SMS Hack Could Make iPhones Vulnerable

← Back to Stories (view on slashdot.org)

SMS Hack Could Make iPhones Vulnerable

Posted by CmdrTaco on Thursday July 30, 2009 @02:13AM from the up-against-the-wall-and-spread-'em dept.

mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."

67 of 254 comments (clear)

Min score:

Reason:

Sort:

Binary Encoded Messages by Algorithmn · 2009-07-30 02:17 · Score: 5, Interesting

I saw this one coming. Some cell phones cannot distinguish between a moble provider sending binary encoded XML enabled SMS messages or an attacker through an SMS gateway. Amateur security model/practices.
1. Re:Binary Encoded Messages by sopssa · 2009-07-30 02:20 · Score: 5, Insightful
  
  This was detailed a few days ago -- more details on http://www.computerworld.com/s/article/9136008/Some_SMS_networks_vulnerable_to_attack
  How many times it needs to be said.. *never* trust the client.
2. Re:Binary Encoded Messages by clang_jangle · 2009-07-30 02:20 · Score: 4, Informative
  
  Apparently it's not just the iPhone affected. FTFA:
  
  The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices. Another pair of SMS bugs in the iPhone and Google's Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.
  
  --
  Caveat Utilitor
3. Re:Binary Encoded Messages by Algorithmn · 2009-07-30 02:35 · Score: 4, Informative
  
  http://www.blackhat.com/presentations/bh-europe-09/Gassira_Piccirillo/BlackHat-Europe-2009-Gassira-Piccirillo-Hijacking-Mobile-Data-Connections-whitepaper.pdf The weakest link is always exploited first. Trust nothing.
4. Re:Binary Encoded Messages by SanityInAnarchy · 2009-07-30 04:07 · Score: 5, Insightful
  
  In other words, Android, the open platform, patched before iPhone, the closed platform.
  Yet I still occasionally run into people trying to claim that the iPhone being closed is somehow good, as it's more secure.
  
  --
  Don't thank God, thank a doctor!
5. Re:Binary Encoded Messages by FireFury03 · 2009-07-30 05:05 · Score: 2, Interesting
  
  Correct me if I'm wrong, but since the SMS messages have to go through the carrier towers, can't this character be "cleaned" from the message there before it even hits the phone?
  What if I want to use that character legitimately?
  
  --
  http://blog.nexusuk.org
6. Re:Binary Encoded Messages by Anonymous Coward · 2009-07-30 05:50 · Score: 2, Funny
  
  Your heralding of Android is flawed, the Blackberry OS isn't affected at all! So it's CLEARLY better. HAHA!
7. Re:Binary Encoded Messages by Sentax · 2009-07-30 06:13 · Score: 2, Interesting
  
  If there is a vulnerability with said character, then just using it would not be legitimate until the problem was fixed on the phone firmware.
  
  Cleaning the character at the carrier could prevent problems spreading to the phone and be a "quick fix", but doesn't make it go away, the phone would need to release a patch eventually, then you can use your Unicode heart character (or whatever else char it is) in your text messages again.
8. Re:Binary Encoded Messages by davester666 · 2009-07-30 06:36 · Score: 4, Funny
  
  Nope, the 3 Pre users are completely safe. They only text amongst themselves.
  
  --
  Sleep your way to a whiter smile...date a dentist!
9. Re:Binary Encoded Messages by FireFury03 · 2009-07-30 06:50 · Score: 2, Insightful
  
  If there is a vulnerability with said character, then just using it would not be legitimate until the problem was fixed on the phone firmware.
  I haven't seen anything saying what the character is (and more saying that the character being displayed is just a side effect of the crack, not actually the vulnerability). But, that aside, if a legitimate character affects a vulnerability on a *single device*, the service provider has no business breaking legitimate uses of that character by the majority of people (i.e. those that don't own an iphone).
  As much as you may like to believe that there is no legitimate use for non-ASCII characters, you are wrong. I already get pissed off that there is no way to enter a "Å" character into my P900 (a bit of a pain since that character appears in my street address.).
  
  Cleaning the character at the carrier could prevent problems spreading to the phone and be a "quick fix", but doesn't make it go away, the phone would need to release a patch eventually, then you can use your Unicode heart character (or whatever else char it is) in your text messages again.
  By that mentality, all ISPs should block all web traffic every time a security hole in Internet Explorer is found. Blocking everyone from going about their business because a minority device has a bug is unacceptable, especially since the vendor was informed a month ago and has done nothing to fix the problem. To make things even worse, if they did decide to filter such messages, they would disappear into a black hole - SMS provides no functionality to inform the sender that a message has been blocked.
  
  --
  http://blog.nexusuk.org
10. Re:Binary Encoded Messages by FireFury03 · 2009-07-30 06:51 · Score: 2, Funny
  
  I already get pissed off that there is no way to enter a "Å" character into my P900
  Seems Slashdot is also broken at handling unicode characters - that is supposed to be a "Y" with a "^" accent.
  
  --
  http://blog.nexusuk.org
11. Re:Binary Encoded Messages by SanityInAnarchy · 2009-07-31 16:07 · Score: 2, Insightful
  
  Those are other claims. If you want to talk about them, we can, but it's getting a bit offtopic.
  
  It seamlessly syncs with my calendar, address book, etc.
  Is that not true on Android?
  
  Browsing the web works quickly and pages render pretty well.
  Are you really going to tell me that's unique? Both Android and iPhone use Webkit-based browsers.
  
  Even in the event that my iPhone gets hacked by a vulnerability apple fails to fix, I won't regret my decision.
  That sounds very much like a fanboi or astroturf position. You won't regret it? Not even for a moment?
  Tell me... just how much would Apple have to screw up for you to regret it?
  
  There's no worthwhile information on it to steal, and it gets backed up every time I plug it in (every day).
  That tells me you're either naive or a naive asshole.
  Suppose someone cracks your phone and uses it to send thousands of spams via your 3G connection, or thousands of spammy text messages. The former will run up a huge bill and piss off network admins, and the latter will run up a huge bill and alienate all your friends.
  Or suppose they only use it as a carrier -- any wifi network you connect to, you'll infect all nearby PCs. Chances are, you'd never be caught, but it still doesn't really make you a good citizen.
  Or suppose it gets infected with something that then exploits something on your PC (or Mac, to be fair), and then, later, nukes _all_ your data? Do you have the backup backed up? Even if you do, is that really something you want to risk?
  The absolute dumbest statement anyone can make about security is "I'm not a target," or "I have nothing to lose."
  Now, I'm not suggesting you should immediately throw out your iPhone, or that it was necessarily a bad choice. But your arguments here sound more like rationalizations -- it sounds more like you are starting to regret it, and you're trying to justify it to yourself, to reassure yourself that you made the right decision.
  
  --
  Don't thank God, thank a doctor!
"SMS Hack Could Makes iPhones Vulnerable" by Anonymous Coward · 2009-07-30 02:17 · Score: 5, Funny

In other news, the same SMS hack can be used to make headlines appear with wrongly used verbs...
App Store by oldspewey · 2009-07-30 02:18 · Score: 5, Funny

Want to pwn every apple smartphone in the world?
There's an app for that.

--
If libertarians are so opposed to effective government, why don't they all move to Somalia?
1. Re:App Store by Bemopolis · 2009-07-30 02:51 · Score: 3, Insightful
  
  Well there *will* be, once it gets through the App Store approval process. So, next year.
  
  --
  "I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain
2. Re:App Store by jDeepbeep · 2009-07-30 03:26 · Score: 4, Insightful
  
  So, never.
  fixed that for you :D
  
  --
  Reply to That ||
Text character? by pushing-robot · 2009-07-30 02:20 · Score: 4, Funny

The technique involves sending only one unusual text character
Let me guess: "Q". Damned "Q".

--
How can I believe you when you tell me what I don't want to hear?
1. Re:Text character? by Yvan256 · 2009-07-30 02:33 · Score: 2, Funny
  
  I guess he got bored of annoying only a handful of starship captains.
2. Re:Text character? by viking099 · 2009-07-30 02:34 · Score: 4, Funny
  
  Thanks a lot ass^7'89-NO CARRIER
3. Re:Text character? by MaerD · 2009-07-30 03:17 · Score: 4, Interesting
  
  This reminds me of the days when on a BBS a badly calibrated modem would actually hang up if someone put +++ATH0 in the message. *sigh* I feel so old.
  
  --
  I put on my robe and wizard hat..
4. Re:Text character? by MaerD · 2009-07-30 04:46 · Score: 2, Insightful
  
  Either way, we've got 20+ years of evidence that allowing information from a unvalidated and untrusted remote data stream to cause hardware to do things that should only be issued from a local command (or at least trusted remote source) is a bad thing.
  
  How do we keep making the same design mistakes?
  
