iPhone Vulnerability Yields Root Access Via SMS

snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."

Ouch!

[thomasdn]

We do not know the details of this yet, but if this is really an "sms to root" exploit, it can be used for sms-based virusses that can spread very fast.

Re:Ouch!

[Canazza]

1) Hacker Sends SMS to target phone
2) Phone gets virus, virus looks up address book and sends itself to everyone in their address book
3) Phone with virus does evil stuff to phone

Damn, that's excellent... erm, I mean... too bad... for... you know... California... and Art Students...
Phones are for phoning people
PDAs/Netbooks/Laptops are for doing business on the move
Laptops/Gameboys are for mobile gaming

The only combination I'll accept are mobile phones that play my MP3's... since it's a small, simple extension of the already availible 'ringing' feature of phones :P
Oh, and cameras... I'll accept camera phones... They're useful.
And Skype access
And Wifi for the Skype...
and while we've got Wifi we might as well have a browser
and maybe the ability to put other apps on it too...

*damnit* I've fallen for feature creep... someone help!

Re:Ouch!

[Jurily]

Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?

Re:Ouch!

[rts008]

...it can be used for sms-based virusses that can spread very fast.

A blackhat could have a field day with this on Twitter!

Re:Ouch!

[Joce640k]

He used to work for Microsoft where he spent his time adding "can execute code" to all their media file formats. Now he's at Apple (and continuing the good work...)

Re:Ouch!

[Comatose51]

Well, I hope you removed the air conditioner and the stereo from your car because A/C is for cooling and stereo is for listening. They have no purpose in the car. While we're at it, let's take out the headlights too. Oh that starter motor is just a total dead weight. Talk about feature creep! Wheel, brakes, and an engine should be all you have in your car.

Re:Ouch!

[Canazza]

1) I don't own a car
2) You missed the point
3) You really think that Grindr is as essential to a phone as a wheel is to a car?

Re:Ouch!

[GeorgeStone22]

I don't get your mindset. The phone has obviously sold millions upon millions. It's doing something right. It's called usability and the iPhone has it by the bucket loads. Before the iPhone came about putting apps onto a phone was annoying and awkward for the average user. You had to download the .sis (On symbian OS) then put it on a memory card, then finally install it. Apple have made mobile applications accessible to the masses, and Grindr is proof of that. I don't agree with everything Apple has done with the iPhone, but I agree with enough of it to have just ordered a 3Gs. My previous phone was a Nokia 6600 which was probably more feature rich, but using it was torture.

Re:Ouch!

[forand]

My best guess would be the cell providers. They want someway to control the devices on their network or update them remotely if so needed.

Re:Ouch!

[Nerdfest]

That would be Steve Jobs ... but he's a sick man.

Re:Ouch!

[fmobus]

Yeah, because the same happened in the webserver market. Apache installations get rooted every single minute.

Re:Ouch!

[L4t3r4lu5]

This might be linked to the MobileMe Find My iPhone, Remote Wipe, and remote message facilities. If these are commands sent by SMS message from MobileMe, then perhaps they can be overflowed to run arbitrary commands.

After all, if you can wipe the phone remotely, then that system has root access, does it not?

N.B. I am not a security researcher.

Re:Ouch!

[Meneth]

You failed at "Skype". :)

Re:Ouch!

[Sockatume]

It's not a true SMS-to-root exploit. So far he's only been able to crash part of the device's software with it, he's still looking into whether it can be used to run arbitrary code.

Re:Ouch!

[FlyingBishop]

The second link describes a general vulnerability in the SMS protocol. It sounds like you may need to have a wireless transmitter in general proximity to the phone. You then send a spoofed ("fuzzed") message which the phone interprets poorly, with the end result that it executes some code you have chosen.

It also doesn't necessarily look like this would result in the sort of viral behavior we usually see from exploits, since the SMS does not show up on the carrier's radar (which I interpret to mean that it cannot pass through the carrier tower.)

Though I don't know if phone-to-phone direct could be used to do this.

Re:Ouch!

[DustoneGT]

When the fuck did we get ice cream?

Re:Ouch!

[Enzo1977]

the same people who insisted on having true MMS on the iPhone, although e-mail has always been a perfectly functionable alternative.

Re:Ouch!

[BikeHelmet]

Indeed. Vulnerability, or backdoor? "Fixing" the solution probably involves verifying the text message came from Apple.

Re:Ouch!

[sgt_doom]

"Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?"

Master control? The Illuminati? World Domination Society? Those Free Mason chaps? Hank Paulson, wherever the f**k he is? Goldman Sachs? JPMorgan Chase? Morgan Stanley? InterContinental Exchange? ICE US Trust? DTCC?

Re:Ouch!

[AcidPenguin9873]

Obviously I don't know the details of the exploit, but no phone software would willingly execute code that they have no control over. These exploits take advantage of security bugs in the phone software to get them to execute code.

A simple naive example is the classic stack buffer overflow. I might send a malformed SMS that encodes a 200-byte message (140 bytes is the byte limit for SMS). If the software that processes the SMS didn't check that the byte count is less than 140, it might happily write those 200 bytes into a stack-allocated 160-byte character array (160 being the character limit for SMS). Now you've overflowed that fixed-size 160-byte buffer by 40 bytes. Some of those 40 bytes are going to scribble over the return address of the called function. When the function returns, you now are controlling where it returns to. That's the "exploit". (This example is probably way too simple and is likely NOT how the actual phone exploit works; it is just to illustrate the point.)

The second part of the exploit is the "payload", which is located somewhere else in that extra 40 bytes. If you can do it right, you can construct your exploit such that you point the return address *into* the payload, and now when the function returns, the payload is where you're executing from. You have now effectively gained control of the phone, because it's executing code that you gave it. It didn't willingly execute it for you, you took advantage of a security flaw to do so.

Re:Ouch!

[Jurily]

I might send a malformed SMS that encodes a 200-byte message

No, you can't.

Messages are sent with the MAP mo- and mt-ForwardSM operations, whose payload length is limited by the constraints of the signalling protocol to precisely 140 octets (140 octets = 140 * 8 bits = 1120 bits).

Re:Ouch!

[AcidPenguin9873]

Let me repeat TWO of the disclaimers that I put in my original post:

Obviously I don't know the details of the exploit,

(This example is probably way too simple and is likely NOT how the actual phone exploit works; it is just to illustrate the point.)

And you seem to have missed the very next paragraph in the Wikipedia article where it talks about multi-segment SMS, which (from just the /. summary) sounds like what this exploit targets.

Re:Ouch!

[eudaemon]

Well except the ones running under a dedicated non-root user, preferably with sysjail or the like.
But you mean default installs, right?

I expect the android platform will be next... it's really linux, it has full blown access to your contact
list, and it too accepts SMS. Hell it's probably pingable! I'll have to try it when I get my replacement device.

Re:Ouch!

[fmobus]

From what I read of androi api, some time ago, it ain't that open.

Android has a intent-based security model. An intent is any action that requires data from outside the application or that involves doing things outside the app's jail. In this model, reading a contact list would require an Intent.

In order to load, an application must always carry a manifest, in which the application's intents are listed. When a user loads an application, this manifest is read by the runtime, and the user may allow or disallow access to each intent for that application.

Also, Android helps reuse and standardization, in that "activities" can be requested by the application. One such activity would be selecting one contact. For example, a homebrewed SMS app, in order to send a message, needs a number. This number is to be retrieved from the contact list. The app then requests a "select one contact" activity, and the runtime calls the appropriate GUI, returning the selected contacted to the calling app once the user selects it. Quite interesting :)

Re:Ouch!

[fmobus]

by the way, apache2, in my default installation, runs as www-data.

Re:Ouch!

[numbski]

The same person that thought it was good to have automatic voicemail notification. Most modern GSM phones have a special set of binary SMS that come through for various purposes, one being voicemail notification.

Re:Ouch!

[alexandre_ganso]

Brakes? They are entirely against the whole purpose of a car, which is to go faster than a horse from one place to another. Brakes do the opposite! Let's take out brakes!

Re:Ouch!

[kv9]

Before the iPhone came about putting apps onto a phone was annoying and awkward for the average user. You had to download the .sis (On symbian OS) then put it on a memory card, then finally install it.

all the apps on my Nokia have been installed by "clicking" on links from the browser. I never had to do any of the crazy shit you're talking about. it even has a thingy that lets me browse various categories of applications and install them with one click (kind of... like... an appstore... HOLY SHIT!). I never even have to plug the damn thing to transfer stuff because of bluetooth.

Wonder how this goes together ..

Wondering if this can be combined with iPhone's ability to heat red hot while in your pocket

Re:Wonder how this goes together ..

http://www.theregister.co.uk/2009/07/02/critical_iphone_sms_bug/

This is an article that isn't full of the ridiculous hype bullshit that infoworld.com is printing.

Re:Wonder how this goes together ..

