SMS Hack Could Make iPhones Vulnerable

mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."

Binary Encoded Messages

[Algorithmn]

I saw this one coming. Some cell phones cannot distinguish between a moble provider sending binary encoded XML enabled SMS messages or an attacker through an SMS gateway. Amateur security model/practices.

Re:Binary Encoded Messages

[sopssa]

This was detailed a few days ago -- more details on http://www.computerworld.com/s/article/9136008/Some_SMS_networks_vulnerable_to_attack

How many times it needs to be said.. *never* trust the client.

Re:Binary Encoded Messages

[clang_jangle]

Apparently it's not just the iPhone affected. FTFA:

The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices. Another pair of SMS bugs in the iPhone and Google's Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.

Re:Binary Encoded Messages

[Algorithmn]

http://www.blackhat.com/presentations/bh-europe-09/Gassira_Piccirillo/BlackHat-Europe-2009-Gassira-Piccirillo-Hijacking-Mobile-Data-Connections-whitepaper.pdf The weakest link is always exploited first. Trust nothing.

Re:Binary Encoded Messages

Not all the vulnerabilities are as bad though.

The Iphone can be compromised by SMS.
Windows Phones can be compromised by SMS.
Android Phones can have their wifi knocked out.

Re:Binary Encoded Messages

[Sentax]

Correct me if I'm wrong, but since the SMS messages have to go through the carrier towers, can't this character be "cleaned" from the message there before it even hits the phone?

Maybe this has what has happened already and all this is just a chicken little story?

Re:Binary Encoded Messages

[YouWantFriesWithThat]

so the bug can knock the user off the wireless network, eh? some sort of denial of service for cell phones? almost like they are being jammed?

Re:Binary Encoded Messages

[Algorithmn]

You forgot nokia, symbian and all the other SMS stacks out there.

Re:Binary Encoded Messages

[Algorithmn]

Maybe, maybe not. When was the last time you hear a telecommunications company update their software within a reasonable time frame? It would just be easier and cheaper for the phones to get updated. So the phone manufactures will blame the telcoms while the telcoms will blame the manufactures. I can see where this is going...

Re:Binary Encoded Messages

My understanding is that the character is not at fault. Rather, the display of the character indicates that someone is trying to attack you.

Re:Binary Encoded Messages

[SkipFrehly]

I lost the beeps, I lost the creeps, and I lost the sweeps!

That's the second time in three days that this has been relevant.

LONESTAR!

Re:Binary Encoded Messages

[d3ac0n]

What about the Pre?

Nothing about that in the article.

Re:Binary Encoded Messages

[SanityInAnarchy]

In other words, Android, the open platform, patched before iPhone, the closed platform.

Yet I still occasionally run into people trying to claim that the iPhone being closed is somehow good, as it's more secure.

Re:Binary Encoded Messages

[bytethese]

The what, what and the what?

Re:Binary Encoded Messages

[pegdhcp]

GSM operators would not give a half portion fart for the solution, as long as the problem does not put their infrastructure in danger. Otherwise we are talking about lots of phones, each sending SMSs to other phones, without knowledge or intervention of the subscriber. It is a dream that come true for operators....

Re:Binary Encoded Messages

[SkipFrehly]

We're watching now, now.

Re:Binary Encoded Messages

My Blackberry 8800 (Javelin?) got hit with countless SMS messages last night around 9:30pm CST. It actually crashed my Blackberry and it rebooted. When it came back up, it threw a java exception error and the SMS App was deleted from the screen.

I hard-reset the phone and basically had to reload everything on it this morning. It looks like this might be more widespread than just iPhone's and Windows Devices.

Re:Binary Encoded Messages

[bytethese]

Well what happened to then?

Re:Binary Encoded Messages

Please tell that to this guy

http://news.slashdot.org/comments.pl?sid=1319535&cid=28874953

Re:Binary Encoded Messages

[SkipFrehly]

We passed it.

Re:Binary Encoded Messages

It appears to be... jammed. Raspberry? There's only one man who would dare give me the raspberry. Lone Starr!

Re:Binary Encoded Messages

[sexconker]

Awesome.
I'll say my phone got hacked, bitch at AT&T and demand a patch, they won't have any plans to patch my (2.5 year old) phone, they'll have to give me a free new phone.

All I have to do is bitch loud enough.
It doesn't matter that they can check SMS logs, ask to see my phone, or tell me that they don't write the phone software.
If I act like a plebe and bitch loud enough I'll get handouts. Gotta love Obama's America.

Re:Binary Encoded Messages

[FireFury03]

Correct me if I'm wrong, but since the SMS messages have to go through the carrier towers, can't this character be "cleaned" from the message there before it even hits the phone?

What if I want to use that character legitimately?

Re:Binary Encoded Messages

Your heralding of Android is flawed, the Blackberry OS isn't affected at all! So it's CLEARLY better. HAHA!

Re:Binary Encoded Messages

[Sentax]

If there is a vulnerability with said character, then just using it would not be legitimate until the problem was fixed on the phone firmware.

Cleaning the character at the carrier could prevent problems spreading to the phone and be a "quick fix", but doesn't make it go away, the phone would need to release a patch eventually, then you can use your Unicode heart character (or whatever else char it is) in your text messages again.

Re:Binary Encoded Messages

Do you have proof that this plan will work? Or are you just an insufferable douchebag who twists every conversation into an opportunity to spout your "witty" "Obama's America" comments?

Nevermind, I already know the answer. Dipshit.

Executive Summary: Shut the fuck up, ignorant shitbag, before I fuck you with your mother's dick.

Re:Binary Encoded Messages

[davester666]

Nope, the 3 Pre users are completely safe. They only text amongst themselves.

Re:Binary Encoded Messages

One vendor released a fix, one vendor did not (yet). The open or closed nature of the platform had nothing to do with it in this case, it is not as if Joe Nobody fixed the flaw for all Android users from his basement.

Re:Binary Encoded Messages

[FireFury03]

If there is a vulnerability with said character, then just using it would not be legitimate until the problem was fixed on the phone firmware.

I haven't seen anything saying what the character is (and more saying that the character being displayed is just a side effect of the crack, not actually the vulnerability). But, that aside, if a legitimate character affects a vulnerability on a *single device*, the service provider has no business breaking legitimate uses of that character by the majority of people (i.e. those that don't own an iphone).

As much as you may like to believe that there is no legitimate use for non-ASCII characters, you are wrong. I already get pissed off that there is no way to enter a "Å" character into my P900 (a bit of a pain since that character appears in my street address.).

Cleaning the character at the carrier could prevent problems spreading to the phone and be a "quick fix", but doesn't make it go away, the phone would need to release a patch eventually, then you can use your Unicode heart character (or whatever else char it is) in your text messages again.

By that mentality, all ISPs should block all web traffic every time a security hole in Internet Explorer is found. Blocking everyone from going about their business because a minority device has a bug is unacceptable, especially since the vendor was informed a month ago and has done nothing to fix the problem. To make things even worse, if they did decide to filter such messages, they would disappear into a black hole - SMS provides no functionality to inform the sender that a message has been blocked.

Re:Binary Encoded Messages

[FireFury03]

I already get pissed off that there is no way to enter a "Å" character into my P900

Seems Slashdot is also broken at handling unicode characters - that is supposed to be a "Y" with a "^" accent.

Re:Binary Encoded Messages

[mysidia]

In this case, never trust the server, either, because it allows other untrustworthy clients to send you bad data.

