Security News

SMS could be a critical iPhone vulnerability, says white-hat hacker

By Tim Conneally | Published July 2, 2009, 2:31 PM

In his SyScan presentation in Singapore today, Mac security expert and Pwn2Own 2009 champ Charlie Miller discussed a vulnerability on the iPhone that allows remote code execution through SMS, which can tap into an iPhone's GPS or microphone, to divulge the phone owner's location or eavesdrop on them. Phones that have been compromised can also be used in a botnet or DDOS attack.

Miller is reportedly working with Apple to patch the vulnerability, so he did not go into great detail about the methods of exploitation. However, Miller did say, "SMS is a great vector to attack the iPhone...The iPhone is more secure than OS X, but SMS could be a critical vulnerability."

Developers were given access to the beta build of the iPhone 3.1 firmware yesterday, which reportedly addresses this vulnerability. Miller is expected to go into greater detail about the exploit at Black Hat 2009, by which time it should be fully patched.

Comments

View comments by with a score of at least

jermort
Jul 6, 2009 - 11:19 AM edited

Impossible!

(sent from my Android powered iPhone)

Score: 0

|
Post Reply
menting
Jul 3, 2009 - 11:33 AM edited

apple will probably say this is a feature and works as intended, not a bug.

Score: 0

|
Post Reply
waffull
Jul 2, 2009 - 11:55 PM

We all knew the worm was inside the apple, you had to bite into eventually.

Score: 1

|
Post Reply
skimore
Jul 2, 2009 - 7:21 PM

Nooooo!!! Tell me it's not true.. Apple needs to tell Charlie he is a crack pot!! no way the iPhone can be hacked!!

Score: 0

|
Post Reply

PDC 2009: What have we learned this week?

There was the freebie that no one will forget, the heebie-jeebies courtesy of Scott Guthrie, and a teensy bit clearer picture of how this cloud thingie should work.

Live report: Will Google Chrome OS change Linux?

The mysteries of just what Chrome OS is, and how much of an operating system it truly is, may be resolved today.

PDC 2009: Microsoft cares about Web browser performance

The effort to give users of the world's dominant Web browser the impression of quality, is a personal one for the man who leads that battle.

Nokia re-affirms its commitment to Symbian, sort of

Maemo won't necessarily be replacing Symbian in the Nokia N-Series, but that's definitely a place where it will be found.

E-book readers will be in short supply this holiday season

E-readers are hot this year, and a lot of compelling new products have been released, but are there enough electrophoretic displays to go around?

Sony looks to finally open a single storefront for downloads

Sony has had many different download portals for movies, music, e-books, and games, and now it's looking to make a single shop for all of it.

Tuning out the tablet: Time to give the endless speculation a rest

Wide Angle Zoom: Wishing and hoping and thinking and praying....won't put an iTablet on the market.

Five improvements for IT managers in 2010

If businesses are to improve their efficiency for next year, they need to stop and reassess the basic tenets of their job.

AOL's spinoff from Time Warner to shed 2,500 jobs

As AOL moves toward become an independent company again, it will cut nearly a third of its workforce.

Gartner: SMS-based money transfer will be bigger than mobile browsing, search

Gartner issues its predictions for the 10 things our phones will be doing in 2012.

Don't forget to upgrade to Firefox 3.6 beta 3 today

Mozilla has released the latest beta its Firefox 3.6 browser software, just over one week after beta 2.