[Hurricane78]

Man I just found someone else openly describing the way to root an iPhone via SMS. (I don't know if he started to search after he heard this or what.)

I HAVE to try this on some dudes (and I girl) I know.

Then I will make a lolappleboi photo of them, and caption it with "Laem iPwn oozr iz laem." (Think of the original meaning of "lame".)
Or, depending on what happens, I could use just one word: "iBurn". :D

Ok, I know I'm evil. :D

Can't Carriers Stop this?

[forand]

So this is bad news for the iPhone but it seems like any carrier of the iPhone should want to implement a simple filter to remove any malicious SMSs from the system.

Re:Can't Carriers Stop this?

[Joce640k]

Ummm, carriers stand to profit from this so why would they?

Re:Can't Carriers Stop this?

if any of you had RTFA:

allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices. This method does not use the carrier and so is free (and invisible to the carrier). .

the key is "this method does not use the carrier"

you're welcome

Re:Can't Carriers Stop this?

[Rogerborg]

Ummm, carriers stand to profit from this so why would they?

Humanity </Zarkov>

Re:Can't Carriers Stop this?

[SpzToid]

Actually this type of exploit has been known to effect Nokia phones for awhile already. It seems only normal someone would figure out how to do it to an iPhone, (unless Apple was proactive in thwarting such an attack, which hasn't been the case)

http://www.google.com/search?q=nokia+malformed+sms&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=firefox-a

Re:Can't Carriers Stop this?

[forand]

How the heck does this method send an SMS without using the carrier?

Re:Can't Carriers Stop this?

[FlyingBishop]

I assume you take a transmitter, and you send it to the phone. I don't know what sort of proximity that would require.

Re:Can't Carriers Stop this?

[Dragonslicer]

Ummm, carriers stand to profit from this so why would they?

Maybe I'm not thinking evilly enough, but how would a carrier profit from phones on their network being exploited? If anything, it would start costing them resources when the phones are used to launch DDoS attacks.

Re:Can't Carriers Stop this?

[Mista2]

And why not add some antivirus and a firewall on the phone, and make it a bit bigger, say like a netbook... damn, feature creep again 8)

Re:Can't Carriers Stop this?

[dlgeek]

The phones will start sending out floods of text messages. People who don't have text plans will pay $0.40 for the received texts. That could be hundreds of dollars caused by one infected iphone (with a text plan, so they won't have anything extra billed) but paid but a large number of customers who aren't going to get upset over $1-$2.

Re:Can't Carriers Stop this?

[amicusNYCL]

It's not the carrier's responsibility to look at all SMS messages going through their system and filter them out, it's the iPhone's responsibility to not execute untrusted code in the first place. If this was a Microsoft device that's exactly what people would be saying.

Re:Can't Carriers Stop this?

[omuls+are+tasty]

Actually the other FA says:

The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network.

So it's not really GP's fault.

iPhone Vulnerability Yields Root Access Via SMS

"...Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations,..."

Cool now my wife can have that iphone she always wanted.

Re:iPhone Vulnerability Yields Root Access Via SMS

[phillips321]

Why not just lock her in the house redneck style?

So I assume a buffer overflow?

Wow, buffer overflows in 2009.

I guess ARM needs to implement No Execute Bit in their CPUs. You can't protect against dumb programmers.

If it wasn't a buffer overflow, then how in the name of all that is chocolate did some binary data get to be executable?!

--
Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment.
It's been 13 minutes since you last successfully posted a comment

LOL.

Prevention/Defense

[InsertWittyNameHere]

If any of you iPhone users wants to know how to prevent this attack, please reply with your cellphone number and I will TXT you the details.

You're welcome!

Re:Prevention/Defense

[Comatose51]

9-1-1 I'm going to disable SMS for now just to be safe so just call it and tell me. If my hot blonde, high libido girlfriend picks up, say some obscene things to her. Just act out your fantasy right over the phone. She loves that.

Run up your bill too

[nurb432]

Nice little dDos attack device, with one hell of a use fee at the end of the month ...

Re:Run up your bill too

[Joce640k]

Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland

Re:Run up your bill too

[Hurricane78]

I recommend a tune of differently intonated farts, vomits, snots and 50 cent lyrics. It's the perfect fit!

Re:Run up your bill too

[arndawg]

Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland

I think that is kind of glorifying the showers in prison.

Well there's your problem!

"as SMS can send binary code that the iPhone processes without user interaction"

Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?

Re:Well there's your problem!

