bit-tech.net

iPhone SMS hijacking flaw fixed

iPhone SMS hijacking flaw fixed

Anyone who owns an iPhone would do well to update to software version 3.0.1 in order to patch a major security hole.

Apple has released a patch for its iPhone operating system that patches a rather nasty bug allowing attackers to take full control of a target device via nothing more than a series of simple SMS messages.

As reported over on V3.co.uk, the patch - which brings the iPhone software to version 3.0.1 - addresses the security hole first noticed by security researchers Charlie Miller and Collin Mulliner. The fix comes not a moment too soon, as the pair used the BlackHat conference this past weekend to formally announce the vulnerability having given Apple two weeks to acknowledge the issue with no response.

This isn't the first time that Charlie Miller has found some pretty major flaws in widely distributed software: having worked for the NSA for five years, he has made something of a name for himself as an expert in Mac security after successfully exploiting a flaw in the MacBook Air as part of the Pwn2Own contest at CanSecWest 2008 in a mere two minutes.

Although iPhone owners can now rest easy in the knowledge that this particular security flaw - which allowed full remote access to all functionality on the handset by receipt of a series of specially crafted SMS messages, only the first of which would be seen by the owner - the pair warn that similar, although as yet unexploited, bugs also exist in the message handling subsystems of the Android and Windows Mobile smartphone platforms.

With the patch now released, all iPhone owners are advised to upgrade to 3.0.1 as a matter of some urgency; while it's not thought that the flaw is being actively exploited as yet, it never hurts to be cautious. As with previous updates, 3.0.1 can be downloaded by connecting the iPhone to a system running iTunes 8.2 or newer, via the 'Check for Updates' button in the iPhone Summary screen.

Does the thought of a ne'er-do-well getting his sweaty mitts on your precious iPhone remotely give you the screaming heebie-jeebies, or are you more concerned that similar things could still yet happen to Android and Windows Mobile handsets? Share your thoughts over in the forums.

6 Comments

Discuss in the forums Reply
liratheal 3rd August 2009, 14:27 Quote
Big who cares from me.

Hell, if you go through the effort to get remote control of my iphone, let me know, you can have the cursed thing.
wuyanxu 3rd August 2009, 14:44 Quote
installed 3.0.1 last night. it's still jailbreakable using Redsnow 0.8 by selecting 3.0's firmware file.

hope 3.1 won't try to break the jailbreaks. the iPhone is nothing on its own, but after jailbreak, it's the most powerful mobile device, more powerful than Pre and Androids because of the large community.
harveypooka 3rd August 2009, 15:21 Quote
I guess these types of breaches are inevitable.

Glad to see Apple moved quickly on this one. Now, for the keyboard hack...
Spaceraver 3rd August 2009, 18:03 Quote
iPatch?
quack 3rd August 2009, 21:09 Quote
Shame 3.0.1 patches one SMS flaw and opens up one via MMS. Oops.
Ape 4th August 2009, 08:45 Quote
Quote:
Originally Posted by quack
Shame 3.0.1 patches one SMS flaw and opens up one via MMS. Oops.

Oooh link to the forum where this is explained, maybe BT will make it a story for today.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums