Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Vulnerability Yields Root Access Via SMS

Posted by timothy on from the tweet-hack dept.

snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."

12 of 186 comments (clear)

  1. iPhone Vulnerability Yields Root Access Via SMS by Anonymous Coward · · Score: 5, Funny

    "...Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations,..."

    Cool now my wife can have that iphone she always wanted.

  2. Prevention/Defense by InsertWittyNameHere · · Score: 5, Funny

    If any of you iPhone users wants to know how to prevent this attack, please reply with your cellphone number and I will TXT you the details.

    You're welcome!

  3. Re:Ouch! by Canazza · · Score: 5, Funny

    1) Hacker Sends SMS to target phone
    2) Phone gets virus, virus looks up address book and sends itself to everyone in their address book
    3) Phone with virus does evil stuff to phone

    Damn, that's excellent... erm, I mean... too bad... for... you know... California... and Art Students...
    Phones are for phoning people
    PDAs/Netbooks/Laptops are for doing business on the move
    Laptops/Gameboys are for mobile gaming

    The only combination I'll accept are mobile phones that play my MP3's... since it's a small, simple extension of the already availible 'ringing' feature of phones :P
    Oh, and cameras... I'll accept camera phones... They're useful.
    And Skype access
    And Wifi for the Skype...
    and while we've got Wifi we might as well have a browser
    and maybe the ability to put other apps on it too...

    *damnit* I've fallen for feature creep... someone help!

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  4. Well there's your problem! by Anonymous Coward · · Score: 5, Insightful

    "as SMS can send binary code that the iPhone processes without user interaction"

    Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?

  5. Next thing ... by Stavr0 · · Score: 5, Funny

    Could the iPhone be jailbroken via SMS?

  6. Re:Ouch! by Jurily · · Score: 5, Insightful

    Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?

  7. At least SOMEBODY has full access to my iPhone! by just+fiddling+around · · Score: 5, Informative

    That's just great. I can't use all the features of the iPhone because it is crippled by the providers, but any dumbass can get root by SMS?

    If I had "bought" one (I consider the current way of getting it as rent-to-own), I would be pissed.

    --
    You're not old until regret takes the place of your dreams.
  8. SMS limit isn't 140 characters by praseodym · · Score: 5, Informative

    SMS has a limit of 160 characters, not 140. Twitter has a 140-character limit because of its SMS-interface which leaves 20 characters for commands etc. in addition to the message.

  9. Seems to affect other smart phones as well ... by FelxH · · Score: 5, Informative

    from the second link: "We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices."

  10. Re:Ouch! by L4t3r4lu5 · · Score: 4, Interesting

    This might be linked to the MobileMe Find My iPhone, Remote Wipe, and remote message facilities. If these are commands sent by SMS message from MobileMe, then perhaps they can be overflowed to run arbitrary commands.

    After all, if you can wipe the phone remotely, then that system has root access, does it not?

    N.B. I am not a security researcher.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
  11. Apples Newest Product... by Sfing_ter · · Score: 4, Funny

    The iPwn. Be the first on your network to get iPwned.

    Pwn Different!

    Just Pwn.

    http://www.screenprintingasap.com/EBAY/ipwn/ipwn_a.jpg

    --
    A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
  12. Re:Can't Carriers Stop this? by amicusNYCL · · Score: 4, Insightful

    It's not the carrier's responsibility to look at all SMS messages going through their system and filter them out, it's the iPhone's responsibility to not execute untrusted code in the first place. If this was a Microsoft device that's exactly what people would be saying.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black