[TheRaven64]

Why would it do that? When you only have a small number of bytes, you want a character set that uses them all. SMS originally used a 7-bit character set, where every 7-bit sequence was a valid printing character. Now you can use 8-bit or 16-bit encodings, but every value is valid. Or do you think there is some magical difference between text and binary? Text is just binary where there is a well-defined mapping from numbers to characters.

Re:Well there's your problem!

[Peregr1n]

Yeah! Ban the characters '0' and '1' from text messages and stop this binary nonsense!

Re:Well there's your problem!

[sam0737]

"as SMS can send binary code that the iPhone processes without user interaction"

Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?

you mean allows only Chinese or Russian to pass through?

The unicode used is UTF-16, not UTF-8, which almost means every binary code is valid except for some range.

Re:Well there's your problem!

[goodtim]

I don't have an iPhone, so I'm not sure if you can do this, but my Blackberry can send SMS's with embedded pictures/videos/sounds. Commonally called MMS. According to wikipedia, its an exension of the SMS standard. I would assume this is where the vulnerabilities lie.

http://en.wikipedia.org/wiki/Multimedia_Messaging_Service

Re:Well there's your problem!

[CrashandDie]

Yes, because nobody has ever thought of something like base64 to represent binary with printable characters...

Re:Well there's your problem!

[topham]

Actually, they do MMS just fine.

But I wouldn't expect you to know that.

Re:Well there's your problem!

[pwfffff]

Yeah, once you hack it and fool AT&T into thinking you don't actually have an iPhone.

But I wouldn't expect you to admit that.

Re:Well there's your problem!

[noelhenson]

Shouldn't SMS messages only contain SMS TEXT?! The worst that should happen is that you have a binary SMS message in your inbox.

Re:Well there's your problem!

[sp332]

You've never heard of the EICAR.COM virus? (not the website, the win16, 100% ASCII virus)

Re:Well there's your problem!

[pwfffff]

OK, so people (not in the US (who've upgraded to 3.0)) can MMS.

Still hilarious that it didn't come stock.

Apple fanboys are awfully rabid today aren't they, putting words in my mouth and all...

Re:Well there's your problem!

[da_matta]

Text messaging is actually just one service of the SMS bearer, and it can also used for sending binary content like configuration messages. There are also many variations (e.g. charactersets), which are defined be the PDU headers. Checkout the protocol identifiers for available services.

This sounds like a classical failure to correctly validate the data or handle some unsupported combination resulting in a crash or a buffer overflow. What is amazing is that they can fit an actual payload to the message...

Re:Well there's your problem!

[Tony+Hoyle]

Wrong on both counts.

1. iPhones do SMS
2. MMS is not HTTP.. not even close.

Re:Well there's your problem!

[0xdeadbeef]

According to wikipedia, its an exension of the SMS standard. I would assume this is where the vulnerabilities lie.

I would assume that you're an ignorant hillbilly who hasn't the slightest clue of what you're talking about, but believes that linking to Wikipedia will get you lots of +1 Informative.

Re:Well there's your problem!

[His+Shadow]

So you come here with your vicious stupidity but it's "Apple fanboys" who are rabid? Apple bashers seemingly have one thing in common: they are inordinately smug c***suckers routinely calling the kettle black.

Re:Well there's your problem!

[daath93]

I am proud not to own or be pwned by one. I would think the featured article would just automatically provide me with at least one reason ;)

Re:Well there's your problem!

[daath93]

Wow, the anonymous interwebs strikes again. Where you can post a scathing response to someone who was merely participating in the discussion and referencing where he got his information. And in one fell swoop you fail to provide any informative counter debate and opposing references.

Oh hell...they warned me not to feed the trolls...

Re:Well there's your problem!

[Nazlfrag]

common misconception. the numbers '48' and '49' aren't decimal, they in fact correspond to the numbers 00110000 and 00110001. you'd have to stick your HEAD up your NULL for naughty ones.

sorry, just stained myself...

Re:Well there's your problem!

[kv9]

Text messaging is actually just one service of the SMS bearer, and it can also used for sending binary content like configuration messages.

this is correct, I've had the (mis)fortune of working with OTA provisioning in the past, and you can do some pretty crazy things to people's handsets. and because of the hugely incompatible standards and models out there not all will require the user's confirmation.

Re:Well there's your problem!

[kv9]

Apple bashers seemingly have one thing in common: they are inordinately smug c*** suckers

I thought that's the one thing that Apple fanbois had in common... now I'm confused.

Re:Well there's your problem!

[giuda]

This is Slashdot, we already knew that.

