iPhone Vulnerability Yields Root Access Via SMS

snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."

Ouch!

[thomasdn]

We do not know the details of this yet, but if this is really an "sms to root" exploit, it can be used for sms-based virusses that can spread very fast.

Re:Ouch!

[Canazza]

1) Hacker Sends SMS to target phone
2) Phone gets virus, virus looks up address book and sends itself to everyone in their address book
3) Phone with virus does evil stuff to phone

Damn, that's excellent... erm, I mean... too bad... for... you know... California... and Art Students...
Phones are for phoning people
PDAs/Netbooks/Laptops are for doing business on the move
Laptops/Gameboys are for mobile gaming

The only combination I'll accept are mobile phones that play my MP3's... since it's a small, simple extension of the already availible 'ringing' feature of phones :P
Oh, and cameras... I'll accept camera phones... They're useful.
And Skype access
And Wifi for the Skype...
and while we've got Wifi we might as well have a browser
and maybe the ability to put other apps on it too...

*damnit* I've fallen for feature creep... someone help!

Re:

[Comatose51]

Well, I hope you removed the air conditioner and the stereo from your car because A/C is for cooling and stereo is for listening. They have no purpose in the car. While we're at it, let's take out the headlights too. Oh that starter motor is just a total dead weight. Talk about feature creep! Wheel, brakes, and an engine should be all you have in your car.

Re:

[Canazza]

1) I don't own a car
2) You missed the point
3) You really think that Grindr [apptism.com] is as essential to a phone as a wheel is to a car?

Re:

[GeorgeStone22]

I don't get your mindset. The phone has obviously sold millions upon millions. It's doing something right. It's called usability and the iPhone has it by the bucket loads. Before the iPhone came about putting apps onto a phone was annoying and awkward for the average user. You had to download the .sis (On symbian OS) then put it on a memory card, then finally install it. Apple have made mobile applications accessible to the masses, and Grindr is proof of that. I don't agree with everything Apple has done wi

Re:

[kv9]

Before the iPhone came about putting apps onto a phone was annoying and awkward for the average user. You had to download the .sis (On symbian OS) then put it on a memory card, then finally install it.

all the apps on my Nokia have been installed by "clicking" on links from the browser. I never had to do any of the crazy shit you're talking about. it even has a thingy that lets me browse various categories of applications and install them with one click (kind of... like... an appstore... HOLY SHIT!). I never even have to plug the damn thing to transfer stuff because of bluetooth.

Grindr

[commodoresloat]

You really think that Grindr [apptism.com] is as essential to a phone as a wheel is to a car?

Dude, Grindr is an application that helps you find sex. A wheel on a car helps you to drive to a location where you can find sex. If you remove either one, the result is the same -- it's more difficult to find sex. What's so difficult to understand here?

Mobile homebrew gaming?

[tepples]

Laptops/Gameboys are for mobile gaming

What do you recommend for mobile gaming that meets my cousin's criteria?

1. Smaller than an Eee PC. Laptops are harder to carry than something that fits in a pocket.
2. Allows students, hobbyists, and small companies to develop for the platform. Nintendo and Sony take stances against homebrew.
3. Can be purchased with cash in the United States. Please don't shut out children who have saved their birthday and lawn mowing money.

Laptops fail 1, Game Boy fails 2, and GP2X fails 3. The only video gaming platform we could

Re:

[dunkelfalke]

Any Windows Mobile PDA will do actually.

Good luck finding Windows Mobile Classic anymore

[tepples]

Phones are for phoning people
PDAs/Netbooks/Laptops are for doing business on the move

[For gaming,] Any Windows Mobile PDA will do actually.

Good luck finding a new Windows Mobile Classic (formerly Pocket PC) device in 2009. All the stores are pushing devices that run Windows Mobile Standard (smartphone) or Windows Mobile Professional (smartphone with touch screen), and the whole premise of this thread is to find a device without a phone and without the 2-year service commitment that comes with most phones.

Re:

[dunkelfalke]

Not that difficult. Shall I name a few device names?

- Pharos 535v
- HP iPaq 111
- HP iPaq 211 (would go for that one, 4" VGA screen rocks)

Motorola/Symbol still make lots of them but they are way too expensive, and not as robust as they look like.