Re:Binary Encoded Messages

[Gandalf_Greyhame]

When?

Re:Binary Encoded Messages

[cpotoso]

Indeed, and so much for apple's assertion that the jailbroken iphones are insecure (putting it mildly)... I bet the jailbroken iphones will get a patch (through cydia) within a week of the exploit being published vs. months for the official patch. Pffff to apple, they look more and more like micro$oft.

Re:Binary Encoded Messages

[metaforest]

It's annoying that the first four or five news stories I stumbled across that vaguely described this hack either stated explicitly or strongly implied that the iPhone was the sole target for this exploit, and that it was a flaw in the SMS receiver implementation found in the iPhone.

Now I read the shady details and find that this is a service provider issue, and the client is basically responding as designed to a trusted server that does not deserve that trust....

what a fucking mess....

Maybe Apple's claim that jailbreaking iPhones does risk the cellular networks....

However the finger needs to point firmly at the fat sloppy dogs that can't, or won't properly secure their server resources.

Shame on you AT&T, et al YOU FUCKED UP BAD!
 

Re:Binary Encoded Messages

[rgviza]

/agree
servers can be exploited as well to trash clients. just look at all the flash drive-bys happening right now.

Re:Binary Encoded Messages

Yea, this vulnerability is pretty annoying, but I chose an iPhone over an android phone not because I thought the iPhone would be more secure. I chose the iPhone because it works really well. It seamlessly syncs with my calendar, address book, etc. Browsing the web works quickly and pages render pretty well.

Even in the event that my iPhone gets hacked by a vulnerability apple fails to fix, I won't regret my decision. There's no worthwhile information on it to steal, and it gets backed up every time I plug it in (every day).

Re:Binary Encoded Messages

[SanityInAnarchy]

Those are other claims. If you want to talk about them, we can, but it's getting a bit offtopic.

It seamlessly syncs with my calendar, address book, etc.

Is that not true on Android?

Browsing the web works quickly and pages render pretty well.

Are you really going to tell me that's unique? Both Android and iPhone use Webkit-based browsers.

Even in the event that my iPhone gets hacked by a vulnerability apple fails to fix, I won't regret my decision.

That sounds very much like a fanboi or astroturf position. You won't regret it? Not even for a moment?

Tell me... just how much would Apple have to screw up for you to regret it?

There's no worthwhile information on it to steal, and it gets backed up every time I plug it in (every day).

That tells me you're either naive or a naive asshole.

Suppose someone cracks your phone and uses it to send thousands of spams via your 3G connection, or thousands of spammy text messages. The former will run up a huge bill and piss off network admins, and the latter will run up a huge bill and alienate all your friends.

Or suppose they only use it as a carrier -- any wifi network you connect to, you'll infect all nearby PCs. Chances are, you'd never be caught, but it still doesn't really make you a good citizen.

Or suppose it gets infected with something that then exploits something on your PC (or Mac, to be fair), and then, later, nukes _all_ your data? Do you have the backup backed up? Even if you do, is that really something you want to risk?

The absolute dumbest statement anyone can make about security is "I'm not a target," or "I have nothing to lose."

Now, I'm not suggesting you should immediately throw out your iPhone, or that it was necessarily a bad choice. But your arguments here sound more like rationalizations -- it sounds more like you are starting to regret it, and you're trying to justify it to yourself, to reassure yourself that you made the right decision.

"SMS Hack Could Makes iPhones Vulnerable"

In other news, the same SMS hack can be used to make headlines appear with wrongly used verbs...

Re:"SMS Hack Could Makes iPhones Vulnerable"

[Ihmhi]

RTFA. It's from one of the newer Slashdot editors, T0k1WAR2th.

Re:"SMS Hack Could Makes iPhones Vulnerable"

[Shatrat]

Hah, it took me a second to get that.
Good one.

App Store

[oldspewey]

Want to pwn every apple smartphone in the world?

There's an app for that.

Re:App Store

[Bemopolis]

Well there *will* be, once it gets through the App Store approval process. So, next year.

Re:App Store

[jDeepbeep]

So, never.

fixed that for you :D

Re:App Store

Well, it's not like there are several applications providing the same service or that users could get confused. So maybe it comes out soon.

Re:App Store

[smitty97]

Sorry, your app "tXt eXp10it" has been rejected because it duplicates functionality of the Messages app

Good

[bbhorrigan]

Maybe they will crash enough Iphones so that people can start to utilize 3g without being bogged down by all those Iphone users, especially in the western part of the country!

Re:Good

[psychokitten]

Funny how you mention that since just the other day at work we were noticing how my Edge connection on T-Mobile is faster than a co-worker's 3G AT&T connection was.

Re:Good

[Darkness404]

This post highlights all that is wrong with cell networks, the entire point of AT&T should be to put up more towers and give you faster speed. However, that is not the case.

Re:Good

[maxume]

But that means that the iPhone users should be bogging down iPhone users too, so the network should be working fine for everybody.

Yeah, that's the ticket!

Re:Good

[Itninja]

So by "the country" do you mean Ireland? Because they have great reception in Western Ireland....

Re:Good

[mini+me]

I'm pretty sure he means Canada, and he is just upset that Rogers new 20Mbps 3G network isn't supported by his iPhone.

Re:Good

[paimin]

Let me guess, San Francisco?

Re:Good

[pegdhcp]

Is there a T-Mobile service in SF land???

Re:Good

[sexconker]

No.
The T(ranny) Mobile sued them away for stealing their name.
Same reason there's no Oscar Meyer Wiener Mobile in SF.

Re:Good

[beef+curtains]

Same situation in Chicago. Earlier this year I met a girl who had the G1-HTC-Android-whatever, and asked her why she kept 3G turned off. She said Edge was fast enough for her needs, so she preferred conserving battery life over the higher speed of 3G.

I tried loading up cnn.com (full version, not mobile version) on both of our phones simultaneously - sure enough, her phone (with 3G off) smoked my iPhone 3G (with 3G on).

I was bitter.

Text character?

[pushing-robot]

The technique involves sending only one unusual text character

Let me guess: "Q". Damned "Q".

Re:Text character?

[Yvan256]

I guess he got bored of annoying only a handful of starship captains.

Re:Text character?

[viking099]

Thanks a lot ass^7'89-NO CARRIER

Re:Text character?

[MaerD]

This reminds me of the days when on a BBS a badly calibrated modem would actually hang up if someone put +++ATH0 in the message. *sigh* I feel so old.

Re:Text character?

[TheRaven64]

That continued into the Internet era. There used to be apps that sent ICMP packets with the string +++ATH0 in the payload. Some modems would hang up when they received it.

Re:Text character?

[howlingmadhowie]

i think it's actually iQ, so most users of apple products are safe ...

Re:Text character?

[MaerD]

Either way, we've got 20+ years of evidence that allowing information from a unvalidated and untrusted remote data stream to cause hardware to do things that should only be issued from a local command (or at least trusted remote source) is a bad thing.


How do we keep making the same design mistakes?

Re:Text character?

What's a BBS? Nobody will ever give me a straight answer. Every time I ask someone to answer me they just say ATA. Whatever that means.

Re:Text character?

[sexconker]

Because it's easier for me to test, dammit.
I make all these fucking routers and cable modems and shit by hand. Maybe if one of you fuckers would help me we wouldn't have this problem.

