iPhone Vulnerability Yields Root Access Via SMS 186
snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."
At least SOMEBODY has full access to my iPhone! (Score:5, Informative)
That's just great. I can't use all the features of the iPhone because it is crippled by the providers, but any dumbass can get root by SMS?
If I had "bought" one (I consider the current way of getting it as rent-to-own), I would be pissed.
SMS limit isn't 140 characters (Score:5, Informative)
SMS has a limit of 160 characters, not 140. Twitter has a 140-character limit because of its SMS-interface which leaves 20 characters for commands etc. in addition to the message.
Seems to affect other smart phones as well ... (Score:5, Informative)
Re:Can't Carriers Stop this? (Score:1, Informative)
if any of you had RTFA:
allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices. This method does not use the carrier and so is free (and invisible to the carrier). .
the key is "this method does not use the carrier"
you're welcome
Re:Ouch! (Score:3, Informative)
Re:Well there's your problem! (Score:3, Informative)
Actually, they do MMS just fine.
But I wouldn't expect you to know that.
Re:Depends how you define characters (Score:2, Informative)
You're correct. And to complete it:
So, in this case it's 134 bytes and not 140 since the payload probably doesn't fit in a single 140 bytes.
Not likely (Score:1, Informative)
The way it probably works (I am not 100% sure) is with the persistent Internet connection the phone maintains for push notifications support.
Re:i sense a disturbence in the force (Score:1, Informative)
Non only apple fanboys
Yes, only apple fanboys.
From: http://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Miller [blackhat.com]
We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices.
You'll note the specific absence of the phrases vulnerability or code execution in that description. And if you'd bothered to keep it in context, you would have included the next sentence, which mentions that the reason it's important is that this is the ability to inject SMS without using the carrier.
So yeah, it is only apple fanboys.
Re:Wonder how this goes together .. (Score:1, Informative)
http://www.theregister.co.uk/2009/07/02/critical_iphone_sms_bug/
This is an article that isn't full of the ridiculous hype bullshit that infoworld.com is printing.