It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Miller has been able to demonstrate the vulnerability courtesy of weaknesses in the iPhone CommCenter service that has responsibility for SMS and wireless functionality. Amazingly this runs as root but is not limited by any kind of application sandbox, so Miller realised it was ripe for use as a remote control hacking vector.
sky news
The hack would come in the form of a burst of SMS messages which contain a single character.
They would let the hacker control dialling the phone, visiting websites, the phone's camera and also sending texts to other iPhones, allowing control of them as well.
Mr Miller said: "This is serious. The only thing you can do to prevent it is turn off your phone.
"Someone could pretty quickly take over every iPhone in the world with this."
cnet
There is no patch, despite the fact that Apple was notified of the problem about six weeks ago, he said. All current versions of the iPhone operating system are affected.
Originally posted by Amagnon
Bah - I didn't read past the part where you said you hate people with a better phone than you.
Originally posted by Amagnon
Bah - I didn't read past the part where you said you hate people with a better phone than you.
Who cares - what a materialistic, useless attitude - the consumer orientation and general consumption of advertising and the need to be better than the Jone'ses.
Gah - sorry - I am busy vomiting. My phone I bought for two reasons - small size (hate having bulky crap in my pockets), and large buttons - easy to use. It does basically nothing except call people and recieve calls - thats what a phone is for right? It has other features apparently - that I have no interest in - it does have an alarm clock that I find useful.
iPhone OS 3.0.1
CoreTelephony
CVE-ID: CVE-2009-2204
Available for: iPhone OS 1.0 through iPhone OS 3.0
Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution
Description: A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue.
The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft ( MSFT - news - people )-based devices.
Security experts at the Black Hat conference revealed that phones running Android and Windows Mobile can be compromised by sending SMS messages. This vulnerability also extends to the Apple iPhone.
Originally posted by AlphaTier
Looks like Blackberry might be the way to go security-wise. Don't see them mentioned!