A huge buzz preceded the presentation by Charlie Miller and Collin Mulliner at the famous ?Black Hat? cybersecurity conference in Las Vegas. The pair claim to have discovered a way to take over a smartphone, such as an iPhone or Windows Mobile phone, using nothing more than SMS. According to the
San Francisco Chronicle, ?A pair of security experts have found a vulnerability in the iPhone that allows a hacker to take control of an iPhone through a text-message attack.? Even scarier, the attack uses ?a series of mostly invisible SMS . . . bursts,? the Chronicle said.
Here are the real facts:
- Yes, in theory, a hacker could take over your smartphone. Could be an iPhone, as the Chronicle?s lead paragraph and headline said. Could be a Windows Mobile phone.
- There is no such thing as a ?mostly invisible? SMS message. You would receive a normal-seeming SMS message that should show up on your phone just like any other.
- You would know you are being hacked because you will receive SMS messages that contain empty square characters (I guess this is what the Chronicle means by ?mostly invisible?; by that standard, the letter o is mostly invisble). If at that point you delete the messages or turn off your phone or go into Airplane mode, the attack will not succeed.
- The attack requires 512 SMS messages, presumably delivered rapid-fire. That makes an attack against a single victim fairly noticeable and possibly expensive. An attack against more than a small number of smartphone users would be cost-prohibitive. Even ?unlimited? SMS plans have their limits.
- The attacker needs the phone numbers of enough smartphones to make this worth his while. Sending the attack to landlines or regular cellphones would merely run up his costs and raise his profile. This effectively limits the attack to ?whales.?
- The 512 SMS messages must all survive until all of them have been received by the victim. If the victim deletes even one of these messages, the exploit fails.
- Cell phone companies actually care about SMS spam and have countermeasures in place. Leaky, lousy countermeasures, to be sure, but they would be foolish to allow their networks to be take over by zombie phones. Surely they could filter out all ?mostly invisible? messages.
It is disturbing that this attack is possible, even given these constraints. You just don?t think of SMS as a security hole. Thank goodness
Apple has already patched against this exploit. But get a grip, people.