contacted Apple about the problem six weeks ago. Although the company said it would release a patch to resolve the issue by the end of the month, no iPhone OS updates have been released.
The researched additionally revealed a similar texting bug in Windows Mobile that allows control of Microsoft-based devices and a pair of SMS bugs that affect both the iPhone and Google's Android phones. The bugs allow hackers to knock the phones off its wireless network for about 10 seconds. Google has patched the bug since being contacted by the pair, but the second iPhone bug still remains.
Miller also exposed problems in the iPhone software in 2007, using a website to remotely hijack an iPhone using a flaw in its browser. When Miller alerted Apple in July of that year, the company patched the vulnerability before Miller publicized the bug at the Black Hat conference the following month.
Other SMS message attacks were showcased at the conference, including one that attacks virtually all GSM phones and GSM wireless operators. Security researchers Zane Lackey and Luis Miras revealed an iPhone application they call TAFT which can transmit various digital attacks against vulnerable phone models such as the iPhone and devices running Windows Mobile 5.