Advertisements
 

iPhone SMS Vulnerability Found

At the SyScan conference in Singapore, Charlie Miller described a vulnerability in the iPhone’s SMS system, a flaw that Apple iPhone 3G WWDC 2009could “allow an attacker to remotely install and run unsigned software code with root access to the phone.

It’s unlikely that this will be exploited vastly, but it’s still a very serious risk due to the sheer numbers of iPhones out there. According to the security researched said that the attack “exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service),” however he has made an agreement with Apple to keep the details out of the press so that Apple have a chance to fix it before someone else figures it out and makes matters more serious.

Miller only gave the following information concering the vulnerability: “The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator’s network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.

Miller will be going into more detail of this at the Black Hat USA expo in Las Vegas later on this years, giving Apple a chance to patch it. Apple have planned to get a fix ready for later this month.

Advertisements

One Response to iPhone SMS Vulnerability Found

  1. […] Apple earlier today released the latest iPhone OS, version 3.0.1. This update fixes the major SMS security issue that they have finally […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: