Slashdot Mirror

← Back to Stories (view on slashdot.org)

The iPhone SMS Hack Explained

Posted by timothy on from the en-percent dept.

GhostX9 writes "Tom's Hardware just interviewed Charlie Miller, the man behind the iPhone remote exploit hack and winner of Pwn2Own 2009. He explains the (now patched) bug in the iPhone which allowed him to remotely exploit the iPhone in detail, explaining how the string concatenation code was flawed. The most surprising thing was that the bug could be traced back to several previous generations of the iPhone OS (he stopped testing at version 2.2). He also talks about the failures of other devices, such as crashing HTC's Touch by sending a SMS with '%n' in the text."

5 of 94 comments (clear)

  1. Re:Why OSS needs financial backing by OzPeter · · Score: 3, Informative

    But believe me there are better motivators than money still today.

    No Money -> No food -> Starve

    Yes there are better motivators than money, but unless your basic needs are met (food, shelter, clothing etc) then all the other motivation in the world won't help you. The only solution in that case is you better hope that the dedication to a cause is more addictive than crack.

    Otherwise eventually there has to be money somewhere

    --
    I am Slashdot. Are you Slashdot as well?
  2. Re:%n by Tom9729 · · Score: 4, Informative

    Crashes usually turn into remote exploits.

  3. Re:Let me guess...the code was in C, right? by Shin-LaC · · Score: 4, Informative

    The HTC bug, however, looks like it's caused by improper use of string formatting. That sort of problem can occur with any language, as seen with the host of sites (most of them written in high-level languages) that have had SQL injection vulnerabilities in the past.
    It's true that some languages and constructs are more dangerous than others, but at some level, programmers just have to bear in mind what they're doing and how they're using their data.

  4. Re:Let me guess...the code was in C, right? by Anonymous Coward · · Score: 1, Informative

    and how you would implement a garbage collected language? somewhere between the language and the hardware, there will be some pointer juggling.

    also don't pretend that parsing problems don't happen on managed platform:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333

  5. Re:%n by Anonymous Coward · · Score: 5, Informative

    No, that's not what he means. If you're causing memory corruption because of unsanitised inputs, it's only a matter of time before a method is discovered to inject something malicious into that memory space.