Hijacking All iPhones via SMS

Tramain

Well-known member
May 7, 2009
3,336
18
0
Visit site
Found this out via Twitter from Jamesus.

Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the vulnerability at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked iPhone. According to Miller

This is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.

Since Apple has yet to address this iPhone vulnerability even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.

This vulnerability should be heeded and patched by Apple asap (3.1 firmware anyone?). Miller knows his stuff, he was the first one to remotely hjack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool

All information came from Hijacking All iPhones via SMS .
 

Ipheuria

Well-known member
Jul 21, 2009
7,356
239
0
Visit site
Good read so far. If you got the text message instead of turning off the phone what happens if you just delete the message? Also I know if the person takes over one iphone they would have all of that person's contacts but really are they going to text all of those contacts to find another Iphone? How long would it take someone using that method to get to me lets say? I'm just wondering how big of a threat this could be?

Also why do people put credit card numbers and other secure info on their iphone? or any other electronic device? :confused: If it's in digital form it can be stolen or accessed unless you encrypt the hell out of it. I just would NEVER put my credit card numbers in any digital form. I have "1 Password" on my Iphone but the only passwords I put in there are passwords to simple things that would lead to forums. I also never put both my username and my password I put only one, whichever I can never remember, since one is useless without the other.
 
Last edited:

canadu

Well-known member
Jul 8, 2009
183
3
0
Visit site
Good read so far. If you got the text message instead of turning off the phone what happens if you just delete the message? Also I know if the person takes over one iphone they would have all of that person's contacts but really are they going to text all of those contacts to find another Iphone? How long would it take someone using that method to get to me lets say? I'm just wondering how big of a threat this could be?

Also why do people put credit card numbers and other secure info on their iphone? or any other electronic device? :confused: If it's in digital form it can be stolen or accessed unless you encrypt the hell out of it. I just would NEVER put my credit card numbers in any digital form. I have "1 Password" on my Iphone but the only passwords I put in there are passwords to simple things that would lead to forums. I also never put both my username and my password I put only one, whichever I can never remember, since one is useless without the other.

I agree completely with your first paragraph but I gotta say that I am one of those people that push technology because I want to one day just walk out of my house only with my mobile and it serve as my i.d. and money transaction conduit like my debit card. I know we're not there yet but last summer I used my mobile in Tokyo to purchase lunch while I was there for work.
We're not there here in the US but I know Nokia is working on Nokia Money. People will put secure information on their devices and I'm one of those because I trust my device(Iphone has hardware encryption), can remote wipe data with mobileme in seconds, and even if someone would gain access, my bank will not hold me liable for fraudulent charges.
The bigger picture is that Apple needs to get its sh!t together and should have a patch before the how-to is broadcasted to the world.
 

idave

New member
Jul 28, 2009
2
0
0
Visit site
I too would like to know what would happen if you just delete the message instead of turning your phone off?
If you do turn off the phone,doe's it delete the message?When would it be safe to turn it back on?
I hope apple will fix this asap.
Dave
 

Tramain

Well-known member
May 7, 2009
3,336
18
0
Visit site
I too would like to know what would happen if you just delete the message instead of turning your phone off?
If you do turn off the phone,doe's it delete the message?When would it be safe to turn it back on?
I hope apple will fix this asap.
Dave

I read on another forums that if you turn off your iPhone it will cut off there connection.
 

supermanfos

Well-known member
Jun 19, 2009
58
0
0
Visit site
I agree with everyone here, Apple needs to patch this security issue sooner rather than later. Maybe this will speed things up for an earlier release of 3.1???
 

Tramain

Well-known member
May 7, 2009
3,336
18
0
Visit site
I agree with everyone here, Apple needs to patch this security issue sooner rather than later. Maybe this will speed things up for an earlier release of 3.1???

Yea but I don't want Apple to rush 3.1 because then all the bugs will not be fixed.
 

anon(4671651)

Well-known member
Jun 29, 2009
114
0
0
Visit site
has anybody here actually gotten the text? its to pose to be something like [] right?
I wouldnt want apple to rush 3.1, its better if they get more time with it and release a 3.0.1 or 2, that would make more sense, as they are still in beta 3.
 

Ipheuria

Well-known member
Jul 21, 2009
7,356
239
0
Visit site
I agree completely with your first paragraph but I gotta say that I am one of those people that push technology because I want to one day just walk out of my house only with my mobile and it serve as my i.d. and money transaction conduit like my debit card. I know we're not there yet but last summer I used my mobile in Tokyo to purchase lunch while I was there for work.
We're not there here in the US but I know Nokia is working on Nokia Money. People will put secure information on their devices and I'm one of those because I trust my device(Iphone has hardware encryption), can remote wipe data with mobileme in seconds, and even if someone would gain access, my bank will not hold me liable for fraudulent charges.
The bigger picture is that Apple needs to get its sh!t together and should have a patch before the how-to is broadcasted to the world.

honestly I understand what you are saying above, if there is a system that has a purpose with the security of the data then fine. I wouldn't use it because I just don't trust any digital storage for certain things that's just my feeling. However what I meant is people who store secure info on their phone, laptop, etc. because they can't remember. I just think it leaves it too open, all of my info is in my wallet and in my head so there is only one way to get at it through my wallet just my point of view.

The whole SMS thing it's good to have the info but I just thing the chances of it hitting me out of the gajillion iPhone users is very slim. So I'd rather Apple incorporate a fix in 3.1 and not rush it out to everyone so it's stable and bug free. I wont be upgrading right away anyway because I need the Jailbreak so I'll just live on the edge LOL also has any Jailbroken people changed their root password?
 

Forum statistics

Threads
260,009
Messages
1,765,299
Members
441,220
Latest member
waeriyadh