Get Smart about Business Spending
Researcher hopes Apple fixes possible iPhone SMS security hole
A security researcher said on Thursday that he hopes that Apple has a fix later this month for what he believes could be a vulnerability in the iPhone that could allow an attacker to gain control of the device remotely via SMS, according to IDG News Service.
An attacker could exploit a possible weakness in the way iPhones handle SMS (short message service) messages to do things like use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet, Charlie Miller, co-author of The Mac Hacker's Handbook and principal security analyst at Independent Security Evaluators, said in a presentation at the SyScan conference in Singapore.
Miller said he plans to give a more detailed presentation on the hole at the Black Hat conference in Las Vegas at the end of the month.
Despite the SMS hole, which "could be a critical vulnerability," the iPhone is more secure than OS X on computers, Miller said. That is because the iPhone doesn't support Adobe Flash and Java, only runs software digitally signed by Apple, includes hardware protection for data stored in memory, and runs applications in a sandbox, he said.
Apple representatives did not immediately respond to an e-mail request for comment.
Correction at 8:45 p.m. PDT July 29:This post was updated to correct that the researcher said he hopes Apple will fix the flaw, not that it will.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Mac users: strap on your rubber helmet.
Welcome to the real world where no-one is perfect.
but people need to spin to make Windows look better
one things for sure nothings perfect
the worst being Windows !
Historically yes; but in the last few years they've done good work.
Mac users need to be proactive about their security and demand transparency from Apple.
Security though denial won't save you.
You see, the anal control over the iPhone that people lament about Apple, that it is so restricted, that all apps must go through Apple, that there is no multi-tasking of third party apps, etc. is basically the ONLY way to secure an OS.
Windows and Mac OS are not secure because they are extensible and customizable. Customers can install crapware and malware if they want, without Apple or MS testing it out. They can install programs that have access to all levels of services. With that freedom comes vulnerability.
So which is it, trolls (on both sides). Do you want a limited function, "state controlled" system like the iPhone for all your computing needs, or do you want freedom? Because freedom comes with responsibility, and vulnerability.
All processes are run as root on the iPhone. There is no security built into the device. That's why it's important to make sure you don't have any holes open to exploit in the first place because you can't do anything about it after they get in. An SMS exploit is a rather big one. The sad part is that you would never even know if your phone was compromised or not, sending your personal data out to the world without your knowledge. :/
Good for Apple to close this hole, and I hope they do similar with any others they haven't told us about yet.
somehow my Macbook never gets infected with anything
and I haven't heard of anyone being infected ever !
a large majority of Macs run without any form of protection
and yet there hasn't been any attack yet ! even after all these years !
am I missing something
Oh yeah the usual marketshare FUD
then How come Windows 7 beta was among the first to create a botnet ?
Apple does good with addressing the problem and looking for a fix. Hope they get it out fast, my friend is freaking out.
Keep sweeping it under the rug mac fanboys.
seven7dust I can ask you the same question if Mac is godly secure why is their a botnet just consisting of OSX machines? I mean its a smart move too because these things will never be detected as long as Mac users stay in denial and think they can run through walls.
as usual your twisting my words
did I say it was godlike secure
all I'm saying is that people like Charlie Miller
make it sound like it's the worst POS ever full of holes etc.
but this just isnt the case for me and 99% of Mac users
Criminals don't want to take down your system. They want to keep it up and running and keep you in the dark about it. A running system can be sold for resources online. If they tip you off that you're compromised, they might lose the machine on the network.
Do you examine your system for unusual activity? Do you check the logs? How would you even know you were compromised? Now that is scary.
If your Mac is unprotected, how would you even know if you've been infected with a virus, trojan, etc., if there is nothing to detect it?
Seriously these guys deserve a cookie for holding out so long !
Not the Pre, security through obscurity :)
The exploit can not turn on GPS, turn on the microphone, or do anything else of the sort. It can only (temporarily) disrupt the phone's service; the service is restored a moment later.
Had the C-Net reporter bothered to read the Web site of the person who found the exploit, she would see that the guy who found the exploit has said he has not yet determined if the flaw allows remote code execution, but that a hypothetical flaw that did allow remote code execution might possibly be able to do things like enable the microphone or GPS tracking--which is a far cry indeed from "An attacker could exploit a weakness in the way iPhones handle SMS (short message service) messages to do things like use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet."
The IDG report that this story was obviously cribbed from contained numerous factual errors, which the researcher it was written about, Charlie Miller, quickly corrected. Other online news agencies that copied the IDG story soon issued retractions and clarifications. Pity that C-Net didn't.
'Swiss-cheese"
Interesting fact, a new microwave carrier called Zero1 challenged him to hack these new devices and he couldn't, and said he probably wouldn't be able to since they use microwave high speed data, not voice as most other cell carriers use.
Simply put, when he said he could not hack it, I said I want it, and he laughed, and he said he is way ahead of me, and he was distributor given he has sold so many hack and jailbreak software, he knows these same people will want a secure mobile and internet connection, and since this is an all wireless system, and so cheap in comparison, I too became distributor. lol
Here is a link to an investigative report he was interviewed for, so check it out, it is a real eye opener, I know it was for me. Heck, who in their right mind would use an obsolete iPhone when they can have every known application available on a new microwave 2100 giga hertz frequency with better security than Home Land Security has. lol
http://www.youtube.com/watch?v=uCyKcoDaofg
If this doesn't scare people, nothing will. Best of all, not only is this new carrier hack proof, it is far less expensive, I am saving over 60% and am getting ten times more features and totally unlimited voice, text, data, TV and internet
www.Low-Cost-Wireless.com
- by Growverde July 8, 2009 8:38 PM PDT
- Ok so on Friday last week I tried putting my iPhone into the belt clip and it missed the bottom clips and slide down my leg to the cobblestone sidewalk. No biggie! I thought as it has a plastic case to protect it fromlittle bumps. As it slides down my leg to the ground slides about a foot and comes to a rest with a little slow flip to it's face. When I went to pick it up the glass was shattered, luckily I had the non glare film on and it kept the glass in place, so now to the point of the article. I went to the store showed them my phone they responded "we have to charge you $199 to replace it." I said "fine" and off my phone went to the back! When the apple store rep came back he asked me " u got this phone recently right?" and I said "ya fathers day" he shook his head and kept working when he handed me my new face and the paper work, it read total charge $0.00!!!!!!! ***!!!!? He did not charge me for the new glass apple is the best!!!!
- Like this Reply to this comment
-
(26 Comments)