The used market should be huge.

And by the way, is it really the case that you cannot buy a Windows Mobile phone without a contract? In Germany it wouldn't be a problem at all.

Re:

[tepples]

Children can't shop online, and I haven't seen the iPAQ products at the local Best Buy or Office Depot store. So how would a kid who is holding $400 in $20 Federal Reserve notes buy such a PDA?

Re:

[Ambiguous Puzuma]

Is buying a $400 Visa/Mastercard gift card, then using that to shop online, an option?

Pandora is like the GP2X in this regard

[tepples]

Can be purchased with cash in the United States [...] GP2X fails

Keep your eye on http://www.openpandora.org/ [openpandora.org]

I am aware of the Pandora PDA, expected to be out by the fourth quarter of 2009, but I am not aware of a U.S. retail chain that has committed to stock it. As I understand it, it will be available exclusively through mail order, an option that isn't open to children who are paying with accumulated cash.

Re:

[tepples]

Can be purchased with cash in the United States.

G1 phones on craigslist

Is craigslist open to children or cash payments?

Re: why skype and not SIP (voip)

[SpzToid]

Please don't promote skype in this space. It is too proprietary, and consumes too much battery power running as a 3rd party app.

Why not buy a true SIP phone? Then you can set it up like an extension at your office/PBX, or configure it directly to a service like www.voipcheap.com. Personally, I won't buy a phone unless it is supported on a list like this one:
http://www.forum.nokia.com/Technology_Topics/Mobile_Technologies/VoIP/Nokia_VoIP_Framework/VoIP_support_in_Nokia_devices.xhtml [nokia.com]

In the US, T-mobile sells

Re:

[Meneth]

You failed at "Skype". :)

Re:Ouch!

[Jurily]

Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?

Re:

[Joce640k]

He used to work for Microsoft where he spent his time adding "can execute code" to all their media file formats. Now he's at Apple (and continuing the good work...)

Re:

[forand]

My best guess would be the cell providers. They want someway to control the devices on their network or update them remotely if so needed.

Cell providers == botnet ops

[jonaskoelker]

They want someway to control the devices on their network or update them remotely if so needed.

Wait, are you talking about cell providers or botnet operators?

I suddenly feel this appetite for brains... *turns off phone* hmm...

</cynicism>

Re:

[Nerdfest]

That would be Steve Jobs ... but he's a sick man.

Re:Ouch!

[L4t3r4lu5]

This might be linked to the MobileMe Find My iPhone, Remote Wipe, and remote message facilities. If these are commands sent by SMS message from MobileMe, then perhaps they can be overflowed to run arbitrary commands.

After all, if you can wipe the phone remotely, then that system has root access, does it not?

N.B. I am not a security researcher.

Re:

[BikeHelmet]

Indeed. Vulnerability, or backdoor? "Fixing" the solution probably involves verifying the text message came from Apple.

Re:

[sgt_doom]

"Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?"

Master control? The Illuminati? World Domination Society? Those Free Mason chaps? Hank Paulson, wherever the f**k he is? Goldman Sachs? JPMorgan Chase? Morgan Stanley? InterContinental Exchange? ICE US Trust? DTCC?

Re:

[AcidPenguin9873]

Obviously I don't know the details of the exploit, but no phone software would willingly execute code that they have no control over. These exploits take advantage of security bugs in the phone software to get them to execute code.

A simple naive example is the classic stack buffer overflow [wikipedia.org]. I might send a malformed SMS that encodes a 200-byte message (140 bytes is the byte limit for SMS). If the software that processes the SMS didn't check that the byte count is less than 140, it might happily write those

Re:

[Jurily]

I might send a malformed SMS that encodes a 200-byte message

No, you can't.

Messages are sent with the MAP mo- and mt-ForwardSM operations, whose payload length is limited by the constraints of the signalling protocol to precisely 140 octets (140 octets = 140 * 8 bits = 1120 bits).

Re:

[AcidPenguin9873]

Let me repeat TWO of the disclaimers that I put in my original post:

Obviously I don't know the details of the exploit,

(This example is probably way too simple and is likely NOT how the actual phone exploit works; it is just to illustrate the point.)