Re:Text character?

[FireFury03]

That continued into the Internet era. There used to be apps that sent ICMP packets with the string +++ATH0 in the payload. Some modems would hang up when they received it.

This is why modems have had +++ guard timers for decades.

Re:Text character?

[KingPin27]

Very interesting you mention that.... it was common practice for people using a BBS or 2 where I live to "ANSI BOMB" the bbs -- they would put the modem hangup chars into specially crafted ANSI messages. I was nice because the NFO for the file you were downloading looked pretty until your 9600 Baud modem hung up on you before you could download your ARJ files!! :P

Re:Text character?

can you repost? My model cuts out after I read

if someone put

Re:Text character?

[utoddl]

Judging by the headline, it must be "s".

Re:Text character?

[Brianwa]

For several years a major antivirus product would kill a connection if it detected the string "startkeylogger" in certain TCP streams. To this day you can go into a very busy IRC channel, type startkeylogger, and watch a handful of people disconnect.

Re:Text character?

[witherstaff]

I remember using a 286 in the early 90s, dialing in to MUD. If a bad bit of linenoise hit, the screen would start scrolling vertically. You know the Matrix code? That's it, except in multicolor splendor. Would take a system restart to do do anything. Ahh the fun old days.

Re:Text character?

[Hurricane78]

I'd say \0.

Re:Text character?

It wasn't badly calibrated modems, it was non-Hayes modems. Hayes had a patent on safer in-band signaling (ie. waiting for a "+++" followed by 2 seconds of no data before interpreting the "+++" as an escape to command mode). Since Hayes woulsn't license the patent, other modem manufacturers that wanted to use a compatible command set were forced to have the modem interpret +++ATH0 as an immediate hang up.

Re:Text character?

[bhtooefr]

And try DCC SEND (any text afterwards) in an IRC channel.

Certain patch levels of VxWorks-based routers with SPI firewalls will instantly drop the connection.

Re:Text character?

[Isvara]

Why do you say 'calibrated'? 'Configured', if it's the wrong value in S12, or 'implemented' if it ignores that value.

Read about this yesterday

[DigitalSorceress]

FYI: It's not that one character can break your iPhone, it's about 512 text messages sent at your phone, causing certain buffer overflows. The proof on concept ended up where the slew of messages (apparently arrived at originally by fuzzing) winds up only showing one visible character (appears as a box).

The author said that it could probably be refined so that it wouldn't send anything that would show up.

500 or so un-seen text messages, and you're iPwned.

Gotta love the Black Hat Briefings.

Re:Read about this yesterday

[emag]

500?! Egads, that's gonna cost a _fortune_ at today's txting rates!

Re:Read about this yesterday

[d3ac0n]

unless you have an unlimited plan.

Re:Read about this yesterday

[Tony+Hoyle]

Say I don't have an unlimited plan (which nearly everyone does, but..)

SMS costs £0.04 on average. Let's say you're on a really expensive pay as you talk plan and it costs 3 times that.. so £0.12.

£60

Hardly a 'fortune' if you're planning to take out a phone anyway.. and unlimited plans on pay as you talk cost far less than that anyway so you'd never pay that even in the worst case.

Re:Read about this yesterday

[Sandbags]

...and the carrier doesn't have a facility in place for limiting the number of text messages sent to a particiular device in a given time frame? say max of 1 in any 2 second interval??? ...and they can't simply block SMS messages that contain non-standard characters in certain known formats that could be exploits??? i know they can filter by sender, receiver, zip code, and pretty much any other relational expression i could come up with. Prior to getting my iPhone, i auto-blocked everything text related except incoming texts from 10 digit formatted numbers from my area code that belonged to residential users. Now i just block ALL texts...

If there's a way for someone to send text without using AT&Ts network, that might be an issue, but I'd also assume that to be a localized phenomenon, and also short lived, as transmitting on those frequencies would be picked up by the towers and quickly triangulated and reported to the FCC and local authorities.

People who want me either call me, e-mail me, or use a chat app. SMS is pointless to me, as is MMS, and I refuse to pay for it... Even the FREE flip phone my wife got from Verizon can send and receive e-mail for free and has absolutely no need for SMS... Between twitter, chat, email, and ordinary calls, anyone who could possibly want me for a legitimate reason with "you need to know now" information was a way to get me from any device they have access to, without ANY surcharge or use fees. WTF should I give AT&T $20 a month for an archaic, limited, technology that's been east to cause greif with for years? all the e-mail that comes to my phone passes through 2 filters first, and I'm damn close to perfectly certain anything I open on my phone via e-amil, even if it got through the scanners, can't hack the phone, as i know of no viruses targeting the mail app or safari in mobile safari on Mobile OS 3.

Re:Read about this yesterday

[BrokenHalo]

...and the carrier doesn't have a facility in place for limiting the number of text messages sent to a particiular device in a given time frame?

There is a confusion of functions here. The purpose of a carrier is to carry messages, not to refuse them. Much better for the carrier to do its job and let the client decide whether or not it wants to accept the message.

Re:Read about this yesterday

US-based customer here, with an iPhone on AT&T.

If you don't have a text message plan, it's US$0.20/SMS message regardless if it's inbound or outbound.

So, 512 SMS messages (FTA for the exploit) * $0.20 = US$102.40, which I think is roughly 73GBP.

An unlimited text message plan with AT&T is US$20/month, and if you don't receive many SMS messages each month anyway, the US$20 is just money being paid out unnecessarily.

Seems like the best solution for those who don't receive many SMS messages is to restrict SMS messaging to your phone. To do this, call AT&T at 1-800-331-0500 (or 611 from your phone), and ask to restrict text messages. According to the rep I spoke with just now, only AT&T's (free) text messages regarding changes in service, firmware upgrade info or plan info (e.g., how many minutes left or your bill) will go through.

Re:Read about this yesterday

[sexconker]

Yeah, and with the service I get, they'll send them to me and I'll only get half of them, then I'll get 2 more a week every week, all out of order.

Re:Read about this yesterday

[Sandbags]

...until carrying those messages is an issue, and thus bandwidth (messages per minute) limits are an easy to deploy system, inexpensive, and solve these issues.

Of course, even from the tower transmitter itself, the commit time and transmit time for a single SMS is not infinitessimal, and the phone can only have 1 active cvonnection at a time. I'd like to see if it;'s even possible for a single phone to actually connect and receive messages as fast as 10 in a second...

Re:Read about this yesterday

[Kral_Blbec]

No, that just means you got screwed in advance.

Re:Read about this yesterday

[Kral_Blbec]

How many devices are going to be legitimately receiving 500 messages at once? A 1-2 second delay between messages seems just fine to me. It would preempt most if not all over flow errors like this simply because they arent received fast enough to over flow.

Re:Read about this yesterday

[Raistlin77]

So, 512 SMS messages (FTA for the exploit) * $0.20 = US$102.40, which I think is roughly 73GBP.

62.10GBP according to coinmill.com

Re:Read about this yesterday

[Jimithing+DMB]

Seems like the best solution for those who don't receive many SMS messages is to restrict SMS messaging to your phone. To do this, call AT&T at 1-800-331-0500 (or 611 from your phone), and ask to restrict text messages. According to the rep I spoke with just now, only AT&T's (free) text messages regarding changes in service, firmware upgrade info or plan info (e.g., how many minutes left or your bill) will go through.

