iPhone Vulnerability Yields Root Access Via SMS

← Back to Stories (view on slashdot.org)

iPhone Vulnerability Yields Root Access Via SMS

Posted by timothy on Friday July 3, 2009 @01:01AM from the tweet-hack dept.

snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."

20 of 186 comments (clear)

Min score:

Reason:

Sort:

Wonder how this goes together .. by Anonymous Coward · 2009-07-03 01:08 · Score: 3, Insightful

Wondering if this can be combined with iPhone's ability to heat red hot while in your pocket
Can't Carriers Stop this? by forand · 2009-07-03 01:08 · Score: 3, Insightful

So this is bad news for the iPhone but it seems like any carrier of the iPhone should want to implement a simple filter to remove any malicious SMSs from the system.
1. Re:Can't Carriers Stop this? by amicusNYCL · 2009-07-03 06:16 · Score: 4, Insightful
  
  It's not the carrier's responsibility to look at all SMS messages going through their system and filter them out, it's the iPhone's responsibility to not execute untrusted code in the first place. If this was a Microsoft device that's exactly what people would be saying.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
iPhone Vulnerability Yields Root Access Via SMS by Anonymous Coward · 2009-07-03 01:08 · Score: 5, Funny

"...Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations,..."
Cool now my wife can have that iphone she always wanted.
Prevention/Defense by InsertWittyNameHere · 2009-07-03 01:12 · Score: 5, Funny

If any of you iPhone users wants to know how to prevent this attack, please reply with your cellphone number and I will TXT you the details.
You're welcome!
Run up your bill too by nurb432 · 2009-07-03 01:14 · Score: 3, Insightful

Nice little dDos attack device, with one hell of a use fee at the end of the month ...

--
---- Booth was a patriot ----
1. Re:Run up your bill too by Joce640k · 2009-07-03 01:32 · Score: 3, Funny
  
  Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland
  
  --
  No sig today...
Re:Ouch! by Canazza · 2009-07-03 01:16 · Score: 5, Funny

1) Hacker Sends SMS to target phone
2) Phone gets virus, virus looks up address book and sends itself to everyone in their address book
3) Phone with virus does evil stuff to phone
Damn, that's excellent... erm, I mean... too bad... for... you know... California... and Art Students...
Phones are for phoning people
PDAs/Netbooks/Laptops are for doing business on the move
Laptops/Gameboys are for mobile gaming
The only combination I'll accept are mobile phones that play my MP3's... since it's a small, simple extension of the already availible 'ringing' feature of phones :P
Oh, and cameras... I'll accept camera phones... They're useful.
And Skype access
And Wifi for the Skype...
and while we've got Wifi we might as well have a browser
and maybe the ability to put other apps on it too...
*damnit* I've fallen for feature creep... someone help!

--
It pays to be obvious, especially if you have a reputation for being subtle.
Well there's your problem! by Anonymous Coward · 2009-07-03 01:16 · Score: 5, Insightful

"as SMS can send binary code that the iPhone processes without user interaction"
Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?
1. Re:Well there's your problem! by Peregr1n · 2009-07-03 01:38 · Score: 3, Funny
  
  Yeah! Ban the characters '0' and '1' from text messages and stop this binary nonsense!
i sense a disturbence in the force by timmarhy · 2009-07-03 01:20 · Score: 3, Funny

it was as if 1000 apple fanbois cried out and then were silent...

--
If you mod me down, I will become more powerful than you can imagine....
Next thing ... by Stavr0 · 2009-07-03 01:20 · Score: 5, Funny

Could the iPhone be jailbroken via SMS?
Re:Ouch! by Jurily · 2009-07-03 01:20 · Score: 5, Insightful

Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?
At least SOMEBODY has full access to my iPhone! by just+fiddling+around · 2009-07-03 01:35 · Score: 5, Informative

That's just great. I can't use all the features of the iPhone because it is crippled by the providers, but any dumbass can get root by SMS?
If I had "bought" one (I consider the current way of getting it as rent-to-own), I would be pissed.

--
You're not old until regret takes the place of your dreams.
SMS limit isn't 140 characters by praseodym · 2009-07-03 01:40 · Score: 5, Informative

SMS has a limit of 160 characters, not 140. Twitter has a 140-character limit because of its SMS-interface which leaves 20 characters for commands etc. in addition to the message.
Seems to affect other smart phones as well ... by FelxH · 2009-07-03 01:46 · Score: 5, Informative

from the second link: "We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices."
Re:Ouch! by L4t3r4lu5 · 2009-07-03 02:29 · Score: 4, Interesting

This might be linked to the MobileMe Find My iPhone, Remote Wipe, and remote message facilities. If these are commands sent by SMS message from MobileMe, then perhaps they can be overflowed to run arbitrary commands.

After all, if you can wipe the phone remotely, then that system has root access, does it not?

N.B. I am not a security researcher.

--
Finally had enough. Come see us over at https://soylentnews.org/
Apples Newest Product... by Sfing_ter · 2009-07-03 02:39 · Score: 4, Funny

The iPwn. Be the first on your network to get iPwned.
Pwn Different!
Just Pwn.
http://www.screenprintingasap.com/EBAY/ipwn/ipwn_a.jpg

--
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Depends how you define characters by multipartmixed · 2009-07-03 02:46 · Score: 3, Interesting

And the case of binary data, you're dead wrong.
GSM SMS payload is 140 8-bit characters, or bytes, depending how you look at it.
The default SMS text encoding format uses 7-bits, and employs a bit-shifting algorithm to pack 160 7-bit characters in to 140 bytes. Binary formats can't use this compression, as, well, they need all eight bits.

--

Do daemons dream of electric sleep()?
Cancel Texting by joNDoty · 2009-07-03 04:15 · Score: 3, Insightful

I recently canceled texting completely on my iPhone 3GS. Texting fees are outrageous and I'm not putting up with them anymore. If you want to text me, send it to my email address. Your phone probably supports texting to an email address and you don't even realize it. You can also reply to free texts I send you and I get notified instantly.
Sure, I can't receive texts sent to my phone number, but that's a sacrifice I'm willing to make if I'm going to help my country kick this ridiculous habit of overpaying for tiny emails.