And you seem to have missed the very next paragraph in the Wikipedia article where it talks about multi-segment SMS, which (from just the /. summary) sounds like what this exploit targets.

Re:

[numbski]

The same person that thought it was good to have automatic voicemail notification. Most modern GSM phones have a special set of binary SMS that come through for various purposes, one being voicemail notification.

Re:

[fmobus]

Yeah, because the same happened in the webserver market. Apache installations get rooted every single minute.

Re:

[eudaemon]

Well except the ones running under a dedicated non-root user, preferably with sysjail or the like.
But you mean default installs, right?

I expect the android platform will be next... it's really linux, it has full blown access to your contact
list, and it too accepts SMS. Hell it's probably pingable! I'll have to try it when I get my replacement device.

Re:

[fmobus]

From what I read of androi api, some time ago, it ain't that open.

Android has a intent-based security model. An intent is any action that requires data from outside the application or that involves doing things outside the app's jail. In this model, reading a contact list would require an Intent.

In order to load, an application must always carry a manifest, in which the application's intents are listed. When a user loads an application, this manifest is read by the runtime, and the user may allow or disallo

Re:

[fmobus]

by the way, apache2, in my default installation, runs as www-data.

Re:

[rts008]

...it can be used for sms-based virusses that can spread very fast.

A blackhat could have a field day with this on Twitter!

Re:

[Sockatume]

It's not a true SMS-to-root exploit. So far he's only been able to crash part of the device's software with it, he's still looking into whether it can be used to run arbitrary code.

Wonder how this goes together ..

[Anonymous Coward]

Wondering if this can be combined with iPhone's ability to heat red hot while in your pocket

Re:

[Hurricane78]

Man I just found someone else openly describing the way to root an iPhone via SMS. (I don't know if he started to search after he heard this or what.)

I HAVE to try this on some dudes (and I girl) I know.

Then I will make a lolappleboi photo of them, and caption it with "Laem iPwn oozr iz laem." (Think of the original meaning of "lame".)
Or, depending on what happens, I could use just one word: "iBurn". :D

Ok, I know I'm evil. :D

Can't Carriers Stop this?

[forand]

So this is bad news for the iPhone but it seems like any carrier of the iPhone should want to implement a simple filter to remove any malicious SMSs from the system.

Re:

[Joce640k]

Ummm, carriers stand to profit from this so why would they?

Re:

[Rogerborg]

Ummm, carriers stand to profit from this so why would they?

Humanity </Zarkov>

Re:

[Dragonslicer]

Ummm, carriers stand to profit from this so why would they?

Maybe I'm not thinking evilly enough, but how would a carrier profit from phones on their network being exploited? If anything, it would start costing them resources when the phones are used to launch DDoS attacks.

Re:

[dlgeek]

The phones will start sending out floods of text messages. People who don't have text plans will pay $0.40 for the received texts. That could be hundreds of dollars caused by one infected iphone (with a text plan, so they won't have anything extra billed) but paid but a large number of customers who aren't going to get upset over $1-$2.

Re:

[SpzToid]

Actually this type of exploit has been known to effect Nokia phones for awhile already. It seems only normal someone would figure out how to do it to an iPhone, (unless Apple was proactive in thwarting such an attack, which hasn't been the case)

http://www.google.com/search?q=nokia+malformed+sms&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=firefox-a [google.com]

Re:

[Mista2]

And why not add some antivirus and a firewall on the phone, and make it a bit bigger, say like a netbook... damn, feature creep again 8)

Re:Can't Carriers Stop this?

[amicusNYCL]

It's not the carrier's responsibility to look at all SMS messages going through their system and filter them out, it's the iPhone's responsibility to not execute untrusted code in the first place. If this was a Microsoft device that's exactly what people would be saying.

Re:

[forand]

How the heck does this method send an SMS without using the carrier?

Re:

[omuls are tasty]

Actually the other FA says:

The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network.

So it's not really GP's fault.

iPhone Vulnerability Yields Root Access Via SMS

[Anonymous Coward]

"...Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations,..."

Cool now my wife can have that iphone she always wanted.

