Slashdot Mirror

← Back to Stories (view on slashdot.org)

SMS Hack Could Make iPhones Vulnerable

Posted by CmdrTaco on from the up-against-the-wall-and-spread-'em dept.

mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."

16 of 254 comments (clear)

  1. Binary Encoded Messages by Algorithmn · · Score: 5, Interesting

    I saw this one coming. Some cell phones cannot distinguish between a moble provider sending binary encoded XML enabled SMS messages or an attacker through an SMS gateway. Amateur security model/practices.

    1. Re:Binary Encoded Messages by sopssa · · Score: 5, Insightful

      This was detailed a few days ago -- more details on http://www.computerworld.com/s/article/9136008/Some_SMS_networks_vulnerable_to_attack

      How many times it needs to be said.. *never* trust the client.

    2. Re:Binary Encoded Messages by SanityInAnarchy · · Score: 5, Insightful

      In other words, Android, the open platform, patched before iPhone, the closed platform.

      Yet I still occasionally run into people trying to claim that the iPhone being closed is somehow good, as it's more secure.

      --
      Don't thank God, thank a doctor!
  2. "SMS Hack Could Makes iPhones Vulnerable" by Anonymous Coward · · Score: 5, Funny

    In other news, the same SMS hack can be used to make headlines appear with wrongly used verbs...

  3. App Store by oldspewey · · Score: 5, Funny

    Want to pwn every apple smartphone in the world?

    There's an app for that.

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
  4. Right-click, wha? by johnthorensen · · Score: 5, Funny

    Apparently Apple was going to require *two* unusual text characters for the iPwn hack, but Steve Jobs insisted that this would be too complicated for their users.

    1. Re:Right-click, wha? by johnthorensen · · Score: 5, Funny

      Well the jerk store called, and they're running out of...[iPhone Restarting]

  5. In other news... by 6Yankee · · Score: 5, Funny

    ...sex offenders start a mass SMS-sending campaign...

    1. Re:In other news... by Anonymous Coward · · Score: 5, Funny

      I modded your wife alright.

  6. That's okay. by FlyingSquidStudios · · Score: 5, Funny

    No one ever sends me SMS messages, so I'd be flattered they noticed me if I was hacked. So lonely...

    --
    http://twitter.com/OLDTELEGRAM
  7. Re:Is this why they were distracting us yesterday? by DigitalSorceress · · Score: 5, Insightful

    Actually, that's exactly what I was thinking.

    Once you've taken over someone's iPhone in this manner, it seems to me you've got more power to use the thing than the original owner had (unless they had Jailbroken their phone already).

    Interestingly enough, this vulnerability is in the factory-spec iPhone - it doesn't require it to have been jailbroken.

    So, yeah, Apple claims they're jailing your phone to protect you from bad guys and to protect the infrastructure from you, but this goes to prove that the only thing they're protecting are their (and AT&T's) pockets.

    All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.

    ~ducking~

    --

    The Digital Sorceress
  8. Why worry? by PPH · · Score: 5, Funny

    I, for on am not concrnd. It's simply a mattr of not snding that charactr. Crtainly, a company lik Appl can hav it xcludd from th alphabt. And thn w can just gt on with our livs, njoying our iPhons.

    --
    Have gnu, will travel.
  9. The Secret string is: by spydum · · Score: 5, Funny

    +++ATH0

  10. Re:Lots can be done... by Anonymous Coward · · Score: 5, Insightful

    Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

    Or, maybe the iphone SHOULDN'T EXECUTE UNTRUSTED UNSIGNED UNAUTHENTICATED CODE THAT ARRIVES BY SMS.

    Or maybe google will use this flaw to deploy google voice onto iphones now that apple banned them.

    Isn't it sad that EVERYONE ELSE has more control over the iphone than fanboi who bought it.

  11. Re:Is this why they were distracting us yesterday? by Bemopolis · · Score: 5, Funny

    All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.

    The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.
    <\memekiller>

    --
    "I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain
  12. Here's what to do by yellowstone · · Score: 5, Funny

    If you survive the initial peril (the next thirty hours or so), then there are obvious procedures that can give relative safety: Do not accept High Beyond protocol packets. At the very least, route all communications through Middle Beyond sites, with translation down to, and then up from, local trade languages.

    --
    150 Opening BINARY mode data connection for slashdot.sig (129323052 bytes).