Thanks. I just got my iPhone the other day and I didn't sign up for any SMS plans since I don't use SMS. I just called 611 from the phone and it was no trouble at all to get the plan changed from a la carte text messaging (at an outrageous 20 cents a text, even for incoming) to text messaging restricted. Now I don't have to worry about someone sending me a text message and getting charged for it and hopefully I don't have to worry about this bug since it will presumably be blocked at the server.

Thanks again.

Re:Read about this yesterday

For this hack to be successful, the article states a "series of 512 SMS messages" must be sent. It would be interesting to understand what happens when one of those SMS messages fails to get delivered? Industry SMS delivery rates are well below 96%. Depending on the time, one can expect 1 or 10 or 1 in 15 or so SMS messages failing.

Not to mention, you have to pay for all these SMS messages from a gateway lowers the threat.

Re:Read about this yesterday

There are service providers in the world which allow free SMS's to other phones that belong to the same service provider.

Re:Read about this yesterday

Bah, just need to hack one iPhoney, then let that one hack 10... it's not like you'll be the one paying for the messages sent by the hacked phone...

FUD

Stop spreading this FUD

Is this why they were distracting us yesterday?

[amcdiarmid]

As I recall Apple (DRM) was stating that jailbreaking cellphones was something to be done by terrorists who want to destroy cellphone infrastructure.

Interesting that a SMS message can destroy apples;)

Re:Is this why they were distracting us yesterday?

[DigitalSorceress]

Actually, that's exactly what I was thinking.

Once you've taken over someone's iPhone in this manner, it seems to me you've got more power to use the thing than the original owner had (unless they had Jailbroken their phone already).

Interestingly enough, this vulnerability is in the factory-spec iPhone - it doesn't require it to have been jailbroken.

So, yeah, Apple claims they're jailing your phone to protect you from bad guys and to protect the infrastructure from you, but this goes to prove that the only thing they're protecting are their (and AT&T's) pockets.

All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.

~ducking~

Re:Is this why they were distracting us yesterday?

[plastick]

I was thinking the same thing myself!

Re:Is this why they were distracting us yesterday?

[Bemopolis]

All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.

The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.
<\memekiller>

Re:Is this why they were distracting us yesterday?

[machine321]

The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.

A sufficiently experienced user can replace his liver; I'll bet Steve Wozniak could do it.

Re:Is this why they were distracting us yesterday?

[chord.wav]

Aside of the stupid joke about a man's health. I agree with everything.

Re:Is this why they were distracting us yesterday?

The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.

A sufficiently experienced user can replace his liver; I'll bet Steve Wozniak could do it.

Yeah, but it would void his warranty

Re:Is this why they were distracting us yesterday?

[pegdhcp]

Maybe they should invite (=forcibly drag into the office) Woz for an overall engineering supervisory position.

Re:Is this why they were distracting us yesterday?

[TJamieson]

And their silly ECID, as mentioned yesterday, is meaningless here as it (currently) applies only to booting the device.

Re:Is this why they were distracting us yesterday?

[xmvince]

Replaceable, but also combustible.

Lots can be done...

[John+Whitley]

So little can be done, except power off your iPhone to avoid being hacked

Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

Re:Lots can be done...

Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

Or, maybe the iphone SHOULDN'T EXECUTE UNTRUSTED UNSIGNED UNAUTHENTICATED CODE THAT ARRIVES BY SMS.

Or maybe google will use this flaw to deploy google voice onto iphones now that apple banned them.

Isn't it sad that EVERYONE ELSE has more control over the iphone than fanboi who bought it.

Re:Lots can be done...

[Fnord666]

Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

Except that since the carrier gets $0.15 per msg here in the good old US, they have no incentive to block these messages. In fact, many of them have insisted that they have no ability at all to identify and block individual messages.

Re:Lots can be done...

[FelxH]

According to the previous article, they have found a way to send sms messages without any provider: "This method does not use the carrier and so is free (and invisible to the carrier)". So blocking at the provider level won't work unfortunately

Re:Lots can be done...

[rsmith-mac]

That makes absolutely no damned sense. At some point it has to hit the carrier's network, otherwise the phone can't receive it in the first place.

Re:Lots can be done...

[Sinning]

Actually, on AT&T, it is $0.20 per txt msg.

Re:Lots can be done...

Clearly, you have no idea of the powers of Steve Jesus Jobs!!

Re:Lots can be done...

[TheRaven64]

Not necessarily, it just has to come over the (wireless) network. There's nothing stopping you simulating a cell tower and sending an SMS (which is just a GSM control packet) to any phone within range.

Re:Lots can be done...

[Talennor]

In fact, many of them have insisted that they have no ability at all to identify and block individual messages.

They may be telling the truth that they don't have that kind of capabilities. However, that's just an obvious implementation oversight. For something as much an embedded system as a cell phone (lacking firewalling capabilities on its own) and tied so closely to the cellular networks, they should have designed something akin to snort rules for anything in packet based communications so they could filter attacks at the network level. It's not rocket science. It's just how you protect networked systems that are difficult to quickly patch or otherwise secure.

Re:Lots can be done...

[sexconker]

Except the FCC.

Remember pirate radio?
Yeah.

Re:Lots can be done...

[Kral_Blbec]

Simple solution. Charge the sender for the messages that were received by the system, processed and rejected because they were/are known attacks and then drop them. Spammer/hacker gets to pay, users dont get infected. Not like they dont ever drop other messages that were paid for.

Re:Lots can be done...

[TheRaven64]

Uh, people doing this would be sending radio signals intended to illegally take control of someone else's phone. I doubt that breaking FCC rules is going to matter to them.

Re:Lots can be done...

Or, maybe the iphone SHOULDN'T EXECUTE UNTRUSTED UNSIGNED UNAUTHENTICATED CODE THAT ARRIVES BY SMS.

Yeah the iPhone doesn't execute unsigned code from SMS unless it's exploited to do so... maybe you should lookup how buffer exploits work sometime...

Re:Lots can be done...

[sexconker]

It will when they're getting raped in prison.

Re:Lots can be done...

[Hurricane78]

No. Evolutionary, it is great. It means less money for those fanbois. Which means less success. Which can mean that little nudge over the edge of evolutionary success. :)

Re:Lots can be done...

Well, if its only over the wireless, then yes, but if it enters the wired network in any way then it IS visible to the operator.

Right-click, wha?

[johnthorensen]

Apparently Apple was going to require *two* unusual text characters for the iPwn hack, but Steve Jobs insisted that this would be too complicated for their users.

Re:Right-click, wha?

1984 called. They wanted their joke back.

Re:Right-click, wha?

[johnthorensen]

Well the jerk store called, and they're running out of...[iPhone Restarting]

Re:Right-click, wha?

[sexconker]

What does it matter? You're their best customer.

Re:Right-click, wha?

Because OP buys a lot of jerks? Furthermore, it would still matter to a store if they ran out of supply of their number one selling item. You see, that would make their best customer (OP) go elsewhere for his jerk buying. Then the jerk store will be losing money, and most stores don't like that, except if they're a money laundry front, then it won't matter as much. So, don't mock the customers of jerk stores, their upholding all the ma & pa jerk stores all across America. -- OT-ing since early-ish 2009

Re:Right-click, wha?

[Hurricane78]

And he was right! For *their* users.

In those cases, you actually get what you expect.

Weird article.

[sootman]

Gotta love the way things get prioritized to create an attention-grabbing headline.

