SMS Hack Could Make iPhones Vulnerable 254
mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."
Re:Binary Encoded Messages (Score:5, Informative)
Read about this yesterday (Score:5, Informative)
FYI: It's not that one character can break your iPhone, it's about 512 text messages sent at your phone, causing certain buffer overflows. The proof on concept ended up where the slew of messages (apparently arrived at originally by fuzzing) winds up only showing one visible character (appears as a box).
The author said that it could probably be refined so that it wouldn't send anything that would show up.
500 or so un-seen text messages, and you're iPwned.
Gotta love the Black Hat Briefings.
Re:Binary Encoded Messages (Score:4, Informative)
Re:Lots can be done... (Score:3, Informative)
That makes absolutely no damned sense. At some point it has to hit the carrier's network, otherwise the phone can't receive it in the first place.
Re:Lots can be done... (Score:4, Informative)
Re:Perhaps the more ridiculous thing (Score:3, Informative)
You can turn off SMS: contact AT&T and tell them to disable SMS for your phone number. This is exactly what I've done and I highly recommend it. I save $5/month in texting charges, and I can still send and receive texts for free. Here's how:
1. Sign up for Google Voice.
2. Tell people your new Google Voice "texting" number (and use it for voice if you want).
3. Buy Prowl at the App Store for $2.99
4. Push your Google Voice SMS messages to your iPhone via Prowl. You can do it with Fluid and a script [morouxshi.com] on a Mac.
5. ???
6. PROFIT!!! (free texting)