Slashdot Mirror

← Back to Stories (view on slashdot.org)

SMS Hack Could Make iPhones Vulnerable

Posted by CmdrTaco on from the up-against-the-wall-and-spread-'em dept.

mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."

8 of 254 comments (clear)

  1. Binary Encoded Messages by Algorithmn · · Score: 5, Interesting

    I saw this one coming. Some cell phones cannot distinguish between a moble provider sending binary encoded XML enabled SMS messages or an attacker through an SMS gateway. Amateur security model/practices.

    1. Re:Binary Encoded Messages by FireFury03 · · Score: 2, Interesting

      Correct me if I'm wrong, but since the SMS messages have to go through the carrier towers, can't this character be "cleaned" from the message there before it even hits the phone?

      What if I want to use that character legitimately?

      --
      http://blog.nexusuk.org
    2. Re:Binary Encoded Messages by Sentax · · Score: 2, Interesting

      If there is a vulnerability with said character, then just using it would not be legitimate until the problem was fixed on the phone firmware.

      Cleaning the character at the carrier could prevent problems spreading to the phone and be a "quick fix", but doesn't make it go away, the phone would need to release a patch eventually, then you can use your Unicode heart character (or whatever else char it is) in your text messages again.

  2. Is this why they were distracting us yesterday? by amcdiarmid · · Score: 4, Interesting

    As I recall Apple (DRM) was stating that jailbreaking cellphones was something to be done by terrorists who want to destroy cellphone infrastructure.

    Interesting that a SMS message can destroy apples;)

  3. Lots can be done... by John+Whitley · · Score: 3, Interesting

    So little can be done, except power off your iPhone to avoid being hacked

    Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

    1. Re:Lots can be done... by FelxH · · Score: 4, Interesting

      According to the previous article, they have found a way to send sms messages without any provider: "This method does not use the carrier and so is free (and invisible to the carrier)". So blocking at the provider level won't work unfortunately

  4. Re:Good by psychokitten · · Score: 2, Interesting

    Funny how you mention that since just the other day at work we were noticing how my Edge connection on T-Mobile is faster than a co-worker's 3G AT&T connection was.

  5. Re:Text character? by MaerD · · Score: 4, Interesting

    This reminds me of the days when on a BBS a badly calibrated modem would actually hang up if someone put +++ATH0 in the message. *sigh* I feel so old.

    --
    I put on my robe and wizard hat..