"Though Miller and Mulliner say they notified Apple about the vulnerability more than a month ago, the company hasn't released a patch..."

OMG, ONE WHOLE MONTH! Oh, and by the way, "...in the last 18 months, cybercriminals have begun using text messages to send links to malicious Web sites that infect the phone with malware, says Mikko Hyppönen, an F-Secure researcher. One seemingly-Chinese variant, known as 'Sexy View' and currently targeting the Symbian operating system, is far more threatening than an iPhone attack, given that around 50% of cellphones use Symbian, [emphasis added] Hyppönen says."

Miller also says "Texting applications' insecurity isn't due to the software's complexity so much as the security community's inattention and the expense of sending thousands of text messages to test a phone's security..."--um, I have an unlimited texting plan (AT&T, USA) and it's... well, I forget how much, but it's not a lot.

That said, a) it shouldn't be that hard to lock down an app whose main job is to send, receive, and display TEXT, and 2) because of that, I hope Apple issues a fix for this soon.

Re:Weird article.

This is remote code execution and extremely serious. The headline is understated for the possible severity of the impact. In other words: if Microsoft had the dominant smartphone on the market with the image the iPhone has, you know this crowd would be screaming bloody murder and piecing together fallacy-ridden freshman-level rants on monopolies.

Re:Weird article.

[nxtw]

is far more threatening than an iPhone attack, given that around 50% of cellphones use Symbian

Symbian's marketshare is much lower in the United States. Also, Symbian's almost-50% marketshare is in the smartphone market, not in the overall cellphone market.

Re:Weird article.

[Tony+Hoyle]

It's much higher in the cellphone market. Can't remember when I last saw a non-smartphone that wasn't some brand of Nokia.

Re:Weird article.

[nxtw]

It's much higher in the cellphone market. Can't remember when I last saw a non-smartphone that wasn't some brand of Nokia.

Not all Nokia phones run Symbian. Nokia's worldwide marketshare last quarter was 38%, down from 40% a year ago. Meanwhile, Samsung and LG are growing in marketshare.

And Nokia isn't very successful in the USA.

Re:Weird article.

[Homburg]

Non-smartphone Nokias don't run Symbian (also, you haven't seen any Ericsson or Motorola or Samsung or LG non-smartphones recently? Really?).

Re:Weird article.

[jbeale53]

I have an unlimited texting plan (AT&T, USA) and it's... well, I forget how much, but it's not a lot.

Really? The unlimited text plan from AT&T is $20. I think that's fucking ridiculous.

Re:Weird article.

[Sandbags]

Why should Apple fix it?

Can't AT&T realize it should not be possible to deliver 500 texts to a device in such a short period, and stagger them say at not more than 1 text per 2-3 seconds? Can't they also filter "malformed" text messages that pass in their own system? TFA also states this effects Android too, not just iPhone, and it;s in their own interest, considdering this could cause a text storm and cause network bottlenecks and disruption to the whole system, to prevent such types of attacks from whtin the core network? It should be REAL easy to notice a device sending a single character non-ascii message and simply refuse to send it... I can understand a person sending a message like "!" or "Y" or "?", or a single emoji or smiley, but beyond that, there's not a whole lot of call for SMS to allow such type of messages at all, and since it can, there's your security risk!

Re:Weird article.

[sootman]

I agree that texting costs more than it should, but a security researcher saying "OMG we can't test because texting is too expensive!!!111" is even more ridiculous. $20/mo is less than ONE DOLLAR per workday. You can't swing a buck a day? Lunch--hell, a COFFEE--costs more.

Re:Weird article.

[IamTheRealMike]

Except that Google fixed Android with an over the air update much faster than that. I got my security update a few days ago, was wondering what it was for. I guess now I know. How can Apple be so far behind on this?

Re:Weird article.

Why should Apple fix it?

Because there's a bug in their phone. End of story.

Re:Weird article.

[indiechild]

Not sure what you're trying to say here. "This crowd" is already (justifiably) chewing Apple out all the time, and they're not even in a monopoly stranglehold of the market.

Re:Weird article.

[Sandbags]

It's also a bug in Google's phone, Blackberry, and the Symbian OS too. If this was limited to Apple, it would be Apple's problem.

However even if it WAS only Apple's problem, the fact that 500 messages can be sent in 1 second to ANYONE's device is 1) completely unnecessary and outside the reality of any need, 2) a potentially exploitable security risk for the future that might effect other systems, 3) malformed messages should not be sent al all...

In other news...

[6Yankee]

...sex offenders start a mass SMS-sending campaign...

Re:In other news...

[jmahler]

i see what you did there. Awesome. :)

Mod funny please.

Re:In other news...

[Yvan256]

Mods: I think he was referring to the parent above him for the "mod funny" comment.

Re:In other news...

Mod parent funny!

Re:In other news...

[Yvan256]

Mods are on crack today!

Mod parent funny!

Re:In other news...

[sammyF70]

mod me and my wife funny!

Re:In other news...

I modded your wife alright.

Re:In other news...

[Archangel+Michael]

The parent wasn't trying to be funny, please mod Insightful.

Re:In other news...

[MachineShedFred]

Would that make them Text Offenders?

Re:In other news...

No, she has kids so you've modded the parent.

Re:In other news...

[sir99]

-1, Troll, I assume?

That's okay.

[FlyingSquidStudios]

No one ever sends me SMS messages, so I'd be flattered they noticed me if I was hacked. So lonely...

Re:That's okay.

[josh61980]

Does someone need a hug?

Re:That's okay.

[sparkchaser]

You spelled ronrey wrong.

Re:That's okay.

[Kral_Blbec]

Just sign up for twitter and a blog. You will have dozens of devoted, mind-less followers in no time.

Re:That's okay.

[Hurricane78]

Maybe you should send one yourself.

And soon you will have a thousand botfriends. With very private photos. Your phonebook will be full. Aah how nice.

Only that now, you may get a call from some TLA(pple).

Re:That's okay.

[xmvince]

Go twitter some more, maybe that will make you happy until you realize how useless it is.

The series of invisible characters

[blind+biker]

It is here:

Re:The series of invisible characters

[Tator+Tot]

I don't your characters. Can you post again?

Re:The series of invisible characters

[machine321]

Dammit, I was reading that, and my iPhone crashed.

Re:The series of invisible characters

[jimthehorsegod]

Yeah sure: hunter2

Re:The series of invisible characters

[jonaskoelker]

It is here:

Why do they show up as "hunter2" on my screen?

Well...

[dburkland]

Being an iPhone owner it makes me feel all warm and fuzzy inside knowing my $300 phone that is so much better than the rest can be brought to its knees by an SMS message. GG Apple.

Re:Well...

a) your iPhone probably cost much more than $300, but AT&T amortized the cost into your plan
2) there are better phones depending on what you want to do with them
d) a $2 hammer or a free rock will also ruin your iPhone

Re:Well...

stop stealing my rocks!

Re:Well...

[Kral_Blbec]

a, 2, d? WTF? Back in my day we used 1, 2, 3; a, b, c; or I, II, III... Seems a person can just grab any random 3 characters to make an ordered list nowdays. Now get off my lawn.

Won't someone think of the cell phone towers?

[transporter_ii]

If this hack lets unapproved apps run, then what's going to keep the cell towers from being shut down on a massive scale? Doesn't this make Apple guilty of harming national security?

Re:Won't someone think of the cell phone towers?

