The iPhone SMS Hack Explained

GhostX9 writes "Tom's Hardware just interviewed Charlie Miller, the man behind the iPhone remote exploit hack and winner of Pwn2Own 2009. He explains the (now patched) bug in the iPhone which allowed him to remotely exploit the iPhone in detail, explaining how the string concatenation code was flawed. The most surprising thing was that the bug could be traced back to several previous generations of the iPhone OS (he stopped testing at version 2.2). He also talks about the failures of other devices, such as crashing HTC's Touch by sending a SMS with '%n' in the text."

Why OSS needs financial backing

[BadAnalogyGuy]

Though it hasn't been so directly argued for a while, there is still the belief that OSS is somehow unique and better than closed source software because it engages the lone hacker sitting in his basement writing code in his spare time. What I found interesting was Charlie Miller's take on unpaid effort.

This SMS stuff is a good example. Between us, Collin and I found one bug in iPhone, Android, and Windows Mobile. Then we stopped testing. We had enough for our talk, what motivation did we have to keep looking? This is really an unpaid hobby for us, so we do the minimum level of work possible to get results good enough for conference presentations.

Financial incentive is, despite the feeble arguments to the contrary, still the thing that gets code written (and bugs found). Without paying the developers, Linux never would have gotten to the stage it is now. Yes, the source code is open, but it is primarily because there is a team of developers getting paid to write the OS source code that we have such a great system today.

The hobbyist is still just a user. The real developers do it as their job.

Re:Why OSS needs financial backing

[Stele]

No, "real developers" do as much as they can to meet a deadline. No more... but often quite a bit less. ...
Unlike a "professional" who will stop as soon as possible and get the hell out, because there is no reason for any more, and usually reason for less.

Bullshit.

I don't know what cube farm you met these "real developers" of yours at but in my business "professionals" do what it takes to make the customer happy.

Having shipped dozens of commercial products in somewhat niche markets I can tell you that if you want to eat you do a great job and keep doing it, working directly with key customers if necessary to craft tools that will help them do their jobs better/faster/easier.

And being part of a small company means my income is directly based on those of my users, and in this economy it means working my ass off on as many projects as possible to keep the fridge full and shoes on my kids' feet, and each and every one of them has to be near-perfect at V1.0. There is no "fix these known things in a patch after we release."

I've seen more than my share of open source projects where your "non-real programmers" got tired and stopped at the horribly designed config file, or documentation, or at the "well it works good enough for me" part and people should be *glad* to sift through the code to figure out how it works.

*Professional* programmers have to go that extra 20% at the end, which usually takes 90% of the time, to make the software into a polished, finished, product, and we have to do it in such a way to minimize idiot user questions, which *will* happen, so we don't waste all our money dealing with tech support. Your open-source guys can just say "read the source" if you don't understand something.

How's that for generalizations?

Jailbreak

[SnakeEater251]

Makes you wonder how many iPhone owners who have jailbreaked (-broken?) their devices are still vulnerable to this hack. It isn't exactly fun to have to jailbreak every time an update gets released.

%n

[RMH101]

Take that, HTC-fanboys!

Re:%n

No, that's not what he means. If you're causing memory corruption because of unsanitised inputs, it's only a matter of time before a method is discovered to inject something malicious into that memory space.