Re:

[phillips321]

Why not just lock her in the house redneck style?

Prevention/Defense

[InsertWittyNameHere]

If any of you iPhone users wants to know how to prevent this attack, please reply with your cellphone number and I will TXT you the details.

You're welcome!

Re:

[Comatose51]

9-1-1 I'm going to disable SMS for now just to be safe so just call it and tell me. If my hot blonde, high libido girlfriend picks up, say some obscene things to her. Just act out your fantasy right over the phone. She loves that.

Run up your bill too

[nurb432]

Nice little dDos attack device, with one hell of a use fee at the end of the month ...

Re:Run up your bill too

[Joce640k]

Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland

Re:

[Hurricane78]

I recommend a tune of differently intonated farts, vomits, snots and 50 cent lyrics. It's the perfect fit!

Re:

[arndawg]

Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland

I think that is kind of glorifying the showers in prison.

Well there's your problem!

[Anonymous Coward]

"as SMS can send binary code that the iPhone processes without user interaction"

Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?

Re:

[TheRaven64]

Why would it do that? When you only have a small number of bytes, you want a character set that uses them all. SMS originally used a 7-bit character set, where every 7-bit sequence was a valid printing character. Now you can use 8-bit or 16-bit encodings, but every value is valid. Or do you think there is some magical difference between text and binary? Text is just binary where there is a well-defined mapping from numbers to characters.

Re:Well there's your problem!

[Peregr1n]

Yeah! Ban the characters '0' and '1' from text messages and stop this binary nonsense!

Re:

[Nazlfrag]

common misconception. the numbers '48' and '49' aren't decimal, they in fact correspond to the numbers 00110000 and 00110001. you'd have to stick your HEAD up your NULL for naughty ones.

sorry, just stained myself...

Re:

[sam0737]

"as SMS can send binary code that the iPhone processes without user interaction"

Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?

you mean allows only Chinese or Russian to pass through?

The unicode used is UTF-16, not UTF-8, which almost means every binary code is valid except for some range.

Re:

[da_matta]

Text messaging is actually just one service of the SMS bearer, and it can also used for sending binary content like configuration messages. There are also many variations (e.g. charactersets), which are defined be the PDU headers [dreamfabric.com]. Checkout the protocol identifiers for available services.

This sounds like a classical failure to correctly validate the data or handle some unsupported combination resulting in a crash or a buffer overflow. What is amazing is that they can fit an actual payload to the message..

Re:

[kv9]

Text messaging is actually just one service of the SMS bearer, and it can also used for sending binary content like configuration messages.

this is correct, I've had the (mis)fortune of working with OTA provisioning in the past, and you can do some pretty crazy things to people's handsets. and because of the hugely incompatible standards and models out there not all will require the user's confirmation.

Re:

[0xdeadbeef]

According to wikipedia, its an exension of the SMS standard. I would assume this is where the vulnerabilities lie.

I would assume that you're an ignorant hillbilly who hasn't the slightest clue of what you're talking about, but believes that linking to Wikipedia will get you lots of +1 Informative.

Re:

[topham]

Actually, they do MMS just fine.

But I wouldn't expect you to know that.

Re:

[pwfffff]

OK, so people (not in the US (who've upgraded to 3.0)) can MMS.

Still hilarious that it didn't come stock.

Apple fanboys are awfully rabid today aren't they, putting words in my mouth and all...

Re:

[His Shadow]

So you come here with your vicious stupidity but it's "Apple fanboys" who are rabid? Apple bashers seemingly have one thing in common: they are inordinately smug c***suckers routinely calling the kettle black.

Re:

[kv9]

Apple bashers seemingly have one thing in common: they are inordinately smug c*** suckers

I thought that's the one thing that Apple fanbois had in common... now I'm confused.

Re:

[Tony Hoyle]

Wrong on both counts.

1. iPhones do SMS
2. MMS is not HTTP.. not even close.

i sense a disturbence in the force

[timmarhy]

it was as if 1000 apple fanbois cried out and then were silent...

Re:

[Oktober Sunset]

if only... even if every mac on the planet turned into a robot and killed a baby before collapsing into a pile of toxic debris, it would only shut the fanboys up for 5 minutes before they resumed bleating on about garage band and iphoto...

