Security News

SMS could be a critical iPhone vulnerability, says white-hat hacker

By Tim Conneally | Published July 2, 2009, 2:31 PM

In his SyScan presentation in Singapore today, Mac security expert and Pwn2Own 2009 champ Charlie Miller discussed a vulnerability on the iPhone that allows remote code execution through SMS, which can tap into an iPhone's GPS or microphone, to divulge the phone owner's location or eavesdrop on them. Phones that have been compromised can also be used in a botnet or DDOS attack.

Miller is reportedly working with Apple to patch the vulnerability, so he did not go into great detail about the methods of exploitation. However, Miller did say, "SMS is a great vector to attack the iPhone...The iPhone is more secure than OS X, but SMS could be a critical vulnerability."

Developers were given access to the beta build of the iPhone 3.1 firmware yesterday, which reportedly addresses this vulnerability. Miller is expected to go into greater detail about the exploit at Black Hat 2009, by which time it should be fully patched.

Comments

View comments by with a score of at least

jermort
Jul 6, 2009 - 11:19 AM edited

Impossible!

(sent from my Android powered iPhone)

Score: 0

|
Post Reply
menting
Jul 3, 2009 - 11:33 AM edited

apple will probably say this is a feature and works as intended, not a bug.

Score: 0

|
Post Reply
waffull
Jul 2, 2009 - 11:55 PM

We all knew the worm was inside the apple, you had to bite into eventually.

Score: 1

|
Post Reply
skimore
Jul 2, 2009 - 7:21 PM

Nooooo!!! Tell me it's not true.. Apple needs to tell Charlie he is a crack pot!! no way the iPhone can be hacked!!

Score: 0

|
Post Reply

Google Chrome 4: Yes, it's fast, but is it usable?

As Betanews readers have responded to our stories about Chrome's JavaScript superiority...Does that mean we'd actually use this browser? Well...

Video: Netflix on PlayStation 3

Netflix has come to the PlayStation 3 via Blu-ray and BD-Live.

Verizon Wireless launches new Android, Chocolate, and ruggedized phones

The lower-priced Eris joins the Droid, while the Chocolate gets a touchscreen and more music playback.

Early sales figures for Windows 7 nicely high, but do we know why?

Fans of triple-digit surges in figures quoted by Betanews will love this one, as it appears Microsoft rediscovered how to pull off a software launch.

Myka announces its latest Linux-based 'net top box'

Myka's ION brings Boxee, XMBC, and much more to HDTVs.

What hath Mac wrought? A remembrance after a quarter-century

The reason there's a Macintosh today is not because of some brilliant flash of engineering genius, but because Apple had the audacity to learn from its mistakes.

Early build of Moblin 2.1 improves connectivity, but not device support

The Linux Foundation's Atom-centric OS yesterday received a major overhaul with the project release of Moblin 2.1 for netbooks and nettops.

The iPhone's China syndrome: Sales of 5,000 and climbing

There's actually a country where Apple's device is not a godsend, where sales can be measured in the dozens.

New European counterpart to FCC will ensure 'a more neutral net'

Late Thursday night, the ruling telecom administrators of the EU's member nations signed away their final authority to a new entity overseen by the EC.

Sophos study suggests Windows 7 UAC's default setting is self-defeating

Without any anti-virus installed, a Sophos test showed, User Account Control was only capable of thwarting just one malware package out of ten samples chosen.

Indiscreet tweet trips awareness of Web SSL vulnerability

A group of high-level security engineers had been making progress on thwarting a low-level threat to the Web, until somebody blurted it all out on Twitter.