iPhone Vulnerability Yields Root Access Via SMS 186
snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."
Re:easy to stop on att just have them block txt. (Score:1, Interesting)
It still never ceases to amaze me that US carriers get away with charging for INCOMING text messages.
Here in the UK we don't always get the best or cheapest service plans, but one thing that every plan from every provider has in common is that incoming standard text messages are free.
Re:Ouch! (Score:2, Interesting)
Re:Ouch! (Score:5, Interesting)
After all, if you can wipe the phone remotely, then that system has root access, does it not?
N.B. I am not a security researcher.
Re:Ouch! (Score:3, Interesting)
It's not a true SMS-to-root exploit. So far he's only been able to crash part of the device's software with it, he's still looking into whether it can be used to run arbitrary code.
Depends how you define characters (Score:4, Interesting)
And the case of binary data, you're dead wrong.
GSM SMS payload is 140 8-bit characters, or bytes, depending how you look at it.
The default SMS text encoding format uses 7-bits, and employs a bit-shifting algorithm to pack 160 7-bit characters in to 140 bytes. Binary formats can't use this compression, as, well, they need all eight bits.
Re:SMS? (Score:3, Interesting)
Any privilege elevation exploit will benefit anyone seeking elevated privileges on your equipment. This included law enforcement, the mafia and your mom.
Nice little bit of paranoia you've got going there.