Also: WHOOOOOSSHHHH!!!!

i sense a disturbence in the force

[timmarhy]

it was as if 1000 apple fanbois cried out and then were silent...

Re:i sense a disturbence in the force

[TheRaven64]

I note Symbian is conspicuously absent from that list. Interesting, considering that it has around 70+% of the market (isn't market share the excuse MS apologists always give for exploits?). Still a large enough installed base for a very irritating SMS-spam botnet though.

Re:i sense a disturbence in the force

[Oktober+Sunset]

if only... even if every mac on the planet turned into a robot and killed a baby before collapsing into a pile of toxic debris, it would only shut the fanboys up for 5 minutes before they resumed bleating on about garage band and iphoto...

Re:i sense a disturbence in the force

[schon]

even if every mac on the planet turned into a robot and killed a baby before collapsing into a pile of toxic debris, it would only shut the fanboys up for 5 minutes

This is blatantly false and you know it!

If that happened, every true fanboy would immediately start talking about how awesome it was that Jobs had his own robot army.

Re:i sense a disturbence in the force

Non only apple fanboys

Yes, only apple fanboys.

From: http://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Miller

We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices.

You'll note the specific absence of the phrases vulnerability or code execution in that description. And if you'd bothered to keep it in context, you would have included the next sentence, which mentions that the reason it's important is that this is the ability to inject SMS without using the carrier.

So yeah, it is only apple fanboys.

Re:i sense a disturbence in the force

[Hurricane78]

...because their iPwnes now cry for them. All day and all night. About Vi4gra, P3nis enlagrements, Xial1s, and in russian about DDOSing the iTunes store.

Re:i sense a disturbence in the force

[ae1294]

about garage band and iphoto..

I thought you wrote ipotato.... I was getting all excited about a new Apple Product and shit...

Next thing ...

[Stavr0]

Could the iPhone be jailbroken via SMS?

easy to stop on att just have them block txt.

[Joe+The+Dragon]

easy to stop on att just have them block txt.

the real bad part about this is that if you don't have a txt plan some one can spam you and you pay $0.20 per in coming txt how ever this may be a good thing as if this goes big time then they may be forced to make incoming free.

Re:easy to stop on att just have them block txt.

It still never ceases to amaze me that US carriers get away with charging for INCOMING text messages.

Here in the UK we don't always get the best or cheapest service plans, but one thing that every plan from every provider has in common is that incoming standard text messages are free.

Re:easy to stop on att just have them block txt.

[FTWinston]

Yikes, I had no idea they charged to [i]receive[/i] ... thats crap! Do they charge you to receive calls too?

Re:easy to stop on att just have them block txt.

[GeorgeStone22]

I think so. I have some american friends who bought a pay & go mobile to use here in the UK. When I would phone them they would almost always hang up on me. When I asked why they said they only had a little credit left and they needed it. I explained that over here incoming anything is free. Only costs to send.

Re:easy to stop on att just have them block txt.

[san]

I thought it sucked too, in the beginning, but the upside is the cell phone has a normal telephone number with a real area code.

Calling somebody on a cell phone costs the same as calling somebody on a land line, so the cell phone carriers can't do the scam they're pulling off in Europe, where calling a cell phone in a different country is an order of magnitude more expensive than calling a landline in that same country.

I was happy to pay to receive calls because of that (the per-minute rate is pretty low).

Re:easy to stop on att just have them block txt.

[DarkVader]

Yeah, it sounds bad at first, but the upside very much overcomes the downside.

And throw in that cell phones in the US don't have long distance charges to anywhere else in the US (and that's a lot of land to cover) and it's really a better deal here.

And you can even port a landline number to a cell phone, since they're not charged differently to call.

Oh, and don't forget, we have several unlimited calling options, it's about $100/month and then you never have to worry about per minute charges again, incoming or outgoing - for a local area carrier like Cricket, it's even less (around $40/month these days I think), you just don't get coverage outside your home town.

Re:easy to stop on att just have them block txt.

[supernova_hq]

I Canada we get charged for incoming and outgoing calls and outgoing texts. They used to charge for incoming texts, but I believe the government stepped in (because ALL incoming texts in Canada are now free).

Re:easy to stop on att just have them block txt.

[san]

True: calling a lot isn't too expensive in the US: it's calling a little that's (relatively) expensive. The last time I checked the cheapest plans were around $30 a month.

In Europe I've had plans for about $15 a month that allow me to call for about 250 minutes (counted in seconds, so a 15 second call is counted as a quarter minute) in the country, or more than an hour to anywhere in Europe or North America. AFAIK There's nothing comparable in the US.

