Hijacking All iPhones via SMS
Found this out via Twitter from Jamesus.
Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the vulnerability at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked iPhone. According to MillerThis is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.Since Apple has yet to address this iPhone vulnerability even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.
This vulnerability should be heeded and patched by Apple asap (3.1 firmware anyone?). Miller knows his stuff, he was the first one to remotely hjack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool
- 07-29-2009, 10:03 PM #2
- 07-30-2009, 06:02 AM #3
Good read so far. If you got the text message instead of turning off the phone what happens if you just delete the message? Also I know if the person takes over one iphone they would have all of that person's contacts but really are they going to text all of those contacts to find another Iphone? How long would it take someone using that method to get to me lets say? I'm just wondering how big of a threat this could be?
Also why do people put credit card numbers and other secure info on their iphone? or any other electronic device? If it's in digital form it can be stolen or accessed unless you encrypt the hell out of it. I just would NEVER put my credit card numbers in any digital form. I have "1 Password" on my Iphone but the only passwords I put in there are passwords to simple things that would lead to forums. I also never put both my username and my password I put only one, whichever I can never remember, since one is useless without the other.
Last edited by Ipheuria; 07-30-2009 at 06:15 AM.
- 07-30-2009, 07:15 AM #4
We're not there here in the US but I know Nokia is working on Nokia Money. People will put secure information on their devices and I'm one of those because I trust my device(Iphone has hardware encryption), can remote wipe data with mobileme in seconds, and even if someone would gain access, my bank will not hold me liable for fraudulent charges.
The bigger picture is that Apple needs to get its sh!t together and should have a patch before the how-to is broadcasted to the world.
- 07-30-2009, 08:13 AM #5
- 07-30-2009, 08:42 AM #7
- 07-30-2009, 01:17 PM #8
- 07-30-2009, 01:22 PM #10
- 07-30-2009, 01:47 PM #11
- 07-30-2009, 02:08 PM #12
has anybody here actually gotten the text? its to pose to be something like  right?
I wouldnt want apple to rush 3.1, its better if they get more time with it and release a 3.0.1 or 2, that would make more sense, as they are still in beta 3.
- 07-30-2009, 04:33 PM #14
The whole SMS thing it's good to have the info but I just thing the chances of it hitting me out of the gajillion iPhone users is very slim. So I'd rather Apple incorporate a fix in 3.1 and not rush it out to everyone so it's stable and bug free. I wont be upgrading right away anyway because I need the Jailbreak so I'll just live on the edge LOL also has any Jailbroken people changed their root password?