Security News

SMS could be a critical iPhone vulnerability, says white-hat hacker

By Tim Conneally | Published July 2, 2009, 2:31 PM

In his SyScan presentation in Singapore today, Mac security expert and Pwn2Own 2009 champ Charlie Miller discussed a vulnerability on the iPhone that allows remote code execution through SMS, which can tap into an iPhone's GPS or microphone, to divulge the phone owner's location or eavesdrop on them. Phones that have been compromised can also be used in a botnet or DDOS attack.

Miller is reportedly working with Apple to patch the vulnerability, so he did not go into great detail about the methods of exploitation. However, Miller did say, "SMS is a great vector to attack the iPhone...The iPhone is more secure than OS X, but SMS could be a critical vulnerability."

Developers were given access to the beta build of the iPhone 3.1 firmware yesterday, which reportedly addresses this vulnerability. Miller is expected to go into greater detail about the exploit at Black Hat 2009, by which time it should be fully patched.

Comments

View comments by with a score of at least

jermort
Jul 6, 2009 - 11:19 AM edited

Impossible!

(sent from my Android powered iPhone)

Score: 0

|
Post Reply
menting
Jul 3, 2009 - 11:33 AM edited

apple will probably say this is a feature and works as intended, not a bug.

Score: 0

|
Post Reply
waffull
Jul 2, 2009 - 11:55 PM

We all knew the worm was inside the apple, you had to bite into eventually.

Score: 1

|
Post Reply
skimore
Jul 2, 2009 - 7:21 PM

Nooooo!!! Tell me it's not true.. Apple needs to tell Charlie he is a crack pot!! no way the iPhone can be hacked!!

Score: 0

|
Post Reply

Palm posts third quarter results: disappointing sales, more net loss

Palm may be doing better this year than it did last year, but with only 42% sellthrough for the quarter, there's plenty of room for improvement.

Kindle for Mac released: Is Amazon's e-reader moving away from hardware?

Today, Amazon announced Kindle for Mac, the latest addition to the family of free Kindle software.

Microsoft cuts and pastes an egg

Carmi Levy | Wide Angle Zoom: We've listened to our mobile customers, said Microsoft, and cut-and-paste isn't what they want? Uh-huh. Right.

Google improves Maps for Android, rolls in bonus features

The search provider has improved page listings in Maps 4.1, adding a Latitude widget and live wallpaper.

Will Viacom's public airing of YouTube's dirty laundry change the Web forever?

If Viacom wins its summary judgment, will video services everywhere have to police their content for anything that may belong to a copyright holder?

Let the rejections begin: Apple opens first round of submissions for iPad App Store

In a message sent to developers today, Apple announced that it is now accepting iPad apps for the iTunes app store.

Viacom and YouTube: Timeline of pertinent events

The billion-dollar legal battle between Viacom and YouTube is in its third year, but the video site's run-ins with Viacom stretch back more than five years.

A tale of two "red alerts:" Which Windows warnings should you heed?

A pair of malware warnings are circulating worldwide, but after reading so many, they all seem alike. Sophos tells us to read them all more carefully.

Nvidia admits GeForce drivers responsible for fan problems, issues updates

It's the type of driver error you see less and less frequently, but after a few video cards were smoked, Nvidia has issued what it hopes will be a fix.

Netflix axes 'friends' feature due to unpopularity

After mysteriously disappearing from the Movie Detail page on Netflix, the Friends feature is in the process of being removed.

Preliminary results: IE9 tech preview performs 7.8 times better than IE8

There are indeed significant improvements made to the efficiency and processing power of Microsoft's next browser, though they're not across the board.