How concerned should I be .. about SMS Hack

[rushia3n4]

How concerned should I be concerned with this SMS Hack .... or should I just wait for OS 3.1

 

[Tramain]

Just update.

 

[rushia3n4]

ok ....but i would have to use redsnow instead of pwnage

the difference is with pwnage i changed root patrition size ......and can i use the ipsw that i have on computer or should i get new one

 

[Tramain]

I no redsn0w works with 3.0.1 just use the 3.0 IPSW

 

[rushia3n4]

But what about the root patrition

Is the 3.0 IPSW the one that was created by PWNage.....or is it one I got online......I cant rememebr

 

[Tramain]

Do you have 3G or 3Gs?

 

[rushia3n4]

3G

3G is what i have

 

[Tramain]

Well these direction should work for 3.0.1. http://www.theiphoneblog.com/2009/06/23/jailbreak-iphone-30-mac-os-redsn0w-edition/

 

[rushia3n4]

Thank you

Thankx for all your help, but I am still trying to decide how to change root partrition

 

[Duvi]

Or you can choose not to update. The SMS hack is true, but will more than likely never happen to you. Here's why:

A huge buzz preceded the presentation by Charlie Miller and Collin Mulliner at the famous ?Black Hat? cybersecurity conference in Las Vegas. The pair claim to have discovered a way to take over a smartphone, such as an iPhone or Windows Mobile phone, using nothing more than SMS. According to the San Francisco Chronicle, ?A pair of security experts have found a vulnerability in the iPhone that allows a hacker to take control of an iPhone through a text-message attack.? Even scarier, the attack uses ?a series of mostly invisible SMS . . . bursts,? the Chronicle said.
Here are the real facts:

1. Yes, in theory, a hacker could take over your smartphone. Could be an iPhone, as the Chronicle?s lead paragraph and headline said. Could be a Windows Mobile phone.
2. There is no such thing as a ?mostly invisible? SMS message. You would receive a normal-seeming SMS message that should show up on your phone just like any other.
3. You would know you are being hacked because you will receive SMS messages that contain empty square characters (I guess this is what the Chronicle means by ?mostly invisible?; by that standard, the letter o is mostly invisble). If at that point you delete the messages or turn off your phone or go into Airplane mode, the attack will not succeed.
4. The attack requires 512 SMS messages, presumably delivered rapid-fire. That makes an attack against a single victim fairly noticeable and possibly expensive. An attack against more than a small number of smartphone users would be cost-prohibitive. Even ?unlimited? SMS plans have their limits.
5. The attacker needs the phone numbers of enough smartphones to make this worth his while. Sending the attack to landlines or regular cellphones would merely run up his costs and raise his profile. This effectively limits the attack to ?whales.?
6. The 512 SMS messages must all survive until all of them have been received by the victim. If the victim deletes even one of these messages, the exploit fails.
7. Cell phone companies actually care about SMS spam and have countermeasures in place. Leaky, lousy countermeasures, to be sure, but they would be foolish to allow their networks to be take over by zombie phones. Surely they could filter out all ?mostly invisible? messages.

It is disturbing that this attack is possible, even given these constraints. You just don?t think of SMS as a security hole. Thank goodness Apple has already patched against this exploit. But get a grip, people.

 

[lionheartednyhc]

Screw it. Im waiting. I don't feel like having to re-jailbreak...and then rejailbreak again in a few weeks when 3.1 releases.

 

[rushia3n4]

3.1 is for certain

3.1 is for certain to come out in a few weeks


also can anyone answer if I can change my root on redsnow... or use the IPSW I already have on my computer (not sure if its PWNage created or downloaded reg one

 

[shutter]

3.1 is for certain to come out in a few weeks


also can anyone answer if I can change my root on redsnow... or use the IPSW I already have on my computer (not sure if its PWNage created or downloaded reg one

No, you cannot change your root partition with redsn0w, and you cannot use a pwnage created ispw (I don't think).

FWIW, to anyone contemplating it....

I was preparing to restore, upgrade and re-jailbreak. I disconnected from iTunes while the 3.0.1 ipsw was downloading (to back up my cydia packages with PkgBackUp...nicely spent 1.99, worked great) and when I plugged it back in, the new firmware warning popped up offering to let me update. Without even thinking I clicked yes.

So I updated to 3.0.1 (keeping all my stock user data and settings), re-jailbroke with redsn0w + 3.0 ipsw
first thing I did was re-download PkgBackUp and restored my cydia packages
Rebooted and I was pretty much done.

Whole process took me about 1/2 hour.

I am not recommending this, but since you may have to restore and set up as new anyway...might as well give it a shot. 3.0 and 3.0.1 are identical, except for the sms patch, so maybe that is why it worked so well and I haven't experienced any issues, maybe I was just lucky. YMMV.

 

[big9erfan]

3.1 is for certain to come out in a few weeks


also can anyone answer if I can change my root on redsnow... or use the IPSW I already have on my computer (not sure if its PWNage created or downloaded reg one

I don't know about a few weeks....I think we're looking more along the lines of 4 -6 weeks.

 

[rushia3n4]

3.0 IPSW Where

Where do I get a 3.0 IPSW



Also if I use that after I update to 3.01 .... will the SMS patch still work

 

[Tramain]

Where do I get a 3.0 IPSW



Also if I use that after I update to 3.01 .... will the SMS patch still work

Do you have a iPhone>3G>3Gs? And if you upgrade to 3.0.1 the SMS hack will not work.