[Sandbags]

Doesn't this make AT&T guilty for allowing texts in the system that could not be possibly sent by human beings? SMS is by policy not to be used by automated systems without AT&Ts express authority. Why is this Apple's fault (Or google's, since it also effects Android, and I'm sure shortly will be ANOTHER hack effecting symbian via SMS).

Why worry?

[PPH]

I, for on am not concrnd. It's simply a mattr of not snding that charactr. Crtainly, a company lik Appl can hav it xcludd from th alphabt. And thn w can just gt on with our livs, njoying our iPhons.

Re:Why worry?

[Midgarn]

I, for on am not concrnd. It's simply a mattr of not snding that charactr. Crtainly, a company lik Appl can hav it xcludd from th alphabt. And thn w can just gt on with our livs, njoying our iPhons.

What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?

I, fr n am nt cncrnd. It's simply a mattr f nt snding that charactr. Crtainly, a cmpany lik Appl can hav it xcludd frm th alphabt. And thn w can just gt n with ur livs, njying ur iPhns.

What happns whn th hackrs dcid t switch t a diffrnt charactr? Hw will Appl rspnd thn?

h.

Re:Why worry?

ts not 'e' that's making apple worred

the char to exclude s wll just allow them to enjoy ther phone and pod's and get on with ther lfe.

Re:Why worry?

[PPH]

What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?

'' guss Appl wll rally b fuckd f ts th '' n ''Phon.

Re:Why worry?

[D+Ninja]

What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?

ppl will kp rmving chrctrs frm th lphbt. Thy r ppl. Thy cn d whtvr thy wnt.

Re:Why worry?

[Ragzouken]

makng

Re:Why worry?

[MrNemesis]

Your sig mad my iPhon cordump. Stv Jobs nds to snd you in for rducation in th ways of Appl.

Re:Why worry?

[Raistlin77]

'm wndrng hw fr ths cn g whl rmnng ndrstndbl...

Re:Why worry?

Ã

(invisible message here)

Re:Why worry?

[PPH]

Th nx cmd ln.

Re:Why worry?

[lennier]

So... Flickr are behind this?

Instead of rock - paper - scissors...

[Zantac69]

we have SMS - MMS - iPhone:
MMS beats SMS
iPhone beats MMS (on AT&T anyway)
SMS beats iPhone

Now we just have to figure out the equivalnets to Lizard and Spock - Android and WM6.5? :shrug:

Re:Instead of rock - paper - scissors...

[cayenne8]

I prefer rock, paper, scissors, lizard, Spock.

The Secret string is:

[spydum]

+++ATH0

Re:The Secret string is:

I don't know what you're talking about! Viewing this on my iPhone doesn't cause any p... NO CARRIER

Sigh.

Re:The Secret string is:

+++ATH0... the Candlejack of the Interne

Beer summit

If I were Officer Crowley, I'd politely decline the President's invitation to be used as a political prop. Obama stepped in it on his own, let him try to walk it back on his own like a big boy. I love how the President has such a poor understanding of his own role that he feels the need to interject his own personality onto local law enforcement matters now. Huge ego + rapidly declining cult following + trying to distract from his disaster of a healthcare infomercial = teachable moment about humility for Obama.

LOL, next time I say something to piss off my wife, I'll just tell her that I could have calibrated my words differently and offer her a beer, and everything will be okay. Seriously, who fucking says that? This guy isn't nuanced, he's a fucking robot. "BLEEP BLEEP BLOOP BLOOP I AM OBAMABOT VERSION 0.1. YOU WILL ALL WORSHIP ME NOW."

Re:Beer summit

I'd like to smoke a joint or have a beer with Barack Obama.

If he did something really rude that offended me, I think that a beer in the White House would be a pretty good way of making up for it.

I get the feeling that most people would rather not have a beer with you.

Re:Beer summit

You would be wrong then, sir. Most people are glad to have a beer for me, since I am actually interested in talking to them instead of using them as a political prop when we go out for beers.

Re:Beer summit

Do you wear a disguise when you go out for beer, so you can do that as an anonymous coward too?

Re:Beer summit

[sexconker]

BEEP BEEP
I AM AC
I AM A ROBOT
I HAVE A ROBOT VAGINA
BOOP

Filter error: Don't use so many caps. It's like YELLING. I AM NOT YELLING I AM A ROBOT THIS IS HOW ROBOTS TALK BOOP

Re:Beer summit

[beef+curtains]

Awesome.

Thanks for making me quite literally "LOL" :)

AOL

We used to do this with AOL all the time. I dont recall what character it was but when sent through IM it used to crash AOL. Once that issue was fixed someone figured out that by IM bombimg someone with massive amounts of IM's it would also cause AOL to crash.... same idea being used with SMS now

It's a good thing more people don't jailbreak

[FlyingBishop]

If there were more jail-broken phones, hackers could get into your phone without even doing anything at all. That's how much less secure the iPhone would be if they allowed jail-breaking.

Umm

Is there a good reason why AT&T or any cellular provider should allow 500 or more SMS messages to be sent instantaneously?

Good god, have they not heard of throttling?

Re:Umm

[Sl4shd0t0rg]

Actually, they do throttle. I had a script that would send me a text alert if a particular event happened. I had botched someting in the event detection piece and I started getting slammed with texts. However, AT&T started throttling my messages and they started to queue on my mail server. I killed the script and flushed the queue and things calmed down. I think it was only allowing 20 or so at a time to come through. I can also tell you my iphone slowed to a crawl when just those batches of 20 came in all at once. I don't know how they can pass 500 at once on the live SMS network.

Here's what to do

[yellowstone]

If you survive the initial peril (the next thirty hours or so), then there are obvious procedures that can give relative safety: Do not accept High Beyond protocol packets. At the very least, route all communications through Middle Beyond sites, with translation down to, and then up from, local trade languages.

Re:Here's what to do

[Medieval_Gnome]

I get the reference, and I can't praise that book highly enough.

Re:Here's what to do

[rossjudson]

Damn. I'm gonna go re-read that. Thanks for reminding me!!!

Re:Here's what to do

[FloydTheDroid]

Thanks for jogging my memory. I've been trying to find a good sci-fi author to read now that I'm caught up on Ian Banks and Neal Stephenson and I'd forgotten all about Vernor Vinge.

The quote is from "Fire Upon the Deep" for anyone who's interested.

Re:Here's what to do

[frogzilla]

Well done sir. I happened to be rereading that book lately.

Re:Here's what to do

I GET IT!

Re:Here's what to do

[Blakey+Rat]

Are you kidding?

It had some great concepts (I loved the wolf-like alien hive-mind-via-high-pitched-audio things), but, man, what a boring slog of a book. It's exciting at the start, and somewhat exciting at the end (if you can get past the Deus Ex Machina ending), but it has an extremely tedious and longest middle. If the book had been compressed to half its length, I could have tolerated it. Great ideas, terrible story.

The book is Vernor Vinge's "A Fire Upon the Deep": http://www.amazon.com/Fire-Upon-Deep-Zones-Thought/dp/0812515285/ref=sr_1_3?ie=UTF8&s=books&qid=1248976673&sr=8-3

Re:Here's what to do

[mundaniac]

I've been reading /. for some years now, but *just* created an account to offer you kudos (non-transferable to mod points, unfortunately) for your post.

Re:Here's what to do

Yay for Verner Vinge, "A Fire Upon the Deep"

missing infomation

[mcfedr]

so what do i send to my "friends" ;) ?

