SMS Hack Could Make iPhones Vulnerable 254
mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."
Re:Binary Encoded Messages (Score:5, Insightful)
This was detailed a few days ago -- more details on http://www.computerworld.com/s/article/9136008/Some_SMS_networks_vulnerable_to_attack [computerworld.com]
How many times it needs to be said.. *never* trust the client.
Re:Is this why they were distracting us yesterday? (Score:5, Insightful)
Actually, that's exactly what I was thinking.
Once you've taken over someone's iPhone in this manner, it seems to me you've got more power to use the thing than the original owner had (unless they had Jailbroken their phone already).
Interestingly enough, this vulnerability is in the factory-spec iPhone - it doesn't require it to have been jailbroken.
So, yeah, Apple claims they're jailing your phone to protect you from bad guys and to protect the infrastructure from you, but this goes to prove that the only thing they're protecting are their (and AT&T's) pockets.
All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.
~ducking~
Well... (Score:2, Insightful)
Won't someone think of the cell phone towers? (Score:5, Insightful)
If this hack lets unapproved apps run, then what's going to keep the cell towers from being shut down on a massive scale? Doesn't this make Apple guilty of harming national security?
Re:Lots can be done... (Score:5, Insightful)
Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.
Or, maybe the iphone SHOULDN'T EXECUTE UNTRUSTED UNSIGNED UNAUTHENTICATED CODE THAT ARRIVES BY SMS.
Or maybe google will use this flaw to deploy google voice onto iphones now that apple banned them.
Isn't it sad that EVERYONE ELSE has more control over the iphone than fanboi who bought it.
Re:App Store (Score:4, Insightful)
Re:Binary Encoded Messages (Score:1, Insightful)
Not all the vulnerabilities are as bad though.
The Iphone can be compromised by SMS.
Windows Phones can be compromised by SMS.
Android Phones can have their wifi knocked out.
Re:Weird article. (Score:4, Insightful)
This is remote code execution and extremely serious. The headline is understated for the possible severity of the impact. In other words: if Microsoft had the dominant smartphone on the market with the image the iPhone has, you know this crowd would be screaming bloody murder and piecing together fallacy-ridden freshman-level rants on monopolies.
Re:App Store (Score:5, Insightful)
So, never.
fixed that for you :D
Re:That's okay. (Score:2, Insightful)
Does someone need a hug?
As Per (Score:2, Insightful)
So, is the iPhone the only phone that matters, or is it just too hard for submitter NOT to use Apple and the iPhone to get attention?
Re:Is this why they were distracting us yesterday? (Score:2, Insightful)
A sufficiently experienced user can replace his liver; I'll bet Steve Wozniak could do it.
Yeah, but it would void his warranty
Re:Binary Encoded Messages (Score:5, Insightful)
In other words, Android, the open platform, patched before iPhone, the closed platform.
Yet I still occasionally run into people trying to claim that the iPhone being closed is somehow good, as it's more secure.
Re:In other news... (Score:3, Insightful)
The parent wasn't trying to be funny, please mod Insightful.
Re:Text character? (Score:2, Insightful)
How do we keep making the same design mistakes?
Re:Read about this yesterday (Score:2, Insightful)
There is a confusion of functions here. The purpose of a carrier is to carry messages, not to refuse them. Much better for the carrier to do its job and let the client decide whether or not it wants to accept the message.
Re:Read about this yesterday (Score:3, Insightful)
Perhaps the more ridiculous thing (Score:3, Insightful)
Is you can't turn off SMS on the iPhone. At least I haven't found out how. I don't particularly like SMS, it costs me money to receive texts, and I have an flippin iPhone, why would I need it when I can email, IM, tweet, etc? Yet here we have an SMS back door and the only solution is to shut down the entire phone because there's no way to disable SMS by itself.
Re:Binary Encoded Messages (Score:3, Insightful)
If there is a vulnerability with said character, then just using it would not be legitimate until the problem was fixed on the phone firmware.
I haven't seen anything saying what the character is (and more saying that the character being displayed is just a side effect of the crack, not actually the vulnerability). But, that aside, if a legitimate character affects a vulnerability on a *single device*, the service provider has no business breaking legitimate uses of that character by the majority of people (i.e. those that don't own an iphone).
As much as you may like to believe that there is no legitimate use for non-ASCII characters, you are wrong. I already get pissed off that there is no way to enter a "Å" character into my P900 (a bit of a pain since that character appears in my street address.).
Cleaning the character at the carrier could prevent problems spreading to the phone and be a "quick fix", but doesn't make it go away, the phone would need to release a patch eventually, then you can use your Unicode heart character (or whatever else char it is) in your text messages again.
By that mentality, all ISPs should block all web traffic every time a security hole in Internet Explorer is found. Blocking everyone from going about their business because a minority device has a bug is unacceptable, especially since the vendor was informed a month ago and has done nothing to fix the problem. To make things even worse, if they did decide to filter such messages, they would disappear into a black hole - SMS provides no functionality to inform the sender that a message has been blocked.
Re:Lots can be done... (Score:4, Insightful)
Re:Perhaps the more ridiculous thing (Score:3, Insightful)
But please let me turn this off!
Re:Binary Encoded Messages (Score:3, Insightful)
Those are other claims. If you want to talk about them, we can, but it's getting a bit offtopic.
It seamlessly syncs with my calendar, address book, etc.
Is that not true on Android?
Browsing the web works quickly and pages render pretty well.
Are you really going to tell me that's unique? Both Android and iPhone use Webkit-based browsers.
Even in the event that my iPhone gets hacked by a vulnerability apple fails to fix, I won't regret my decision.
That sounds very much like a fanboi or astroturf position. You won't regret it? Not even for a moment?
Tell me... just how much would Apple have to screw up for you to regret it?
There's no worthwhile information on it to steal, and it gets backed up every time I plug it in (every day).
That tells me you're either naive or a naive asshole.
Suppose someone cracks your phone and uses it to send thousands of spams via your 3G connection, or thousands of spammy text messages. The former will run up a huge bill and piss off network admins, and the latter will run up a huge bill and alienate all your friends.
Or suppose they only use it as a carrier -- any wifi network you connect to, you'll infect all nearby PCs. Chances are, you'd never be caught, but it still doesn't really make you a good citizen.
Or suppose it gets infected with something that then exploits something on your PC (or Mac, to be fair), and then, later, nukes _all_ your data? Do you have the backup backed up? Even if you do, is that really something you want to risk?
The absolute dumbest statement anyone can make about security is "I'm not a target," or "I have nothing to lose."
Now, I'm not suggesting you should immediately throw out your iPhone, or that it was necessarily a bad choice. But your arguments here sound more like rationalizations -- it sounds more like you are starting to regret it, and you're trying to justify it to yourself, to reassure yourself that you made the right decision.