Security News

SMS could be a critical iPhone vulnerability, says white-hat hacker

By Tim Conneally | Published July 2, 2009, 2:31 PM

In his SyScan presentation in Singapore today, Mac security expert and Pwn2Own 2009 champ Charlie Miller discussed a vulnerability on the iPhone that allows remote code execution through SMS, which can tap into an iPhone's GPS or microphone, to divulge the phone owner's location or eavesdrop on them. Phones that have been compromised can also be used in a botnet or DDOS attack.

Miller is reportedly working with Apple to patch the vulnerability, so he did not go into great detail about the methods of exploitation. However, Miller did say, "SMS is a great vector to attack the iPhone...The iPhone is more secure than OS X, but SMS could be a critical vulnerability."

Developers were given access to the beta build of the iPhone 3.1 firmware yesterday, which reportedly addresses this vulnerability. Miller is expected to go into greater detail about the exploit at Black Hat 2009, by which time it should be fully patched.

Comments

View comments by with a score of at least

jermort
Jul 6, 2009 - 11:19 AM edited

Impossible!

(sent from my Android powered iPhone)

Score: 0

|
Post Reply
menting
Jul 3, 2009 - 11:33 AM edited

apple will probably say this is a feature and works as intended, not a bug.

Score: 0

|
Post Reply
waffull
Jul 2, 2009 - 11:55 PM

We all knew the worm was inside the apple, you had to bite into eventually.

Score: 1

|
Post Reply
skimore
Jul 2, 2009 - 7:21 PM

Nooooo!!! Tell me it's not true.. Apple needs to tell Charlie he is a crack pot!! no way the iPhone can be hacked!!

Score: 0

|
Post Reply

Latest Firefox 3.6 beta fixes 133 bugs, promises faster page load times

A once-sluggish beta testing process has kicked into overdrive, with astonishing success at finding serious bugs. Will Mozilla be able to fix all the others in time?

Apple invokes DMCA, claims Psystar is 'trafficking in circumvention devices'

In trying to close the book on possibly the last attempt at a Mac clone, Apple cites from its own landmark case...but may actually be misinterpreting it.

The fallacy of Facebook privacy

Carmi Levy | Wide Angle Zoom: If an insurance company learns something interesting about its client through the Internet, is that snooping?

Microsoft 'worked with Apple' for Silverlight on iPhone, says Goldfarb

By not making such a big deal out of trying to stream video to the iPhone, Microsoft got a big deal out of it, revealed the Silverlight product manager.

Confirmed: Office 2010 to ship in June

Two weeks after Microsoft had been expected to draw a clearer roadmap for its principal applications suite, it's finally ready to commit to the end of H1.

New EU antitrust commissioner will oversee Microsoft, Oracle+Sun, Intel issues

As one of Europe's most prominent politicians shifts positions in January, her replacement remains a question mark over technology's biggest issues.

Without its own 'iTablet' yet, is Apple missing the boat?

Steve Jobs is on record as dissing "single-purpose" devices like e-readers. But given their recent popularity, was that a mistake?

Not-so-mobile battery life: Time to force the issue

Carmi Levy | Wide Angle Zoom: If power efficiency is important when you buy a car or even a motorcycle, why shouldn't it matter for a smartphone?

Clicker.com cuts through the Web video chaos

In a world where homemade video and Hollywood movies travel the same pipeline, it's good to have a real search engine to cut through the clutter.

Microsoft's Ray Ozzie: 'Nobody's going to be 100% open'

The mobile apps ecosystems of the world may converge over time, led by apps being ported over across platforms, according to the Chief Software Architect.

A case study in improving software: What Office 2010 can learn from Notion 3

A music composition product gambles with a complete overhaul, in an effort to make headway against two well-known competitors in a tough market.