Re:

[schon]

even if every mac on the planet turned into a robot and killed a baby before collapsing into a pile of toxic debris, it would only shut the fanboys up for 5 minutes

This is blatantly false and you know it!

If that happened, every true fanboy would immediately start talking about how awesome it was that Jobs had his own robot army.

Re:

[ae1294]

about garage band and iphoto..

I thought you wrote ipotato.... I was getting all excited about a new Apple Product and shit...

Re:

[Hurricane78]

...because their iPwnes now cry for them. All day and all night. About Vi4gra, P3nis enlagrements, Xial1s, and in russian about DDOSing the iTunes store.

Re:

[TheRaven64]

I note Symbian is conspicuously absent from that list. Interesting, considering that it has around 70+% of the market (isn't market share the excuse MS apologists always give for exploits?). Still a large enough installed base for a very irritating SMS-spam botnet though.

Next thing ...

[Stavr0]

Could the iPhone be jailbroken via SMS?

At least SOMEBODY has full access to my iPhone!

[just fiddling around]

That's just great. I can't use all the features of the iPhone because it is crippled by the providers, but any dumbass can get root by SMS?

If I had "bought" one (I consider the current way of getting it as rent-to-own), I would be pissed.

SMS limit isn't 140 characters

[praseodym]

SMS has a limit of 160 characters, not 140. Twitter has a 140-character limit because of its SMS-interface which leaves 20 characters for commands etc. in addition to the message.

Depends how you define characters

[multipartmixed]

And the case of binary data, you're dead wrong.

GSM SMS payload is 140 8-bit characters, or bytes, depending how you look at it.

The default SMS text encoding format uses 7-bits, and employs a bit-shifting algorithm to pack 160 7-bit characters in to 140 bytes. Binary formats can't use this compression, as, well, they need all eight bits.

Re:

[praseodym]

You're correct. And to complete it:

"Larger content (Concatenated SMS, multipart or segmented SMS or "long sms") can be sent using multiple messages, in which case each message will start with a user data header (UDH) containing segmentation information. Since UDH is inside the payload, the number of characters per segment is lower: 153 for 7-bit encoding, 134 for 8-bit encoding and 67 for 16-bit encoding." -- from Wikipedia [wikipedia.org]

So, in this case it's 134 bytes and not 140 since the payload probably doesn't fit

Didn't this just happen?

[sys.stdout.write]

How does this compare to the story from two weeks ago? [slashdot.org]

Seems to affect other smart phones as well ...

[FelxH]

from the second link: "We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices."

Re:

[El_Muerte_TDS]

No learn to read. The second link says that they have technology to send an SMS Message to a phone without needing a carrier. It doesn't say anything about exploiting bugs in the handling of the SMS Message.

Re:

[Hurricane78]

Apparently no Symbian devices. I know that Nokia allows for apps to be installed in a way, in which they somehow go trough the generic message inbox (the one that gets SMS, e-Mail, etc)
But the Symbian devices lets you jump trough at least two hoops before it gets installed. First you have to agree to run the installer. And then you have to agree for the installer having the right to install anything that will survive a reboot, without the usually needed certificate.

Outlook all over again?

[KlaymenDK]

How the hell can a format that's supposed to be passive plain text yield root access? Just receive and store the damn text, don't try to interpret it! If other apps want to peek into received messages and perform actions on that, fine, but this is just Outlook all over again!

Re:

[peppepz]

With the current 3GPP specification SMS can also be concatenated, contain pictures and sounds, configure your phone’s browser, contain "push" links etc.
99% of this functionality is crap and was made obsolete by MMS, but phones still have to support it.

Re:

[ae1294]

How the hell can a format that's supposed to be passive plain text yield root access? Just receive and store the damn text, don't try to interpret it! If other apps want to peek into received messages and perform actions on that, fine, but this is just Outlook all over again!

Simple.. you send the message -

root ...

Apples Newest Product...

[Sfing_ter]

The iPwn. Be the first on your network to get iPwned.

Pwn Different!

Just Pwn.

http://www.screenprintingasap.com/EBAY/ipwn/ipwn_a.jpg [screenprintingasap.com]

Cancel Texting

[joNDoty]

I recently canceled texting completely on my iPhone 3GS. Texting fees are outrageous and I'm not putting up with them anymore. If you want to text me, send it to my email address. Your phone probably supports texting to an email address and you don't even realize it. You can also reply to free texts I send you and I get notified instantly.

Sure, I can't receive texts sent to my phone number, but that's a sacrifice I'm willing to make if I'm going to help my country kick this ridiculous habit of overpaying for tiny emails.

Re:

[Tony Hoyle]

Very, very few phones support email, and those that do mostly don't come with setups to talk to a compliant SMTP server, because nobody uses it. I once tried to make a nokia do it.. 'its easy' said the fanboys. 3 days later I gave up.. and that's with control of my own SMTP server and the ability to reflash the firmware to enable the email options.

Email is dead, anway. If you want to wade through penis enlargement adverts sure keep using email. Everyone else has moved on.

Re:

[DarkJC]

Well it's a little different because a lot of people, even if they have email on their phones, don't have push email either. SMS is nice in the sense that, because it's part of every phone, it's pretty much guaranteed to be an immediate notification unless said person has their phone off. That's something that email can't replace any time soon.

I agree that the prices for SMS and MMS messaging are outrageous for what they are though. I pay $30/month for 6GB of data, and you're trying to tell me that I sho

Sounds more like an FBI Backdoor than an exploit

[Jackie_Chan_Fan]

Sounds more like an FBI Backdoor than an exploit.

Oh but dont worry, the federal government has your interest at heart.

easy to stop on att just have them block txt.

[Joe The Dragon]

easy to stop on att just have them block txt.

the real bad part about this is that if you don't have a txt plan some one can spam you and you pay $0.20 per in coming txt how ever this may be a good thing as if this goes big time then they may be forced to make incoming free.

Re:

[FTWinston]

Yikes, I had no idea they charged to [i]receive[/i] ... thats crap! Do they charge you to receive calls too?

Re:

[san]

I thought it sucked too, in the beginning, but the upside is the cell phone has a normal telephone number with a real area code.

Calling somebody on a cell phone costs the same as calling somebody on a land line, so the cell phone carriers can't do the scam they're pulling off in Europe, where calling a cell phone in a different country is an order of magnitude more expensive than calling a landline in that same country.

I was happy to pay to receive calls because of that (the per-minute rate is pretty low).

Re:

[DarkVader]

Yeah, it sounds bad at first, but the upside very much overcomes the downside.

And throw in that cell phones in the US don't have long distance charges to anywhere else in the US (and that's a lot of land to cover) and it's really a better deal here.

And you can even port a landline number to a cell phone, since they're not charged differently to call.

Oh, and don't forget, we have several unlimited calling options, it's about $100/month and then you never have to worry about per minute charges again, incoming

Re:

[san]

True: calling a lot isn't too expensive in the US: it's calling a little that's (relatively) expensive. The last time I checked the cheapest plans were around $30 a month.

In Europe I've had plans for about $15 a month that allow me to call for about 250 minutes (counted in seconds, so a 15 second call is counted as a quarter minute) in the country, or more than an hour to anywhere in Europe or North America. AFAIK There's nothing comparable in the US.

Re:

[supernova_hq]

I Canada we get charged for incoming and outgoing calls and outgoing texts. They used to charge for incoming texts, but I believe the government stepped in (because ALL incoming texts in Canada are now free).

Re: Worse than that

[Douglas Goodall]

Back when I owed credit cards, I became concerned I was about to go over my minutes in my plan. So I powered down my cell, but the carrier continued to bill me for incoming calls from creditors using overtime minutes and sent me a bill for hundreds of dollars. Beware.

Re:

[Short Circuit]

Any privilege elevation exploit will benefit anyone seeking elevated privileges on your equipment. This included law enforcement, the mafia and your mom.

Nice little bit of paranoia you've got going there.

Re:

[Culture20]

Any privilege elevation exploit will benefit anyone seeking elevated privileges on your equipment. This included law enforcement, the mafia and your mom.

My mom's a dirty cop working for the Mafia, you insensitive jerk!