  --
  I put on my robe and wizard hat..
5. Re:Text character? by sexconker · 2009-07-30 05:08 · Score: 3, Funny
  
  Because it's easier for me to test, dammit.
  I make all these fucking routers and cable modems and shit by hand. Maybe if one of you fuckers would help me we wouldn't have this problem.
6. Re:Text character? by KingPin27 · 2009-07-30 05:26 · Score: 2, Funny
  
  Very interesting you mention that.... it was common practice for people using a BBS or 2 where I live to "ANSI BOMB" the bbs -- they would put the modem hangup chars into specially crafted ANSI messages. I was nice because the NFO for the file you were downloading looked pretty until your 9600 Baud modem hung up on you before you could download your ARJ files!! :P
  
  --
  "i lost my dignity on a slippery wiener"
Read about this yesterday by DigitalSorceress · 2009-07-30 02:21 · Score: 4, Informative

FYI: It's not that one character can break your iPhone, it's about 512 text messages sent at your phone, causing certain buffer overflows. The proof on concept ended up where the slew of messages (apparently arrived at originally by fuzzing) winds up only showing one visible character (appears as a box).
The author said that it could probably be refined so that it wouldn't send anything that would show up.
500 or so un-seen text messages, and you're iPwned.
Gotta love the Black Hat Briefings.

--

The Digital Sorceress
1. Re:Read about this yesterday by emag · 2009-07-30 03:42 · Score: 3, Funny
  
  500?! Egads, that's gonna cost a _fortune_ at today's txting rates!
  
  --
  "The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
2. Re:Read about this yesterday by d3ac0n · 2009-07-30 04:04 · Score: 2, Funny
  
  unless you have an unlimited plan.
  
  --
  Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
3. Re:Read about this yesterday by BrokenHalo · 2009-07-30 04:55 · Score: 2, Insightful
  
  ...and the carrier doesn't have a facility in place for limiting the number of text messages sent to a particiular device in a given time frame?
  
  There is a confusion of functions here. The purpose of a carrier is to carry messages, not to refuse them. Much better for the carrier to do its job and let the client decide whether or not it wants to accept the message.
4. Re:Read about this yesterday by Kral_Blbec · 2009-07-30 05:37 · Score: 3, Insightful
  
  No, that just means you got screwed in advance.
Is this why they were distracting us yesterday? by amcdiarmid · 2009-07-30 02:21 · Score: 4, Interesting

As I recall Apple (DRM) was stating that jailbreaking cellphones was something to be done by terrorists who want to destroy cellphone infrastructure.
Interesting that a SMS message can destroy apples;)
1. Re:Is this why they were distracting us yesterday? by DigitalSorceress · 2009-07-30 02:30 · Score: 5, Insightful
  
  Actually, that's exactly what I was thinking.
  Once you've taken over someone's iPhone in this manner, it seems to me you've got more power to use the thing than the original owner had (unless they had Jailbroken their phone already).
  Interestingly enough, this vulnerability is in the factory-spec iPhone - it doesn't require it to have been jailbroken.
  So, yeah, Apple claims they're jailing your phone to protect you from bad guys and to protect the infrastructure from you, but this goes to prove that the only thing they're protecting are their (and AT&T's) pockets.
  All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.
  ~ducking~
  
  --
  
  The Digital Sorceress
2. Re:Is this why they were distracting us yesterday? by Bemopolis · 2009-07-30 02:57 · Score: 5, Funny
  
  All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.
  The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.
  <\memekiller>
  
  --
  "I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain
3. Re:Is this why they were distracting us yesterday? by machine321 · 2009-07-30 03:17 · Score: 2, Funny
  
  The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.
  
  A sufficiently experienced user can replace his liver; I'll bet Steve Wozniak could do it.
4. Re:Is this why they were distracting us yesterday? by Anonymous Coward · 2009-07-30 03:45 · Score: 2, Insightful
  
  The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.
  A sufficiently experienced user can replace his liver; I'll bet Steve Wozniak could do it.
  Yeah, but it would void his warranty
Lots can be done... by John+Whitley · 2009-07-30 02:25 · Score: 3, Interesting

So little can be done, except power off your iPhone to avoid being hacked
Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.
1. Re:Lots can be done... by Anonymous Coward · 2009-07-30 02:47 · Score: 5, Insightful
  
  Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.
  Or, maybe the iphone SHOULDN'T EXECUTE UNTRUSTED UNSIGNED UNAUTHENTICATED CODE THAT ARRIVES BY SMS.
  Or maybe google will use this flaw to deploy google voice onto iphones now that apple banned them.
  Isn't it sad that EVERYONE ELSE has more control over the iphone than fanboi who bought it.
2. Re:Lots can be done... by FelxH · 2009-07-30 03:27 · Score: 4, Interesting
  
  According to the previous article, they have found a way to send sms messages without any provider: "This method does not use the carrier and so is free (and invisible to the carrier)". So blocking at the provider level won't work unfortunately
3. Re:Lots can be done... by rsmith-mac · 2009-07-30 03:32 · Score: 2, Informative
  
  That makes absolutely no damned sense. At some point it has to hit the carrier's network, otherwise the phone can't receive it in the first place.
4. Re:Lots can be done... by TheRaven64 · 2009-07-30 04:40 · Score: 3, Informative
  
  Not necessarily, it just has to come over the (wireless) network. There's nothing stopping you simulating a cell tower and sending an SMS (which is just a GSM control packet) to any phone within range.
  
  --
  I am TheRaven on Soylent News
5. Re:Lots can be done... by TheRaven64 · 2009-07-30 06:59 · Score: 3, Insightful
  
  Uh, people doing this would be sending radio signals intended to illegally take control of someone else's phone. I doubt that breaking FCC rules is going to matter to them.
  
  --
  I am TheRaven on Soylent News
Right-click, wha? by johnthorensen · 2009-07-30 02:25 · Score: 5, Funny

Apparently Apple was going to require *two* unusual text characters for the iPwn hack, but Steve Jobs insisted that this would be too complicated for their users.
1. Re:Right-click, wha? by johnthorensen · 2009-07-30 03:37 · Score: 5, Funny
  
  Well the jerk store called, and they're running out of...[iPhone Restarting]
In other news... by 6Yankee · 2009-07-30 02:29 · Score: 5, Funny

...sex offenders start a mass SMS-sending campaign...
1. Re:In other news... by jmahler · 2009-07-30 02:51 · Score: 4, Funny
  
  i see what you did there. Awesome. :)
  Mod funny please.
  
  --
  
  --endcycle--
2. Re:In other news... by Yvan256 · 2009-07-30 02:57 · Score: 4, Funny
  
  Mods: I think he was referring to the parent above him for the "mod funny" comment.
3. Re:In other news... by Anonymous Coward · 2009-07-30 03:25 · Score: 2, Funny
  
  Mod parent funny!
4. Re:In other news... by Yvan256 · 2009-07-30 03:31 · Score: 4, Funny
  
  Mods are on crack today!
  Mod parent funny!
5. Re:In other news... by Anonymous Coward · 2009-07-30 04:03 · Score: 5, Funny
  
  I modded your wife alright.
6. Re:In other news... by Archangel+Michael · 2009-07-30 04:14 · Score: 2, Insightful
  
  The parent wasn't trying to be funny, please mod Insightful.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
That's okay. by FlyingSquidStudios · 2009-07-30 02:29 · Score: 5, Funny

No one ever sends me SMS messages, so I'd be flattered they noticed me if I was hacked. So lonely...

--
http://twitter.com/OLDTELEGRAM
1. Re:That's okay. by josh61980 · 2009-07-30 03:32 · Score: 2, Insightful
  
  Does someone need a hug?
Re:Good by psychokitten · 2009-07-30 02:31 · Score: 2, Interesting

Funny how you mention that since just the other day at work we were noticing how my Edge connection on T-Mobile is faster than a co-worker's 3G AT&T connection was.
The series of invisible characters by blind+biker · 2009-07-30 02:32 · Score: 4, Funny

It is here:

--
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
1. Re:The series of invisible characters by jimthehorsegod · 2009-07-30 05:03 · Score: 2, Funny
  
  Yeah sure: hunter2
Well... by dburkland · 2009-07-30 02:33 · Score: 2, Insightful

Being an iPhone owner it makes me feel all warm and fuzzy inside knowing my $300 phone that is so much better than the rest can be brought to its knees by an SMS message. GG Apple.
1. Re:Well... by Kral_Blbec · 2009-07-30 05:49 · Score: 3, Funny
  
  a, 2, d? WTF? Back in my day we used 1, 2, 3; a, b, c; or I, II, III... Seems a person can just grab any random 3 characters to make an ordered list nowdays. Now get off my lawn.
Won't someone think of the cell phone towers? by transporter_ii · 2009-07-30 02:34 · Score: 4, Insightful

If this hack lets unapproved apps run, then what's going to keep the cell towers from being shut down on a massive scale? Doesn't this make Apple guilty of harming national security?

