Forgot your password?
typodupeerror
Cellphones Businesses Security Apple

SMS Hack Could Make iPhones Vulnerable 254

Posted by CmdrTaco
from the up-against-the-wall-and-spread-'em dept.
mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."
This discussion has been archived. No new comments can be posted.

SMS Hack Could Make iPhones Vulnerable

Comments Filter:
  • by Algorithmn (1601909) on Thursday July 30, 2009 @10:17AM (#28881703) Homepage
    I saw this one coming. Some cell phones cannot distinguish between a moble provider sending binary encoded XML enabled SMS messages or an attacker through an SMS gateway. Amateur security model/practices.
    • by sopssa (1498795) * <sopssa@email.com> on Thursday July 30, 2009 @10:20AM (#28881749) Journal

      This was detailed a few days ago -- more details on http://www.computerworld.com/s/article/9136008/Some_SMS_networks_vulnerable_to_attack [computerworld.com]

      How many times it needs to be said.. *never* trust the client.

    • by clang_jangle (975789) on Thursday July 30, 2009 @10:20AM (#28881775) Journal
      Apparently it's not just the iPhone affected. FTFA:

      The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices. Another pair of SMS bugs in the iPhone and Google's Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.

      • so the bug can knock the user off the wireless network, eh? some sort of denial of service for cell phones? almost like they are being jammed? [dealextreme.com]
      • by SanityInAnarchy (655584) <ninja@slaphack.com> on Thursday July 30, 2009 @12:07PM (#28883335) Journal

        In other words, Android, the open platform, patched before iPhone, the closed platform.

        Yet I still occasionally run into people trying to claim that the iPhone being closed is somehow good, as it's more secure.

  • by Anonymous Coward on Thursday July 30, 2009 @10:17AM (#28881709)
    In other news, the same SMS hack can be used to make headlines appear with wrongly used verbs...
  • App Store (Score:5, Funny)

    by oldspewey (1303305) on Thursday July 30, 2009 @10:18AM (#28881725)

    Want to pwn every apple smartphone in the world?

    There's an app for that.

  • by pushing-robot (1037830) on Thursday July 30, 2009 @10:20AM (#28881779)

    The technique involves sending only one unusual text character

    Let me guess: "Q". Damned "Q".

  • by DigitalSorceress (156609) on Thursday July 30, 2009 @10:21AM (#28881789)

    FYI: It's not that one character can break your iPhone, it's about 512 text messages sent at your phone, causing certain buffer overflows. The proof on concept ended up where the slew of messages (apparently arrived at originally by fuzzing) winds up only showing one visible character (appears as a box).

    The author said that it could probably be refined so that it wouldn't send anything that would show up.

    500 or so un-seen text messages, and you're iPwned.

    Gotta love the Black Hat Briefings.

    • by emag (4640) <slashdot@@@gurski...org> on Thursday July 30, 2009 @11:42AM (#28882983) Homepage

      500?! Egads, that's gonna cost a _fortune_ at today's txting rates!

      • Re: (Score:3, Funny)

        by d3ac0n (715594)

        unless you have an unlimited plan.

      • by Tony Hoyle (11698)

        Say I don't have an unlimited plan (which nearly everyone does, but..)

        SMS costs £0.04 on average. Let's say you're on a really expensive pay as you talk plan and it costs 3 times that.. so £0.12.

        £60

        Hardly a 'fortune' if you're planning to take out a phone anyway.. and unlimited plans on pay as you talk cost far less than that anyway so you'd never pay that even in the worst case.

    • by Sandbags (964742)

      ...and the carrier doesn't have a facility in place for limiting the number of text messages sent to a particiular device in a given time frame? say max of 1 in any 2 second interval??? ...and they can't simply block SMS messages that contain non-standard characters in certain known formats that could be exploits??? i know they can filter by sender, receiver, zip code, and pretty much any other relational expression i could come up with. Prior to getting my iPhone, i auto-blocked everything text related

      • Re: (Score:2, Insightful)

        by BrokenHalo (565198)
        ...and the carrier doesn't have a facility in place for limiting the number of text messages sent to a particiular device in a given time frame?

        There is a confusion of functions here. The purpose of a carrier is to carry messages, not to refuse them. Much better for the carrier to do its job and let the client decide whether or not it wants to accept the message.
    • Yeah, and with the service I get, they'll send them to me and I'll only get half of them, then I'll get 2 more a week every week, all out of order.

  • As I recall Apple (DRM) was stating that jailbreaking cellphones was something to be done by terrorists who want to destroy cellphone infrastructure.