SMS?

[yourassOA]

Seems more like a back door than anything and now that it has been discovered Apple will try to fix (hide it better) the problem. Seems to me like most of the vulnerabilities would benefit law enforcement the most, weird huh? It not like this never happened with Microsoft, encryption key, and the FBI.

Re:SMS?

[Short+Circuit]

Any privilege elevation exploit will benefit anyone seeking elevated privileges on your equipment. This included law enforcement, the mafia and your mom.

Nice little bit of paranoia you've got going there.

Re:SMS?

[Culture20]

Any privilege elevation exploit will benefit anyone seeking elevated privileges on your equipment. This included law enforcement, the mafia and your mom.

My mom's a dirty cop working for the Mafia, you insensitive jerk!

At least SOMEBODY has full access to my iPhone!

[just+fiddling+around]

That's just great. I can't use all the features of the iPhone because it is crippled by the providers, but any dumbass can get root by SMS?

If I had "bought" one (I consider the current way of getting it as rent-to-own), I would be pissed.

Re:At least SOMEBODY has full access to my iPhone!

[torrentami]

that was my first thought. I'd like to send myself an SMS and let myself have root access and change all the config files to do what I want them to do.

SMS limit isn't 140 characters

[praseodym]

SMS has a limit of 160 characters, not 140. Twitter has a 140-character limit because of its SMS-interface which leaves 20 characters for commands etc. in addition to the message.

Re:SMS limit isn't 140 characters

[FlyingBishop]

I suspect the iPhone format uses exactly the same space for data about the message. Number of messages, message id, something else. Those two should only take 8 characters tops, but I'm sure they're going to need all 20 of them by the time they're done patching this exploit.

Or they could just ditch this stupid distinction between data and SMS. But that would take up entirely too much bandwidth...

Re:SMS limit isn't 140 characters

[admiral201]

ISTR that SMS is 160 characters, but those characters are 7-bit characters, making the total SMS message length in bytes shorter (about 140 bytes).

Hence, if you're sending 8-bit ("binary") data, it would be limited to those same 140 bytes.

Re:SMS limit isn't 140 characters

[cadience]

so SMS is not unnicode?

Mobile homebrew gaming?

[tepples]

Laptops/Gameboys are for mobile gaming

What do you recommend for mobile gaming that meets my cousin's criteria?

1. Smaller than an Eee PC. Laptops are harder to carry than something that fits in a pocket.
2. Allows students, hobbyists, and small companies to develop for the platform. Nintendo and Sony take stances against homebrew.
3. Can be purchased with cash in the United States. Please don't shut out children who have saved their birthday and lawn mowing money.

Laptops fail 1, Game Boy fails 2, and GP2X fails 3. The only video gaming platform we could find that meets all these criteria is a Texas Instruments graphing calculator, so he bought a TI-84 Plus Silver.

Re:Mobile homebrew gaming?

[SomeNoob]

I see G1 phones on craigslist all the time for not much more than the TI-84.

Re:Mobile homebrew gaming?

[pwfffff]

Keep your eye on http://www.openpandora.org/

Re:Mobile homebrew gaming?

[tepples]

Can be purchased with cash in the United States.

G1 phones on craigslist

Is craigslist open to children or cash payments?

Re:Mobile homebrew gaming?

[dunkelfalke]

Any Windows Mobile PDA will do actually.

Re:Mobile homebrew gaming?

[SomeNoob]

Anybody can use craigslist, and cash is preferred. Just don't send the kid alone to meet somebody.

Re:Mobile homebrew gaming?

[Thantik]

www.openpandora.org - They have about 2000 of them made and ready to go, they're working on starting up mass production, should be sending out like 200 of them to devs within the month.

Re:Mobile homebrew gaming?

[atmtarzy]

A Nintendo DS with a cart to allow homebrew, or a PSP with functionally the same thing.

Fits 1 perfectly (unless your cousin has small pockets)
Fits 2, as long as your cousin doesn't care about doing what Nintendo and Sony don't want him to.
Fits 3 partly. You can buy the DS or PSP and the storage medium (Usually microSD) in the US, with cash. The interface to let you play homebrew is another story though.

Hopefully your cousin can compromise on part 2 and part 3.

Didn't this just happen?

[sys.stdout.write]

How does this compare to the story from two weeks ago?

Seems to affect other smart phones as well ...

[FelxH]

from the second link: "We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices."

