SMS Hack Could Make iPhones Vulnerable 254
mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."
Binary Encoded Messages (Score:5, Interesting)
Is this why they were distracting us yesterday? (Score:5, Interesting)
As I recall Apple (DRM) was stating that jailbreaking cellphones was something to be done by terrorists who want to destroy cellphone infrastructure.
Interesting that a SMS message can destroy apples;)
Lots can be done... (Score:4, Interesting)
So little can be done, except power off your iPhone to avoid being hacked
Little can be done... except block such messages entirely at the provider level. When the attack vector is clearly defined, it's easy to scan for it.
Weird article. (Score:1, Interesting)
Gotta love the way things get prioritized to create an attention-grabbing headline.
"Though Miller and Mulliner say they notified Apple about the vulnerability more than a month ago, the company hasn't released a patch..."
OMG, ONE WHOLE MONTH! Oh, and by the way, "...in the last 18 months, cybercriminals have begun using text messages to send links to malicious Web sites that infect the phone with malware, says Mikko Hyppönen, an F-Secure researcher. One seemingly-Chinese variant, known as 'Sexy View' and currently targeting the Symbian operating system, is far more threatening than an iPhone attack, given that around 50% of cellphones use Symbian, [emphasis added] Hyppönen says."
Miller also says "Texting applications' insecurity isn't due to the software's complexity so much as the security community's inattention and the expense of sending thousands of text messages to test a phone's security..."--um, I have an unlimited texting plan (AT&T, USA) and it's... well, I forget how much, but it's not a lot.
That said, a) it shouldn't be that hard to lock down an app whose main job is to send, receive, and display TEXT, and 2) because of that, I hope Apple issues a fix for this soon.
Re:Good (Score:2, Interesting)
Re:Text character? (Score:4, Interesting)
Re:Lots can be done... (Score:4, Interesting)
Re:Binary Encoded Messages (Score:3, Interesting)
Correct me if I'm wrong, but since the SMS messages have to go through the carrier towers, can't this character be "cleaned" from the message there before it even hits the phone?
What if I want to use that character legitimately?
Re:Binary Encoded Messages (Score:2, Interesting)
Cleaning the character at the carrier could prevent problems spreading to the phone and be a "quick fix", but doesn't make it go away, the phone would need to release a patch eventually, then you can use your Unicode heart character (or whatever else char it is) in your text messages again.
Re:Binary Encoded Messages (Score:1, Interesting)
One vendor released a fix, one vendor did not (yet). The open or closed nature of the platform had nothing to do with it in this case, it is not as if Joe Nobody fixed the flaw for all Android users from his basement.