    Interesting that a SMS message can destroy apples;)

    • by DigitalSorceress (156609) on Thursday July 30, 2009 @10:30AM (#28881937)

      Actually, that's exactly what I was thinking.

      Once you've taken over someone's iPhone in this manner, it seems to me you've got more power to use the thing than the original owner had (unless they had Jailbroken their phone already).

      Interestingly enough, this vulnerability is in the factory-spec iPhone - it doesn't require it to have been jailbroken.

      So, yeah, Apple claims they're jailing your phone to protect you from bad guys and to protect the infrastructure from you, but this goes to prove that the only thing they're protecting are their (and AT&T's) pockets.

      All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.

      ~ducking~

      • by Bemopolis (698691) on Thursday July 30, 2009 @10:57AM (#28882373)

        All this from a company where the CEO's liver is replaceable, but the battery in your phone or laptop is not.

        The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.
        <\memekiller>

        • Re: (Score:2, Funny)

          by machine321 (458769)

          The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.

          A sufficiently experienced user can replace his liver; I'll bet Steve Wozniak could do it.

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            The battery in the iPhone and laptop are replaceable, just not by the owner. This was also the case for Steve's liver. JOKE FAIL.

            A sufficiently experienced user can replace his liver; I'll bet Steve Wozniak could do it.

            Yeah, but it would void his warranty

          • by pegdhcp (1158827)
            Maybe they should invite (=forcibly drag into the office) Woz for an overall engineering supervisory position.
      • by chord.wav (599850)

        Aside of the stupid joke about a man's health. I agree with everything.

  • Lots can be done... (Score:4, Interesting)

    by John Whitley (6067) on Thursday July 30, 2009 @10:25AM (#28881857) Homepage

    So little can be done, except power off your iPhone to avoid being hacked

    Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

    • by Anonymous Coward on Thursday July 30, 2009 @10:47AM (#28882195)

      Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

      Or, maybe the iphone SHOULDN'T EXECUTE UNTRUSTED UNSIGNED UNAUTHENTICATED CODE THAT ARRIVES BY SMS.

      Or maybe google will use this flaw to deploy google voice onto iphones now that apple banned them.

      Isn't it sad that EVERYONE ELSE has more control over the iphone than fanboi who bought it.

    • by Fnord666 (889225)

      Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.

      Except that since the carrier gets $0.15 per msg here in the good old US, they have no incentive to block these messages. In fact, many of them have insisted that they have no ability at all to identify and block individual messages.

      • by Talennor (612270)

        In fact, many of them have insisted that they have no ability at all to identify and block individual messages.

        They may be telling the truth that they don't have that kind of capabilities. However, that's just an obvious implementation oversight. For something as much an embedded system as a cell phone (lacking firewalling capabilities on its own) and tied so closely to the cellular networks, they should have designed something akin to snort rules for anything in packet based communications so they could filter attacks at the network level. It's not rocket science. It's just how you protect networked systems tha

    • by FelxH (1416581) on Thursday July 30, 2009 @11:27AM (#28882787)
      According to the previous article [blackhat.com], they have found a way to send sms messages without any provider: "This method does not use the carrier and so is free (and invisible to the carrier)". So blocking at the provider level won't work unfortunately
  • by johnthorensen (539527) on Thursday July 30, 2009 @10:25AM (#28881861)
    Apparently Apple was going to require *two* unusual text characters for the iPwn hack, but Steve Jobs insisted that this would be too complicated for their users.
  • by 6Yankee (597075) on Thursday July 30, 2009 @10:29AM (#28881915)
    ...sex offenders start a mass SMS-sending campaign...
  • by FlyingSquidStudios (1031284) on Thursday July 30, 2009 @10:29AM (#28881923) Homepage
    No one ever sends me SMS messages, so I'd be flattered they noticed me if I was hacked. So lonely...
  • by blind biker (1066130) on Thursday July 30, 2009 @10:32AM (#28881971) Journal

    It is here:

  • Well... (Score:2, Insightful)

    by dburkland (1526971)
    Being an iPhone owner it makes me feel all warm and fuzzy inside knowing my $300 phone that is so much better than the rest can be brought to its knees by an SMS message. GG Apple.
  • by transporter_ii (986545) on Thursday July 30, 2009 @10:34AM (#28881999) Homepage

    If this hack lets unapproved apps run, then what's going to keep the cell towers from being shut down on a massive scale? Doesn't this make Apple guilty of harming national security?

