Help ATS with a contribution via PayPal:
learn more

**A warning**This made me smile! - Stupedly simple iPhone hack...

page: 1
3

log in

join

posted on Aug, 5 2009 @ 10:14 PM
link   
Oh how I do hate anyone with a more advanced mobile device than me - and if you know which Nokia I hold dear then in all likely hood I just said that I hate you
(I mean it nicely
)

Any who this seems like the ultimate hack... I'm posting it here as more of a warning really and NOT ADVERTISING THE VULNERABILITY... (but it did make me smile)


Miller has been able to demonstrate the vulnerability courtesy of weaknesses in the iPhone CommCenter service that has responsibility for SMS and wireless functionality. Amazingly this runs as root but is not limited by any kind of application sandbox, so Miller realised it was ripe for use as a remote control hacking vector.


So essentially this is probably going to be fairly easy for apple to fix with a software upgrade - but then again I'm no expert.


The hack would come in the form of a burst of SMS messages which contain a single character.

They would let the hacker control dialling the phone, visiting websites, the phone's camera and also sending texts to other iPhones, allowing control of them as well.

Mr Miller said: "This is serious. The only thing you can do to prevent it is turn off your phone.

"Someone could pretty quickly take over every iPhone in the world with this."
sky news

Well now! This takes no participation from the iPhone owner (apart from presumable opening the SMS?? Maybe not even that)... So unlike opening that Anna Kournikova attachment and then kicking your self after.... Well your just hacked straight off the bat... They could simply force a shutdown or take control of calls, the camera anything really.

How many iPhone owners out there?!

Edit: Another quote and link.


There is no patch, despite the fact that Apple was notified of the problem about six weeks ago, he said. All current versions of the iPhone operating system are affected.
cnet


[edit on 5/8/2009 by Now_Then]




posted on Aug, 5 2009 @ 10:26 PM
link   
Bah - I didn't read past the part where you said you hate people with a better phone than you.

Who cares - what a materialistic, useless attitude - the consumer orientation and general consumption of advertising and the need to be better than the Jone'ses.

This 'need' for people to upgrade is purely part of the marketing plan for corporations to make money. It is called 'percieved obscelesence'. Basically your current phone is fine - but the new phones look snazzier - have more useless functions - and the TV tells you that you suck if you don't have one. So - the sheep go and buy one. They expend more resources for nothing, they dispose of the old phone which still works .. waste waste waste .. like battery hens people eat whats put in front of them .. no thinking needed, your opinion is delivered by the MSM.

Gah - sorry - I am busy vomiting. My phone I bought for two reasons - small size (hate having bulky crap in my pockets), and large buttons - easy to use. It does basically nothing except call people and recieve calls - thats what a phone is for right? It has other features apparently - that I have no interest in - though it does have an alarm clock that I find useful.

[edit on 5-8-2009 by Amagnon]



posted on Aug, 5 2009 @ 10:29 PM
link   

Originally posted by Amagnon
Bah - I didn't read past the part where you said you hate people with a better phone than you.


If you didn't read the post what was the point in your post??


Seriously try derailing a train, you'll get more attention.



posted on Aug, 5 2009 @ 10:34 PM
link   
Of course I read the post - I got fumed by the silly start.

Hacking phones is for the government - stop trying to interfere with their legitimate right to spy on you.



posted on Aug, 5 2009 @ 10:34 PM
link   
im not a materialistic person, and I was one of those that did not want the new Iphone. I laugh at this. Im glad that someone found a way into that phone.
We will probably see more of this kinda thing in the years to come.

but I agree with the other poster, a phone is meant to make phone calls and receive them. and the alarm is good too, i suppose.



posted on Aug, 5 2009 @ 10:36 PM
link   
Well don't fret Now_Then, if Apple hasn't responded yet, they probably won't. Seeing how it is a key piece of the OS he probably have to rewrite a huge chunk of it. I'm not a computer expert or anything, but this sounds like a stupid design flaw.

You know Apple though, they will get around to making a patch when they get the time.



posted on Aug, 5 2009 @ 10:42 PM
link   

Originally posted by Amagnon
Bah - I didn't read past the part where you said you hate people with a better phone than you.

Who cares - what a materialistic, useless attitude - the consumer orientation and general consumption of advertising and the need to be better than the Jone'ses.

Gah - sorry - I am busy vomiting. My phone I bought for two reasons - small size (hate having bulky crap in my pockets), and large buttons - easy to use. It does basically nothing except call people and recieve calls - thats what a phone is for right? It has other features apparently - that I have no interest in - it does have an alarm clock that I find useful.


Just out of curiosity, do you extend this same strict anti-tech stance to your other appliances?

For example, is your computer set up for posting on ATS - and nothing else?
Is your TV incapable of receiving input from a dvd player, game console or cable/sat feed, because those things are above and beyond what a TV is for?
Is your car capable of only reaching the speed limit? Does it have a radio? Do you refuse to microwave your food? Do you toast bread by holding it over an open flame with a stick?

anyway, Now Then:
Apple will likely hold off on a patch until this flaw becomes spotted in the wild. That's how it tends to go with OSX holes, anyway. The virii and other system hacks that do exist for apple tend only to be found in controlled situations. Every year at black hat there's always one or two of these stories about apple, but they rarely - if ever - make it to the outside world.

