1. Tramain's Avatar
    Found this out via Twitter from Jamesus.

    Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the vulnerability at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked iPhone. According to Miller
    This is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.
    Since Apple has yet to address this iPhone vulnerability even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.

    This vulnerability should be heeded and patched by Apple asap (3.1 firmware anyone?). Miller knows his stuff, he was the first one to remotely hjack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool
    All information came from Hijacking All iPhones via SMS .
    07-29-2009 10:46 PM
  2. xultar's Avatar
    I've seen that on Gizmodo too. Cracks me up because Apple is so concerned about Jailbreaking and unlocking.
    07-29-2009 11:03 PM
  3. Ipheuria's Avatar
    Good read so far. If you got the text message instead of turning off the phone what happens if you just delete the message? Also I know if the person takes over one iphone they would have all of that person's contacts but really are they going to text all of those contacts to find another Iphone? How long would it take someone using that method to get to me lets say? I'm just wondering how big of a threat this could be?

    Also why do people put credit card numbers and other secure info on their iphone? or any other electronic device? If it's in digital form it can be stolen or accessed unless you encrypt the hell out of it. I just would NEVER put my credit card numbers in any digital form. I have "1 Password" on my Iphone but the only passwords I put in there are passwords to simple things that would lead to forums. I also never put both my username and my password I put only one, whichever I can never remember, since one is useless without the other.
    Last edited by Ipheuria; 07-30-2009 at 07:15 AM.
    07-30-2009 07:02 AM
  4. canadu's Avatar
    Good read so far. If you got the text message instead of turning off the phone what happens if you just delete the message? Also I know if the person takes over one iphone they would have all of that person's contacts but really are they going to text all of those contacts to find another Iphone? How long would it take someone using that method to get to me lets say? I'm just wondering how big of a threat this could be?

    Also why do people put credit card numbers and other secure info on their iphone? or any other electronic device? If it's in digital form it can be stolen or accessed unless you encrypt the hell out of it. I just would NEVER put my credit card numbers in any digital form. I have "1 Password" on my Iphone but the only passwords I put in there are passwords to simple things that would lead to forums. I also never put both my username and my password I put only one, whichever I can never remember, since one is useless without the other.
    I agree completely with your first paragraph but I gotta say that I am one of those people that push technology because I want to one day just walk out of my house only with my mobile and it serve as my i.d. and money transaction conduit like my debit card. I know we're not there yet but last summer I used my mobile in Tokyo to purchase lunch while I was there for work.
    We're not there here in the US but I know Nokia is working on Nokia Money. People will put secure information on their devices and I'm one of those because I trust my device(Iphone has hardware encryption), can remote wipe data with mobileme in seconds, and even if someone would gain access, my bank will not hold me liable for fraudulent charges.
    The bigger picture is that Apple needs to get its sh!t together and should have a patch before the how-to is broadcasted to the world.
    07-30-2009 08:15 AM
  5. idave's Avatar
    I too would like to know what would happen if you just delete the message instead of turning your phone off?
    If you do turn off the phone,doe's it delete the message?When would it be safe to turn it back on?
    I hope apple will fix this asap.
    Dave
    07-30-2009 09:13 AM
  6. Tramain's Avatar
    I too would like to know what would happen if you just delete the message instead of turning your phone off?
    If you do turn off the phone,doe's it delete the message?When would it be safe to turn it back on?
    I hope apple will fix this asap.
    Dave
    I read on another forums that if you turn off your iPhone it will cut off there connection.
    07-30-2009 09:29 AM
  7. idave's Avatar
    I read on another forums that if you turn off your iPhone it will cut off there connection.
    Thank you Tramain'
    Dave
    07-30-2009 09:42 AM
  8. supermanfos's Avatar
    I agree with everyone here, Apple needs to patch this security issue sooner rather than later. Maybe this will speed things up for an earlier release of 3.1???
    07-30-2009 02:17 PM
  9. Tramain's Avatar
    I agree with everyone here, Apple needs to patch this security issue sooner rather than later. Maybe this will speed things up for an earlier release of 3.1???
    Yea but I don't want Apple to rush 3.1 because then all the bugs will not be fixed.
    07-30-2009 02:19 PM
  10. supermanfos's Avatar
    I agree with you Tramain, I also don't want a crappy upgrade. It's worth the wait but Apple should not wait too long.
    07-30-2009 02:22 PM
  11. Coffeeman's Avatar
    If you get any such text, just put your phone in airplane mode.
    07-30-2009 02:47 PM
  12. anon(4671651)'s Avatar
    has anybody here actually gotten the text? its to pose to be something like [] right?
    I wouldnt want apple to rush 3.1, its better if they get more time with it and release a 3.0.1 or 2, that would make more sense, as they are still in beta 3.
    07-30-2009 03:08 PM
  13. Tramain's Avatar
    07-30-2009 03:19 PM
  14. Ipheuria's Avatar
    I agree completely with your first paragraph but I gotta say that I am one of those people that push technology because I want to one day just walk out of my house only with my mobile and it serve as my i.d. and money transaction conduit like my debit card. I know we're not there yet but last summer I used my mobile in Tokyo to purchase lunch while I was there for work.
    We're not there here in the US but I know Nokia is working on Nokia Money. People will put secure information on their devices and I'm one of those because I trust my device(Iphone has hardware encryption), can remote wipe data with mobileme in seconds, and even if someone would gain access, my bank will not hold me liable for fraudulent charges.
    The bigger picture is that Apple needs to get its sh!t together and should have a patch before the how-to is broadcasted to the world.
    honestly I understand what you are saying above, if there is a system that has a purpose with the security of the data then fine. I wouldn't use it because I just don't trust any digital storage for certain things that's just my feeling. However what I meant is people who store secure info on their phone, laptop, etc. because they can't remember. I just think it leaves it too open, all of my info is in my wallet and in my head so there is only one way to get at it through my wallet just my point of view.

    The whole SMS thing it's good to have the info but I just thing the chances of it hitting me out of the gajillion iPhone users is very slim. So I'd rather Apple incorporate a fix in 3.1 and not rush it out to everyone so it's stable and bug free. I wont be upgrading right away anyway because I need the Jailbreak so I'll just live on the edge LOL also has any Jailbroken people changed their root password?
    07-30-2009 05:33 PM
LINK TO POST COPIED TO CLIPBOARD