Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Vulnerability Yields Root Access Via SMS

Posted by timothy on from the tweet-hack dept.

snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."

13 of 186 comments (clear)

  1. iPhone Vulnerability Yields Root Access Via SMS by Anonymous Coward · · Score: 5, Funny

    "...Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations,..."

    Cool now my wife can have that iphone she always wanted.

    1. Re:iPhone Vulnerability Yields Root Access Via SMS by phillips321 · · Score: 2, Funny

      Why not just lock her in the house redneck style?

  2. Prevention/Defense by InsertWittyNameHere · · Score: 5, Funny

    If any of you iPhone users wants to know how to prevent this attack, please reply with your cellphone number and I will TXT you the details.

    You're welcome!

    1. Re:Prevention/Defense by Comatose51 · · Score: 2, Funny

      9-1-1 I'm going to disable SMS for now just to be safe so just call it and tell me. If my hot blonde, high libido girlfriend picks up, say some obscene things to her. Just act out your fantasy right over the phone. She loves that.

      --
      EvilCON - Made Famous by /.
  3. Re:Ouch! by Canazza · · Score: 5, Funny

    1) Hacker Sends SMS to target phone
    2) Phone gets virus, virus looks up address book and sends itself to everyone in their address book
    3) Phone with virus does evil stuff to phone

    Damn, that's excellent... erm, I mean... too bad... for... you know... California... and Art Students...
    Phones are for phoning people
    PDAs/Netbooks/Laptops are for doing business on the move
    Laptops/Gameboys are for mobile gaming

    The only combination I'll accept are mobile phones that play my MP3's... since it's a small, simple extension of the already availible 'ringing' feature of phones :P
    Oh, and cameras... I'll accept camera phones... They're useful.
    And Skype access
    And Wifi for the Skype...
    and while we've got Wifi we might as well have a browser
    and maybe the ability to put other apps on it too...

    *damnit* I've fallen for feature creep... someone help!

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  4. i sense a disturbence in the force by timmarhy · · Score: 3, Funny

    it was as if 1000 apple fanbois cried out and then were silent...

    --
    If you mod me down, I will become more powerful than you can imagine....
  5. Next thing ... by Stavr0 · · Score: 5, Funny

    Could the iPhone be jailbroken via SMS?

  6. Re:Ouch! by Joce640k · · Score: 2, Funny

    He used to work for Microsoft where he spent his time adding "can execute code" to all their media file formats. Now he's at Apple (and continuing the good work...)

    --
    No sig today...
  7. Re:Run up your bill too by Joce640k · · Score: 3, Funny

    Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland

    --
    No sig today...
  8. Re:Ouch! by Comatose51 · · Score: 1, Funny

    Well, I hope you removed the air conditioner and the stereo from your car because A/C is for cooling and stereo is for listening. They have no purpose in the car. While we're at it, let's take out the headlights too. Oh that starter motor is just a total dead weight. Talk about feature creep! Wheel, brakes, and an engine should be all you have in your car.

    --
    EvilCON - Made Famous by /.
  9. Re:Well there's your problem! by Peregr1n · · Score: 3, Funny

    Yeah! Ban the characters '0' and '1' from text messages and stop this binary nonsense!

  10. Apples Newest Product... by Sfing_ter · · Score: 4, Funny

    The iPwn. Be the first on your network to get iPwned.

    Pwn Different!

    Just Pwn.

    http://www.screenprintingasap.com/EBAY/ipwn/ipwn_a.jpg

    --
    A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
  11. Re:Run up your bill too by arndawg · · Score: 2, Funny

    Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland

    I think that is kind of glorifying the showers in prison.