--
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
Why worry? by PPH · 2009-07-30 02:34 · Score: 5, Funny

I, for on am not concrnd. It's simply a mattr of not snding that charactr. Crtainly, a company lik Appl can hav it xcludd from th alphabt. And thn w can just gt on with our livs, njoying our iPhons.

--
Have gnu, will travel.
1. Re:Why worry? by Midgarn · 2009-07-30 02:49 · Score: 2, Funny
  
  I, for on am not concrnd. It's simply a mattr of not snding that charactr. Crtainly, a company lik Appl can hav it xcludd from th alphabt. And thn w can just gt on with our livs, njoying our iPhons.
  What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?
  
  I, fr n am nt cncrnd. It's simply a mattr f nt snding that charactr. Crtainly, a cmpany lik Appl can hav it xcludd frm th alphabt. And thn w can just gt n with ur livs, njying ur iPhns.
  What happns whn th hackrs dcid t switch t a diffrnt charactr? Hw will Appl rspnd thn?
  h.
2. Re:Why worry? by D+Ninja · 2009-07-30 03:45 · Score: 2, Funny
  
  What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?
  ppl will kp rmving chrctrs frm th lphbt. Thy r ppl. Thy cn d whtvr thy wnt.
The Secret string is: by spydum · 2009-07-30 02:44 · Score: 5, Funny

+++ATH0
Re:Weird article. by Anonymous Coward · 2009-07-30 03:04 · Score: 4, Insightful

This is remote code execution and extremely serious. The headline is understated for the possible severity of the impact. In other words: if Microsoft had the dominant smartphone on the market with the image the iPhone has, you know this crowd would be screaming bloody murder and piecing together fallacy-ridden freshman-level rants on monopolies.
Here's what to do by yellowstone · 2009-07-30 03:12 · Score: 5, Funny

If you survive the initial peril (the next thirty hours or so), then there are obvious procedures that can give relative safety: Do not accept High Beyond protocol packets. At the very least, route all communications through Middle Beyond sites, with translation down to, and then up from, local trade languages.

--
150 Opening BINARY mode data connection for slashdot.sig (129323052 bytes).
As Per by His+Shadow · 2009-07-30 03:39 · Score: 2, Insightful

The SMS hack affects many phones and many systems. Nothing in the wild, no plague of users infected or crashed or harmed. But let's run it as if the iPhone is the only one infected, and Apple somehow is a laggard for not releasing a patch. Then later, we'll talk about whether the problem is universal.
So, is the iPhone the only phone that matters, or is it just too hard for submitter NOT to use Apple and the iPhone to get attention?

--
Fiat Homos et Pereat Theos
Re:Beer summit by sexconker · 2009-07-30 05:03 · Score: 3, Funny

BEEP BEEP
I AM AC
I AM A ROBOT
I HAVE A ROBOT VAGINA
BOOP
Filter error: Don't use so many caps. It's like YELLING. I AM NOT YELLING I AM A ROBOT THIS IS HOW ROBOTS TALK BOOP
Perhaps the more ridiculous thing by vitaflo · 2009-07-30 06:38 · Score: 2, Insightful

Is you can't turn off SMS on the iPhone. At least I haven't found out how. I don't particularly like SMS, it costs me money to receive texts, and I have an flippin iPhone, why would I need it when I can email, IM, tweet, etc? Yet here we have an SMS back door and the only solution is to shut down the entire phone because there's no way to disable SMS by itself.
1. Re:Perhaps the more ridiculous thing by westyvw · 2009-07-30 08:18 · Score: 2, Insightful
  
  Agreed, paying for texts in principal is wrong, but off the charts of stupid if you have internet. I want the damn thing off. Send me an email, open a chat, or *gasp* call me.
  
  But please let me turn this off!
2. Re:Perhaps the more ridiculous thing by joNDoty · 2009-07-30 09:22 · Score: 2, Informative
  
  You can turn off SMS: contact AT&T and tell them to disable SMS for your phone number. This is exactly what I've done and I highly recommend it. I save $5/month in texting charges, and I can still send and receive texts for free. Here's how:
  1. Sign up for Google Voice.
  2. Tell people your new Google Voice "texting" number (and use it for voice if you want).
  3. Buy Prowl at the App Store for $2.99
  4. Push your Google Voice SMS messages to your iPhone via Prowl. You can do it with Fluid and a script on a Mac.
  5. ???
  6. PROFIT!!! (free texting)