Re:Seems to affect other smart phones as well ...

[El_Muerte_TDS]

No learn to read. The second link says that they have technology to send an SMS Message to a phone without needing a carrier. It doesn't say anything about exploiting bugs in the handling of the SMS Message.

Re:Seems to affect other smart phones as well ...

[FelxH]

yes ... sending sms without a carrier in order to find vulnerabilities in smart phones through fuzzing. They are not specific though what potential vulnerabilities they found among the listed smart phones, expect for the one found in the iPhone (via the first link). So it is true that this could mean that they didn't find any big vulnerabilities in the other phones, but maybe the iPhone one just attracted the most attention ...

Re:Seems to affect other smart phones as well ...

[Hurricane78]

Apparently no Symbian devices. I know that Nokia allows for apps to be installed in a way, in which they somehow go trough the generic message inbox (the one that gets SMS, e-Mail, etc)
But the Symbian devices lets you jump trough at least two hoops before it gets installed. First you have to agree to run the installer. And then you have to agree for the installer having the right to install anything that will survive a reboot, without the usually needed certificate.

Outlook all over again?

[KlaymenDK]

How the hell can a format that's supposed to be passive plain text yield root access? Just receive and store the damn text, don't try to interpret it! If other apps want to peek into received messages and perform actions on that, fine, but this is just Outlook all over again!

Re:Outlook all over again?

[peppepz]

With the current 3GPP specification SMS can also be concatenated, contain pictures and sounds, configure your phone’s browser, contain "push" links etc.
99% of this functionality is crap and was made obsolete by MMS, but phones still have to support it.

Re:Outlook all over again?

[ae1294]

How the hell can a format that's supposed to be passive plain text yield root access? Just receive and store the damn text, don't try to interpret it! If other apps want to peek into received messages and perform actions on that, fine, but this is just Outlook all over again!

Simple.. you send the message -

root ...

Re: why skype and not SIP (voip)

[SpzToid]

Please don't promote skype in this space. It is too proprietary, and consumes too much battery power running as a 3rd party app.

Why not buy a true SIP phone? Then you can set it up like an extension at your office/PBX, or configure it directly to a service like www.voipcheap.com. Personally, I won't buy a phone unless it is supported on a list like this one:
http://www.forum.nokia.com/Technology_Topics/Mobile_Technologies/VoIP/Nokia_VoIP_Framework/VoIP_support_in_Nokia_devices.xhtml

In the US, T-mobile sells uncapped (AFAIK) mobile internet for $40 a month. Another 'perk' under such a plan is A-GPS (combined cell-tower plus true GPS for speed).

This makes your mobile device much closer to being a standardized 'client' to web services. In fact I even turn my N95 into a 3g router, using www.joikuspot.com (so I don't have to swap the SIM with my USB modem).

Apples Newest Product...

[Sfing_ter]

The iPwn. Be the first on your network to get iPwned.

Pwn Different!

Just Pwn.

http://www.screenprintingasap.com/EBAY/ipwn/ipwn_a.jpg

Depends how you define characters

[multipartmixed]

And the case of binary data, you're dead wrong.

GSM SMS payload is 140 8-bit characters, or bytes, depending how you look at it.

The default SMS text encoding format uses 7-bits, and employs a bit-shifting algorithm to pack 160 7-bit characters in to 140 bytes. Binary formats can't use this compression, as, well, they need all eight bits.

Re:Depends how you define characters

[praseodym]

You're correct. And to complete it:

"Larger content (Concatenated SMS, multipart or segmented SMS or "long sms") can be sent using multiple messages, in which case each message will start with a user data header (UDH) containing segmentation information. Since UDH is inside the payload, the number of characters per segment is lower: 153 for 7-bit encoding, 134 for 8-bit encoding and 67 for 16-bit encoding." -- from Wikipedia

So, in this case it's 134 bytes and not 140 since the payload probably doesn't fit in a single 140 bytes.

Pandora is like the GP2X in this regard

[tepples]

Can be purchased with cash in the United States [...] GP2X fails

Keep your eye on http://www.openpandora.org/

I am aware of the Pandora PDA, expected to be out by the fourth quarter of 2009, but I am not aware of a U.S. retail chain that has committed to stock it. As I understand it, it will be available exclusively through mail order, an option that isn't open to children who are paying with accumulated cash.

Not likely

The way it probably works (I am not 100% sure) is with the persistent Internet connection the phone maintains for push notifications support.

Re:But...but...

[VulpesFoxnik]

You are not a PC. You are human being. Stop saying that.