Proverbial wisdom strikes again

[GMFTatsujin]

So, one rotten character is spoiling the bunch, then?

The iPhone

[interval1066]

"Ha ha ha ha ha. Ha."

No, I'm not a fan.

All your Iphones

All your Iphones are belong to us...

Re:All your Iphones

[SilverHatHacker]

You have no chance to survive make your -%&^*#&^$NO CARRIER.

As Per

[His+Shadow]

The SMS hack affects many phones and many systems. Nothing in the wild, no plague of users infected or crashed or harmed. But let's run it as if the iPhone is the only one infected, and Apple somehow is a laggard for not releasing a patch. Then later, we'll talk about whether the problem is universal.

So, is the iPhone the only phone that matters, or is it just too hard for submitter NOT to use Apple and the iPhone to get attention?

Re:As Per

Except my Android phone can not be taken over, only knocked off the network for a few seconds. On top of that it has already been patched!

So yeah the iPhone running arbitrary code remotely is in the same bag as my immune phone.

Re:As Per

well, you had no problem when /. was reporting some AWESOME new app on iphone - when such apps existed for years on other phones.

And now you are getting sleepless nights? Because your toy "just does not work" anymore? and /. reports it?

You got what you deserved. Now STFU.

Re:As Per

[TheRaven64]

Note that Symbian, which owns over 70% of the market, was conspicuously absent from the list of affected mobile phone operating systems.

Re:As Per

[mjwx]

Note that Symbian, which owns over 70% of the market, was conspicuously absent from the list of affected mobile phone operating systems.

Is this the version of Symbain on a Nokia 6500 or the version on an E63?

There are two reasons that this is bigger for the iphone, 1. Every model of iphone is identical, where as other phone OS's have serious differences. Even different Android phones may not be vulnerable to the same vulnerability as the carriers/community modify it to their own needs. 2. Apple's history of allowing large security holes to go unpatched and ignored. A vulnerability like this instantly goes to the top of the priority list for Google, Nokia, Samsung and Microsoft.

never trust the client? But but...

Tell that to the fanbois who keeps on repeating "but it just works". It's nauseating actually to hear that anymore.

Re:never trust the client? But but...

[BrokenHalo]

Tell that to the fanbois who keeps on repeating "but it just works".

TFA goes on to mention that the same vulnerability is present in the Windows Mobile OS.

But this would indeed be another nail in the coffin lid if I entertained the slightest hankering for an iPhone. I can understand why some people might like them, but for my typical usage they would be more useful for wedging a door.

Re:never trust the client? But but...

[Mike+Buddha]

It's only present in the SMS client that HTC made, not Windows Mobile OS.

Re:never trust the client? But but...

[rgviza]

It does "just work"
It's "just insecure" as well ;)

Re:never trust the client? But but...

[yabos]

Actually the only people I hear/read saying that are dumbass trolls like you.

SMS is a rip...

[dasunst3r]

Do I want to pay 15 cents for a message embedded in a control message? No, thanks! My BlackBerry's firewall is on to block SMS and MMS, and I have SMS messages blocked on T-Mobile. Now try to hack my BlackBerry!

AT&T Cell Towers shake in fear

[wardk]

I imagine the fragile AT&T cell towers could also be brought down by this? I am sure it's exponentially more dangerous than the google phone app.

Threat to cell phone towers

[future+assassin]

Soo the iPhone is a threat to cell phone towers?

what the godd*mn hell

[hesaigo999ca]

Whether you are a carrier of cellular service, or a provider of phones, seeing as you want to totally take control away from your clients, then you best make sure YOU'RE up to date with security, else face a multi-faceted lawsuit.

Being that TELUS closes off access to such things as phone configuration where you could just disable your SMS service if you wanted to, then the onus falls on them to incorporate better security.

As well having an iPhone means you are bound to the terms laid down by Apple, which means they will not support any phones that have been modified, well guess what, the payload just happened to brick your phone, and download an app that is a malware app....you no longer can call iPhone for help because you are now THE hacker instead of the victim....nice way to dodge the bullet Apple!!

What's the point?

[StoatBringer]

This may be a silly question, but apart from causing a nuisance, what would be the point of doing this?
Hacker 1: Hey, watch this! I'm sending messages to let me control a million iPhones.
Hacker 2: Cool, it worked. What now?
Hacker 1: Um... I could, like, turn their cameras on or something...

From an evil hacker point of view, aren't PC botnets much more useful to control than mobile phones (which will have less power, less bandwidth, less memory and be connected to the net less often)?

I agree it's a vulnerability that clearly needs to be patched quickly, but who would bother exploiting it on a large scale (knowing it will probably get patched soon anyway)?

Re:What's the point?

[FireFury03]

This may be a silly question, but apart from causing a nuisance, what would be the point of doing this?
Hacker 1: Hey, watch this! I'm sending messages to let me control a million iPhones.
Hacker 2: Cool, it worked. What now?
Hacker 1: Um... I could, like, turn their cameras on or something...

Or I could make all the phones call a premium rate phone line that I own... Just a thought.

Re:What's the point?

[brusk]

From an evil hacker point of view, aren't PC botnets much more useful to control than mobile phones (which will have less power, less bandwidth, less memory and be connected to the net less often)?

I agree it's a vulnerability that clearly needs to be patched quickly, but who would bother exploiting it on a large scale (knowing it will probably get patched soon anyway)?

Watch their browsers as they pay with credit cards?

Re:What's the point?

[Culture20]

From an evil hacker point of view, aren't PC botnets much more useful to control than mobile phones (which will have less power, less bandwidth, less memory and be connected to the net less often)?

Mobile phones with unlimited Edge or 3G data plans whose computing power surpasses that of average computers from 8-10 years ago? Sounds like a handy botnet to me. Zombies can regularly pull commands instead of having the commands pushed to them. Also, cell phones are rarely turned off, unlike people's home PCs.

Re:What's the point?

[mjwx]

From an evil hacker point of view, aren't PC botnets much more useful to control than mobile phones

SMS Spam?
Blackmail (pay me One Million Dollars or I'll run up your phone bill with phone sex lines)
gathering personal details (identity fraud).

This is just what I could think of off the top of my head. Spam servers don't need that much power or bandwidth, they just need a lot of them, with the iphone being identical it should make it easy to create a massive mobile botnet once an exploit can be exploited.

Re:What's the point?

[dave420]

Not really. Just set up a premium-rate phone line, pwn some iphones, and make them all call the premium-rate number repeatedly. You pocket the cash.

Pie in the sky, but...

[Pitr]

I think it would be hilarious if the iPhone Devel Team fixed this in the jailbroken firmware before Apple fixed it officially.

Apple: "Jailbreaking should be illegal because it dangerously closes security holes... er..."

Ah, perchance to dream...

This is NOT just an iPhone issue silly...

If you read what Dr. Charlie Miller and Collin Mulliner actually said and wrote you'll find that ANY smartphone is potentially vulnerable to this security hole. iPhones are just the fun target to discuss in the press.

Re:This is NOT just an iPhone issue silly...

[ircmaxell]

Not true. The article said that they found a similar issue with Android, but it was fixed already. They also said that he just found an issue with WinMo, and hasn't given MS time to fix it. The issue it exists. The issue is that it hasn't been fixed... This is a iphone specific attacks. There may be other attacks like it, but this one is Apple's...