    • by Sandbags (964742)

      Doesn't this make AT&T guilty for allowing texts in the system that could not be possibly sent by human beings? SMS is by policy not to be used by automated systems without AT&Ts express authority. Why is this Apple's fault (Or google's, since it also effects Android, and I'm sure shortly will be ANOTHER hack effecting symbian via SMS).

  • Why worry? (Score:5, Funny)

    by PPH (736903) on Thursday July 30, 2009 @10:34AM (#28882005)
    I, for on am not concrnd. It's simply a mattr of not snding that charactr. Crtainly, a company lik Appl can hav it xcludd from th alphabt. And thn w can just gt on with our livs, njoying our iPhons.
    • Re: (Score:2, Funny)

      by Midgarn (1447063)

      I, for on am not concrnd. It's simply a mattr of not snding that charactr. Crtainly, a company lik Appl can hav it xcludd from th alphabt. And thn w can just gt on with our livs, njoying our iPhons.

      What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?

      I, fr n am nt cncrnd. It's simply a mattr f nt snding that charactr. Crtainly, a cmpany lik Appl can hav it xcludd frm th alphabt. And thn w can just gt n with ur livs, njying ur iPhns.

      What happns whn th hackrs dcid t switch t a diffrnt charactr? Hw will Appl rspnd thn?

      h.

      • by PPH (736903)

        What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?

        '' guss Appl wll rally b fuckd f ts th '' n ''Phon.

      • Re: (Score:3, Funny)

        by D Ninja (825055)

        What happns whn th hackrs dcid to switch to a diffrnt charactr? How will Appl rspond thn?

        ppl will kp rmving chrctrs frm th lphbt. Thy r ppl. Thy cn d whtvr thy wnt.

    • by MrNemesis (587188)

      Your sig mad my iPhon cordump. Stv Jobs nds to snd you in for rducation in th ways of Appl.

  • by spydum (828400) on Thursday July 30, 2009 @10:44AM (#28882149)

    +++ATH0

  • by yellowstone (62484) on Thursday July 30, 2009 @11:12AM (#28882563) Homepage Journal
    If you survive the initial peril (the next thirty hours or so), then there are obvious procedures that can give relative safety: Do not accept High Beyond protocol packets. At the very least, route all communications through Middle Beyond sites, with translation down to, and then up from, local trade languages.
  • So, one rotten character is spoiling the bunch, then?

  • As Per (Score:2, Insightful)

    by His Shadow (689816)
    The SMS hack affects many phones and many systems. Nothing in the wild, no plague of users infected or crashed or harmed. But let's run it as if the iPhone is the only one infected, and Apple somehow is a laggard for not releasing a patch. Then later, we'll talk about whether the problem is universal.

    So, is the iPhone the only phone that matters, or is it just too hard for submitter NOT to use Apple and the iPhone to get attention?

    • Note that Symbian, which owns over 70% of the market, was conspicuously absent from the list of affected mobile phone operating systems.
  • Soo the iPhone is a threat to cell phone towers?
  • Whether you are a carrier of cellular service, or a provider of phones, seeing as you want to totally take control away from your clients, then you best make sure YOU'RE up to date with security, else face a multi-faceted lawsuit.

    Being that TELUS closes off access to such things as phone configuration where you could just disable your SMS service if you wanted to, then the onus falls on them to incorporate better security.

    As well having an iPhone means you are bound to the terms laid down by Apple, which me

  • by vitaflo (20507) on Thursday July 30, 2009 @02:38PM (#28885743) Homepage

    Is you can't turn off SMS on the iPhone. At least I haven't found out how. I don't particularly like SMS, it costs me money to receive texts, and I have an flippin iPhone, why would I need it when I can email, IM, tweet, etc? Yet here we have an SMS back door and the only solution is to shut down the entire phone because there's no way to disable SMS by itself.

    • Re: (Score:3, Insightful)

      by westyvw (653833)
      Agreed, paying for texts in principal is wrong, but off the charts of stupid if you have internet. I want the damn thing off. Send me an email, open a chat, or *gasp* call me.

      But please let me turn this off!
    • Re: (Score:3, Informative)

      by joNDoty (774185)

      You can turn off SMS: contact AT&T and tell them to disable SMS for your phone number. This is exactly what I've done and I highly recommend it. I save $5/month in texting charges, and I can still send and receive texts for free. Here's how:

      1. Sign up for Google Voice.
      2. Tell people your new Google Voice "texting" number (and use it for voice if you want).
      3. Buy Prowl at the App Store for $2.99
      4. Push your Google Voice SMS messages to your iPhone via Prowl. You can do it with Fluid and a script [morouxshi.com] on a Mac

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...