Good luck finding Windows Mobile Classic anymore

[tepples]

Phones are for phoning people
PDAs/Netbooks/Laptops are for doing business on the move

[For gaming,] Any Windows Mobile PDA will do actually.

Good luck finding a new Windows Mobile Classic (formerly Pocket PC) device in 2009. All the stores are pushing devices that run Windows Mobile Standard (smartphone) or Windows Mobile Professional (smartphone with touch screen), and the whole premise of this thread is to find a device without a phone and without the 2-year service commitment that comes with most phones.

Cancel Texting

[joNDoty]

I recently canceled texting completely on my iPhone 3GS. Texting fees are outrageous and I'm not putting up with them anymore. If you want to text me, send it to my email address. Your phone probably supports texting to an email address and you don't even realize it. You can also reply to free texts I send you and I get notified instantly.

Sure, I can't receive texts sent to my phone number, but that's a sacrifice I'm willing to make if I'm going to help my country kick this ridiculous habit of overpaying for tiny emails.

Re:Cancel Texting

[Tony+Hoyle]

Very, very few phones support email, and those that do mostly don't come with setups to talk to a compliant SMTP server, because nobody uses it. I once tried to make a nokia do it.. 'its easy' said the fanboys. 3 days later I gave up.. and that's with control of my own SMTP server and the ability to reflash the firmware to enable the email options.

Email is dead, anway. If you want to wade through penis enlargement adverts sure keep using email. Everyone else has moved on.

Re:Cancel Texting

[Thantik]

What's funny is that if you say you use email to a teenager, they usually make some snide comment about they use text messaging, email is for old people...

SMS is just email in a more restricted format. I don't see how people honestly think it's any different. (Ok, yes I do; Most people are sheep.)

Re:Cancel Texting

[DarkJC]

Well it's a little different because a lot of people, even if they have email on their phones, don't have push email either. SMS is nice in the sense that, because it's part of every phone, it's pretty much guaranteed to be an immediate notification unless said person has their phone off. That's something that email can't replace any time soon.

I agree that the prices for SMS and MMS messaging are outrageous for what they are though. I pay $30/month for 6GB of data, and you're trying to tell me that I should be paying 15c to send 140 bytes of data? It's crazy.

Sounds more like an FBI Backdoor than an exploit

[Jackie_Chan_Fan]

Sounds more like an FBI Backdoor than an exploit.

Oh but dont worry, the federal government has your interest at heart.

Re:Good luck finding Windows Mobile Classic anymor

[dunkelfalke]

Not that difficult. Shall I name a few device names?

- Pharos 535v
- HP iPaq 111
- HP iPaq 211 (would go for that one, 4" VGA screen rocks)

Motorola/Symbol still make lots of them but they are way too expensive, and not as robust as they look like.

The used market should be huge.

And by the way, is it really the case that you cannot buy a Windows Mobile phone without a contract? In Germany it wouldn't be a problem at all.

Cell providers == botnet ops

[jonaskoelker]

They want someway to control the devices on their network or update them remotely if so needed.

Wait, are you talking about cell providers or botnet operators?

I suddenly feel this appetite for brains... *turns off phone* hmm...

</cynicism>

Grindr

[commodoresloat]

You really think that Grindr is as essential to a phone as a wheel is to a car?

Dude, Grindr is an application that helps you find sex. A wheel on a car helps you to drive to a location where you can find sex. If you remove either one, the result is the same -- it's more difficult to find sex. What's so difficult to understand here?

Re:Good luck finding Windows Mobile Classic anymor

[tepples]

Children can't shop online, and I haven't seen the iPAQ products at the local Best Buy or Office Depot store. So how would a kid who is holding $400 in $20 Federal Reserve notes buy such a PDA?

Re:Good luck finding Windows Mobile Classic anymor

[Ambiguous+Puzuma]

Is buying a $400 Visa/Mastercard gift card, then using that to shop online, an option?

no great mystery - police control codes left open

[gregconquest]

I don't know why anybody hasn't linked the two together, but SMS control codes are how the police get your phone to send your GPS coordinates when making a 911 call. Control codes are also there for turning the mic on and broadcasting the audio -- and who knows what else? (look up "roaming bug" for more info.)

Re: Worse than that

[Douglas+Goodall]

Back when I owed credit cards, I became concerned I was about to go over my minutes in my plan. So I powered down my cell, but the carrier continued to bill me for incoming calls from creditors using overtime minutes and sent me a bill for hundreds of dollars. Beware.