iPhone SMS Vulnerability Found

At the SyScan conference in Singapore, Charlie Miller described a vulnerability in the iPhone’s SMS system, a flaw that Apple iPhone 3G WWDC 2009could “allow an attacker to remotely install and run unsigned software code with root access to the phone.

It’s unlikely that this will be exploited vastly, but it’s still a very serious risk due to the sheer numbers of iPhones out there. According to the security researched said that the attack “exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service),” however he has made an agreement with Apple to keep the details out of the press so that Apple have a chance to fix it before someone else figures it out and makes matters more serious.

Miller only gave the following information concering the vulnerability: “The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator’s network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.

Miller will be going into more detail of this at the Black Hat USA expo in Las Vegas later on this years, giving Apple a chance to patch it. Apple have planned to get a fix ready for later this month.


One thought on “iPhone SMS Vulnerability Found

Leave a Reply, leaving hateful comments or using degrading language will get you banned.

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.