Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone SMS Security Vulnerability to Be Disclosed Today

According to the paper on this site from Miller and Mullinger (section 6.1) the target iPhone OS was 2.2 and 2.2.1. Maybe OS 3.0 is already patched?
 
If we use Lockdown to put a passcode on our sms app, contacts, phone, etc... would that be any barrier at all to this hack? Wouldn't they have to enter the passcode before they can access those apps?
 
Amdahl said:
Actually, it is easier to fix the flaw than it is to find them. Finding flaws is generally the hard part.
Click to expand...

Speaking as a programmer, that is true *sometimes* and false *much more often*. Quite often, flaws can be triggered by essentially random happenstance. Unfortunately, unless you do like Microsoft *used* to do, and only patch for that particular breed of input (anybody remember the 'ping of death'?), you have to do quite a bit of analysis to determine what other inputs might produce the same (or similar) effect.

Amdahl said:
When the Microsoft WMF flaw hit right after patch Tuesday(around 1/1/2006), MS fans raved that there was no way MS could be expected to rush out a patch. In the end, MS did rush out a patch about 10 days later. And it turned out the datestamp on the new files was one day after the initial discovery. This was in a complex part of Windows (GDI API) that actually had the possibility of breaking code. But since a big bug is a big bug, there is actually very little chance of regression problems. In the case of this iPhone bug(which appears to just be a buffer overflow), the chances are near zero. If it is a control-message bug, then it becomes similar to the Windows WMF flaw, and you block out what is presumably 'undocumented' functionality.
Click to expand...

That's actually a particularly bad example of Microsoft fixing something quickly. After all, the day after the bug was announced publicly (which was, IIRC, 2-3 months after MS had been notified), a group of benevolent hackers managed to edit the binary DLLs and produce the exact same fix that took Microsoft all that time to manage *with the code*. How long did it take those hackers? Less than one day. How long did it take the WINE folks who had implemented the WMF-related routines so thoroughly that it too was effected by the bug? One day.

Yes, Microsoft had to do a lot more regression testing than those other groups, but Microsoft didn't fix the bug in 1 day. They fixed the bug in about 60-90. Remember, they had a head-start.

When guys who have never seen the source code can edit your binary DLL files to produce a fix faster than you can manage it with the source code (and provide the same fix you did rather than just a workaround), you've taken too long.

Now, I'm making no claims about whether Apple has been lax here or not. I don't have sufficient information to make that call at this point, but given that this bug (or similar ones) seem to affect nearly every GSM phone out there, I suspect that what we actually have is a hole in the spec, where a particular breed of input was never even considered, so checks and measures weren't designed to handle them. That would be an indication of a flaw in the SMS spec, and requires quite a bit of consistency checking with third-party implementations to ensure that you don't break something else somewhere on the network.

Edit: More information found...
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10587816&pnum=0

It appears that this may actually not be *solely* an issue with the iPhone OS. Delay could potentially be partially AT&T's fault.

Of course, it could also just be that Apple thought they'd have iPhone OS 3.1 out already. (Assuming it is fixed in there.)
 
I don't recall that Microsoft was aware of the WMF problem before it was found in use. It was the textbook example of a zero-day flaw.

Unless you can point me to something that says otherwise?
 
Considering that this was demonstrated at blackhat yesterday and they even have an iPhone app called TAFT which can be used to launch an attack virtually ANY modern GSM mobile phone. The security issue is obviously industry wide with the SMS protocol. The patch that should be done is at the network end. This would provide protection to users who may have mobiles which are not easily patched.
 
NAG said:
Never trust anything implied by Cnet. They love exaggerating things to get page hits.

Apple does need to get on the ball here but that doesn't mean Cnet isn't being their usual selves.
Click to expand...

It's not CNET I use as a reference for Miller's activities, it's the Black hat archives. The man does know his stuff.

He's a Mac user by the way. Even with its flaws he recognises it as the more secure platform.
 
BongoBanger said:
It's not CNET I use as a reference for Miller's activities, it's the Black hat archives. The man does know his stuff.

