Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,635
35,944


Forbes reports that cybersecurity researchers plan to publicize today at the Black Hat conference in Las Vegas a security vulnerability in the iPhone SMS messaging system that reportedly would allow hackers to in theory "take over every iPhone in the world".
Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.
According to the report, researchers Charlie Miller and Collin Mulliner notified Apple of the vulnerability over a month ago, but the company has yet to issue a patch for it.

Miller was the lead researcher behind an effort that discovered a vulnerability in the original iPhone soon after its 2007 launch, a flaw that Apple addressed with the release of iPhone OS 1.0.1 just two days before Miller was set to publicize his findings at that year's Black Hat conference.

Article Link: iPhone SMS Security Vulnerability to Be Disclosed Today
 
...why would they publish this information? I'm not absolving apple of blame here, but come on. Just because you have freedom of speech doesn't mean it's not reckless to use it in a case like this.
 
...why would they publish this information? I'm not absolving apple of blame here, but come on. Just because you have freedom of speech doesn't mean it's not reckless to use it in a case like this.

To force Apple into sorting this out.
 
...why would they publish this information? I'm not absolving apple of blame here, but come on. Just because you have freedom of speech doesn't mean it's not reckless to use it in a case like this.
It happens all the time. Security people find holes, report it to the vendor, and they're given ample time to fix it. Apple are being slack, it's up to them to fix it, and quickly.
 
Just because you have freedom of speech doesn't mean it's not reckless to use it in a case like this.

Put a fire under Apple's feet for resolution, maybe?


Just because you have freedom of speech doesn't mean it's not reckless to use it in a case like this.

Yeah, President Bush had that same problem with the New York Times publishing reports that the Administration believed would harm national security. Didn't stop the Times...
 
It looks like apple would have preferred to just roll the fix into 3.1, and now this will force their hand (or they'll ignore it too...)
 
"What are we going to do today Pinky?"

"Same thing we do every day Brain, try to take over every iPhone in the world!"

Overheard at the Black Hat conference.
 
Good! Finally someone will light a fire under Apple's lazy butt. It's time Apple was held accountable for things like this. They need to realize that security issues that put their users at risk need to be taken care of ASAP -- that means not taking their sweet time to issue a fix. A month after they've become aware of it is RIDICULOUS.
 
Wirelessly posted (iPhone: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16)

This is crazy. I'm sure an update to fix this will come very soon.
 
sometimes it feels like Apple is becoming more and more like Microsoft. but at least Microsoft would have patched it already :eek:
 
sometimes it feels like Apple is becoming more and more like Microsoft. but at least Microsoft would have patched it already :eek:

Actually, from the article, it seems Microsoft is just as bad!

The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft ( MSFT - news - people )-based devices. Another pair of SMS bugs in the iPhone and Google's ( GOOG - news - people ) Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.


-Kevin
 
You guys are being really unfair towards Apple.

Listen to me for a minute here:

1. I read that this security hole has existed on EVERY version of the iPhone software to date.

2. Nothing has happened since then... why should Apple have to rush the iPhone development to fix this?

3. If this one dude had just told Apple about it and shut up, Apple would have fixed it with 3.1 and nobody else would have known.

4. Now, everyone at this Black Hat thing is going to know how to execute this hack and Apple will probably be FORCED to release an unfinished update. Why would you want that?

I just think it's very crappy to only give Apple a month to fix something that has been there for 2 years already. What a jerk.
 
Come on Apple. Fix it...

At this point it is too late -- there's no way they can push a patch that people will install before this vulnerability is leaked and is out there for a while...
 
Couldn't they have waited until 3.1 to publicize this to see if Apple incorporated the fix into it?
 
Good! Finally someone will light a fire under Apple's lazy butt. It's time Apple was held accountable for things like this. They need to realize that security issues that put their users at risk need to be taken care of ASAP -- that means not taking their sweet time to issue a fix. A month after they've become aware of it is RIDICULOUS.

agreed. i'm generally against people publicizing hacks others can then take advantage of, but if apple has known about this for a month or more, it needs to happen so they'll finally fix it. it's ridiculous for apple to not have patched this hole yet.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.