Karma

I hope every prick who whips out his iPhone in public and shows off endlessly gets this SMS... ha ha it sure would be karma.....

Re:Karma

[Voyager529]

I hope every prick who whips out his iPhone in movie theaters and talks endlessly gets this SMS... ha ha it sure would be karma.....

Re:Karma

[holmstar]

The few, the proud, the Christian...

I thought that pride was a sin...



...Just sayin.

Not all iPhones

[plaxion]

Some of us refuse to pay outrageous fees for packets that are being sent betwwen the phone and towers anyways and have SMS fully disabled. Besides, from my experience, it was more of an additional avenue for SPAM than a useful communication channel.

Perhaps the more ridiculous thing

[vitaflo]

Is you can't turn off SMS on the iPhone. At least I haven't found out how. I don't particularly like SMS, it costs me money to receive texts, and I have an flippin iPhone, why would I need it when I can email, IM, tweet, etc? Yet here we have an SMS back door and the only solution is to shut down the entire phone because there's no way to disable SMS by itself.

Re:Perhaps the more ridiculous thing

[gmfeier]

Check with AT&T. I've had SMS off since I got my iPhone in February and have been completely text-free. One downside, though - I tried to register for free access at Starbucks but they do it by sending you a text message, so no luck.

Re:Perhaps the more ridiculous thing

[westyvw]

Agreed, paying for texts in principal is wrong, but off the charts of stupid if you have internet. I want the damn thing off. Send me an email, open a chat, or *gasp* call me.

But please let me turn this off!

Re:Perhaps the more ridiculous thing

[joNDoty]

You can turn off SMS: contact AT&T and tell them to disable SMS for your phone number. This is exactly what I've done and I highly recommend it. I save $5/month in texting charges, and I can still send and receive texts for free. Here's how:

1. Sign up for Google Voice.
2. Tell people your new Google Voice "texting" number (and use it for voice if you want).
3. Buy Prowl at the App Store for $2.99
4. Push your Google Voice SMS messages to your iPhone via Prowl. You can do it with Fluid and a script on a Mac.
5. ???
6. PROFIT!!! (free texting)

Re:Perhaps the more ridiculous thing

What about calling the carrier and requesting the text messaging service be disabled. That way the phone won't be receiving SMS messages through the carrier network. [or am I so clueless that this suggestion borders on criminal stupidity?]

Re:Perhaps the more ridiculous thing

[my_left_nut]

From what I've read, this is not an exploit that involves the carrier, but can be done via someone *simulating* the carrier with their own transmitter and acting like a cell tower. So, the idea of turning this off at the carrier does no good, when the bug is in the iPhone itself.

I'd like to be able to get a shell prompt on the phone, and kill -9 smsd (or whatever runs there). or start the gsmd that is running on the phone in a "disable-sms" mode. Something like that.

Unfortunately, in order to remain legal (non-jailbroken), I can't.

With no fix for this, I (along with everyone else who has one) am effectively a sitting duck for this kind of exploit. Now, I'm not going to worry about it until it happens to me. But... if it does happen, I will then dump AT&T, and also go with a Pre. I would encourage anyone who finds themselves in that position who can do that, to do exactly that.

The sad thing is, it *is* a comfortable phone. I like the UI. I'm used to it, and I really don't have a problem with the thing. But I've also been recently disgusted with the kind of locked down mindset that apple has taken with the thing.

At least for me, waking up and finding a hijacked phone would be the last straw.

Re:Perhaps the more ridiculous thing

[Hurricane78]

That is the weirdest thing ever. Like asking the one receiving a real paper letter, to pay for the transport too.

And it is soo easy to abuse, if you can submit SMS for free!

Luckily, here in Europe, this is looong (yeah, even longer than longcat!) gone.

Re:Perhaps the more ridiculous thing

[westyvw]

If you were going to leave AT&T anyways if there is a problem, why worry about the consequences of jailbreaking it?

Apple+ATT bad karma at work

[devshar]

With their recent arm twisting policies - isn't it something that Apple and AT&T deserve.

Losing All Your Data? There's an app for that!

[bschorr]

It's another example, like Cloud Computing, of people running towards the newest shiny things without the least concern for the security implications of it. "Oooh...you can shake it and it does something."

They don't ask key questions, they probably wouldn't understand the answers even if they did, and they just blindly put all of their faith (and their critical data) into things that are easily exploited.

Then they're all surprised when it fails or gets compromised.

Hexapodia as the chief insight?

[lennier]

My only gateway onto the Net is very expensive. Is it true that humans have six legs?

Re:Hexapodia as the chief insight?

Why? Can you only count to five?

Re:Hexapodia as the chief insight?

Cloudmark is a High Beyond trade language. Despite colloquial rendering, only core meaning is guaranteed.

already fixed by apple

this is already fixed on the latest iphone os 3.1 beta. the sensationalism is more important than the facts.

Re:already fixed by apple

[BronsCon]

It's already fixed in the production version of Android. How long until the 3.1 OS is released? How long until everyone updates after that?

These are the facts, not sensationalism.

North London iPhone residents not vulnerable

[Mr+Smidge]

To paraphrase my iPhone-using coworker, "I'm safe from this vulnerability because I NEVER GET ANY F*CKING SIGNAL to receive a dodgy SMS packet in the first place".

I suppose I've got to hand him that one.

Vulnerability applies to iPhone 2.2 and 2.2.1

If you read the actual whitepaper: http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
the vulnerability was only tested on iPhone 2.2 and 2.2.1. The current iPhone OS is 3.0. Either the bug wasn't tested on 3.0 (I doubt it), or it was fixed in 3.0 and the editors made a false statement that it wasn't patched.

Apple Patched it

[metaforest]

As of 7/31/09 Apple has announced a 3.0.1 update to address the SMS message hack.

"APPLE-SA-2009-07-31-1 iPhone OS 3.0.1

iPhone OS 3.0.1 is now available and addresses the following:

CoreTelephony
CVE-ID: CVE-2009-2204
Available for: iPhone OS 1.0 through iPhone OS 3.0
Impact: Receiving a maliciously crafted SMS message may lead to an
unexpected service interruption or arbitrary code execution
Description: A memory corruption issue exists in the decoding of SMS
messages. Receiving a maliciously crafted SMS message may lead to an
unexpected service interruption or arbitrary code execution. This
update addresses the issue through improved error handling. Credit to
Charlie Miller of Independent Security Evaluators, and Collin
Mulliner of Fraunhofer SIT for reporting this issue."

This bug is crushed.

A fix is already available

[Rogue+Pat]

Apple already released iPhone OS 3.0.1 which fixes this issue.

Amazingâ¦

[jscotta44]

â¦not that Apple has already released a patch. Rather the deafening sound of silence from the Apple detractors with the release of the patch. 30 minutes after this has been posted, it hasn't even been modded up as informative. Wow.

A few days...

[jscotta44]

Wow. Apple is certainly very far behind. A few days.

iPhone Update Available

[trobbins]

Apple just released an update to address the sms hack.!
Update your iPhone to v3.0.1 to protect your phone.

3,91 petabytes of patch going out...

[knubo]

Quite a large patch 230Mb.

Let's assume that all 17 000 000 phones needs to be updated, then this patch has made apple push around:

230 000 000 * 17 000 000 = 3.91 x 10^15 bytes

from their servers to fix it. I'm glad I do not get their bandwidth bill :)