That said, now that there's press, and given the popularity of this overhyped piece of ... sorry/// meant to say phone there/// it'll likely get a patch from apple in the next week or so.



posted on Aug, 5 2009 @ 10:44 PM
link   
The interesting thing for me is the potential 'domino effect' here... Essentially the first phone is controlled, and then that phone can be set up to carry out the same attack on other iPhones, which in turn can continue the process ad infinite.

Now if you also factor in the nature of people that would own a phone like this and the amount of personal data that has been made vulnerable then... well, almost makes me think these researchers did not stumble upon a flaw, rather a backdoor.

And BTW I'm a big fan of simple phones, half the time I don't even carry mine, I've had it so long the battery is getting to old... The thing I like about my Nokia is it's just the right bulkiness so that I'm aware it's in my pocket and it's robust - and also with all the better phones everywhere people would rather laugh at it than steal it



posted on Aug, 5 2009 @ 10:54 PM
link   
this simple hack makes me wonder why no one has tried to "brushfire" all the phones yet. I guess it is just a matter of time. wasted time, but time nonetheless.

Too bad we dont waste our energy on, oh I dont know, solving world hunger, building moon bases, mass producing free energy devises that exist already, helping old people, teaching children, good stuff like that.



posted on Aug, 5 2009 @ 11:16 PM
link   
*Queue the Terminator music* duh duh duh de duh

Skynet is awakening



posted on Aug, 5 2009 @ 11:17 PM
link   

iPhone OS 3.0.1
CoreTelephony
CVE-ID: CVE-2009-2204
Available for: iPhone OS 1.0 through iPhone OS 3.0

Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution

Description: A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue.


Apple iPhone Patch

This has already been patched as of July 31. Windows Mobile phones are potentially also susceptible to this SMS flaw.



posted on Aug, 6 2009 @ 02:46 AM
link   
reply to post by AlphaTier
 


So that's the fix - how many people will know they need it? Apple won't like advertising the fact there was a hole in the OS... And the Blackhat attendees clearly were quite proud of finding it.

They did give the standard pre release info to Apple, good hackers are a billion times better than bad ones.

Just another reason to be careful out there... Who knows what info we are leaking.



posted on Aug, 6 2009 @ 03:07 PM
link   
reply to post by AlphaTier
 


Windows Mobile potentially affected too? From what? The same hack? Seems dumb to me.

Please provide me with a link on that one.



posted on Aug, 6 2009 @ 03:11 PM
link   
Thanks for this thread. You know, if they DID patch it awesome. If not, hell, they could just let them explode. Apple seems to like little shiny things that explode.

Would like to see a link tot he possible Windows Mobile connection as well.



posted on Aug, 6 2009 @ 03:19 PM
link   
What's that you say?? There is a serious security vulnerability in a ubiquitous Apple product? I guess we can start selling sweaters in hell. /sarcasm

One of the biggest points "Mac people" would always make is that there are less viruses, worms etc effecting macs. This was simply because, like other software developers, virus writers were not making anything for Macs.

So now we have proof that Apple products are just as vulnerable, if not more so due to decreased vigilance, as a pc or any other digital product.

Take a bite outta that



posted on Aug, 6 2009 @ 10:26 PM
link   
reply to post by metro
 



The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft ( MSFT - news - people )-based devices.


How To Hijack 'Every iPhone in the World'

Itunes prompts you to upgrade to this software as soon as the iPhone is plugged in. If someone doesn't plug their phone in, it's left vulnerable. Don't Palm and the Android phones have a capability to push updates instead of waiting on the user to act?



posted on Aug, 6 2009 @ 10:29 PM
link   
OMGAD THE NEW IPHONE 300009 CAME OUT TODAY OMGAD I GOTA GET DOWN THERE AND BUY IT IF LIKE 2 OF MY FRENDS SEE ME WITH TEH OLD VERSIN I WILL DEFS BE OUTS OF THE GROUP OMGAD THAT CANT HAPPEN DAMNIT WHY CNAT TODAY BE PAYDAY I NEED THE NEW VERSION OMFFFGGGGGGGG


Consumerism. Pathetic.


EDIT TO ADD:

This vulnerability also highlights the fact that any employee at one at these CommCenters could hijack your phone, read your messages, check your logs, download your pics, check your dates, read all app info etc.

On a site that is sooo against big brother, it's astounding how many people are willing to put him in their pocket just cause they can touch his screen.

[edit on 6-8-2009 by king9072]



posted on Aug, 6 2009 @ 10:34 PM
link   
reply to post by KSPigpen
 



Security experts at the Black Hat conference revealed that phones running Android and Windows Mobile can be compromised by sending SMS messages. This vulnerability also extends to the Apple iPhone.


SMS vulnerabilities for iPhone, Android and Windows Mobile found

The iPhone is going to be a target now since it's so popular. I bet the older Mac OS systems had plenty of security flaws, it's just that there wasn't much interest because of low market penetration.

Looks like Blackberry might be the way to go security-wise. Don't see them mentioned!



posted on Aug, 6 2009 @ 10:39 PM
link   

Originally posted by AlphaTier
Looks like Blackberry might be the way to go security-wise. Don't see them mentioned!


I will tentatively second that!



posted on Aug, 6 2009 @ 10:44 PM
link   
wrong thread.

[edit on 6-8-2009 by king9072]





new topics

top topics



 
3

log in

join


Help ATS Recover with your Donation.
read more: Help ATS Recover With Your Contribution