He's a Mac user by the way. Even with its flaws he recognises it as the more secure platform.
Click to expand...

then again, maybe he uses mac cause its easier to hack and hence he can hone his skills.
 
SMS insecure in general

Apple is not alone on this. Windows mobile currently has a similar unpatched bug as well. Sadly, Microsoft might beat apple in patching it unless Apple hurries up with 3.1 and this is addressed there. In general, SMS is utilized for mode than it was intended and is full of holes. Security experts expect a major jump to SMS exploits in the near future.
 
aristobrat said:
For the exact same reason that people like you keep insisting that a month is adequate time for Apple to have identified the problem, developed a solution, regression tested it on all of the different versions of iPhone hardware/software, and get their (and every carrier that supports the iPhone) support folks prepped to help customers.
Click to expand...

I guess the BBC article shut a lot of people up in this thread. And to quote:

In the more recent research, Android-based phones were found to be similarly susceptible to an SMS attack, only an attacker could temporarily knock the phone off the cell network but not take control, according to Mulliner, who's getting his PhD at the Technical University of Berlin. Google patched the hole last week within a day or two of being notified of the problem, he said.
Click to expand...

Security patches should NEVER go further than 1 week. Who knows who could have had access to the code, and used it? People in here BLINDLY defending Apple are completely idiotic as to to think 1 month isn't enough time.

robco said:
According to the paper on this site from Miller and Mullinger (section 6.1) the target iPhone OS was 2.2 and 2.2.1. Maybe OS 3.0 is already patched?
Click to expand...

The phone that got hacked was running 3.0 it said in the article
 
MecPro said:
Security patches should NEVER go further than 1 week. Who knows who could have had access to the code, and used it? People in here BLINDLY defending Apple are completely idiotic as to to think 1 month isn't enough time.
Click to expand...

I was surprised about all the "professionals" out there who were saying that it was unreasonable to think that Apple should have this patched in the 6 weeks SOURCE. It's not even news that Google patched Android in 2 days. That's been mentioned in a number of articles as well.

If you're in IT and claim it's impossible to patch a MAJOR security vulnerability in a couple days, then get off Macrumors, Slashdot, XKCD and BOFH and get to work! :p
 
kingtj said:
Then you're going to push that big update out to everyone's iTunes, costing Apple a load of server bandwidth and users a big inconvenience (plus the inevitable flash updates that go wrong, causing bricked phones and support calls).
Click to expand...

Well, that's too bad then. Maybe they will remember it the next time they define a software architecture and development process, and give security a higher priority.
 
uberamd said:
The reason BMW's are more reliable than Ford's is because there are less BMW's in general. See what I did there? Heh.
Click to expand...

Less BMW's are going to be broken into because there are less of them than all the other car models out there.
 
uberamd said:
The reason BMW's are more reliable than Ford's is because there are less BMW's in general. See what I did there? Heh.
Click to expand...

Yes. You made a totally irrelevant analogy.

On the other hand you could explain to me what makes OS X 10.5 particularly secure. That should be informative.
 
TheSpaz said:
You guys are being really unfair towards Apple.

Listen to me for a minute here:

1. I read that this security hole has existed on EVERY version of the iPhone software to date.

2. Nothing has happened since then... why should Apple have to rush the iPhone development to fix this?

3. If this one dude had just told Apple about it and shut up, Apple would have fixed it with 3.1 and nobody else would have known.

4. Now, everyone at this Black Hat thing is going to know how to execute this hack and Apple will probably be FORCED to release an unfinished update. Why would you want that?

I just think it's very crappy to only give Apple a month to fix something that has been there for 2 years already. What a jerk.
Click to expand...

why ?? if they knew about it they should have it on their list of things to sort out. Ok ...we like iphones , but lets not allow them to get away with not been on the ball about this. I wonder "If " it did happen and people lost their phone control etc, could they sue Apple for negligence? and if so would the amount of claims bankrupt them?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back