“Apple has [less than] a day left to patch a bug in it’s [sic] iPhone software that could let hackers take over the iPhone, just by sending out and SMS (Short Message Service) message,” Robert McMillan reports for IDG News Service. “The bug was discovered by noted iPhone hacker Charlie Miller, who first talked about the issue at the SyScan conference in Singapore. At the time, he said he’d discovered a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code.”
“Since, then he’s been working hard, and he now says he’s able to take over the iPhone with a series of malicious SMS messages. In an interview Tuesday, Miller said he will show how this can be done during a presentation at the Black Hat security conference in Las Vegas this Thursday with security researcher Collin Mulliner,” McMillan reports. “‘SMS is an incredible attack vector for mobile phones,’ said MIller, an analyst with Independent Security Evaluators. ‘All I need is your phone number. I don’t need you to click a link or anything.'”
McMillan reports, “Miller reported the flaw to Apple about six weeks ago, but iPhone’s maker has yet to release a patch for the issue. Apple representatives could not be reached for comment, but the company typically keeps quiet about software flaws until it releases a patch.”
Full article here.
Phillip Elmer-Dewitt reports for Fortune, “”The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they’ve also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices. Another pair of SMS bugs in the iPhone and Google’s Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says.”
Full article here.
Apple just released a new version of the iPhone sdk – it could be a patch… that’s all I’m sayin’
Patch it Apple!
I hope it is quick, this is not good for the iPhone’s credibility. The news stated the bug for the iPhone only, nothing on others.
Crossing the fingers on this one.
“”Apple has [less than] a day left to patch a bug in it’s iPhone software . . .”
So, Robert McMillan is a professional writer that cannot distinguish between “its” and “it’s.”
How very pathetic.
Again . . . “it’s” = “it is”
“its” = the possessive pronoun (as in “The dog licked its paw.”)
And we should listen to this guy?
@NGC598
Thanks, but we don’t need your take on the news.
Apparently, you missed the part of the news wherein it stated WinMo and Android were also affected by the SMS bug.
@ G4Dualie
NGC598 is probably referring to the fact that the headline of the article states only that the iPhone is affected by the SMS bug.
One must read deep into the article to find any mention of the Windows vulnerability.
I have no doubt that Windows-centric tech shows are reading/reporting this story and highlighting only the Apple part, and not even bothering to mention that Windows can also be affected in this way.
As usual, a potential Apple exploit is big news.
Windows vulnerabilities are just “Dog Bites Man” stories.
so if I just don’t give my phone number to a hacker i’m safe? how is this relevant and/or news? i don’t think any of the people in this world that have my phone number are hackers.
@Rocket Scientist:
Wow, the guy makes one typo (one which spellcheck doesn’t catch) and suddenly his entire argument is baseless? I do hope you were kidding; otherwise your a one bigg ass—-.
@Ottawa Mark
and you feel his calling out on a frustrating trend, deserves him a name calling by you?
The guy prefaced his criticism against the ‘professional writer’ tag which deserves better scrutiny, than, say, writing casually on a blog forum.
It would have been better, if you called him out on his mishandling the ellipses, maybe.
English not spoken/written here.
Just block SMS capability with your cell provider. Problem solved.
@krquet
“otherwise your a one bigg ass”
I’m guessing that your “error” was deliberate.
Thank you! Someone has tonstand up for good grammar. Kudos!
Interesting – neither article mentions AT&T at all. You’d think the fact that SMS is still not available for the iPhone in the US thanks to AT&T would have some small bearing on this story.
But then, once you’ve got sensational headlines about taking over iPhones to consider, apparently actually looking into a relevant part of the story like that is to far off the radar of today’s schlock journalists.
…oh crap, it’s MMS that’s not yet available, isn’t it? Dagnabbit, why can’t they just say “text messaging” instead of SMS? Ignore my previous rant…
@Gabriel I was just about to make fun of you, nice save.
@Limey
In your excitement, I’m presuming, you’ve quoted someone else thinking it was me.
Meanwhile, how often do we come across a situation where one tries to correct someone, gets corrected by someone else who in turn gets it wrong as well. Or wait…
I thought his exploit only worked on iPhone OS 2.2.1. He wasn’t sure if it would even work on 3.0
I wonder if the carriers can just block the SMS messages as “suspicious”
Hello.
Fellow grammar nazi here.
While I will forgive the occasional typo here and there, I do agree that a professional writer should be held at a higher standard.
In any case though, doesn’t this guy have an editor?
A comma is required after “case.”
This exploit only affect v2.x. Does not affect iPhone version 3. What a joke… this is in the same vein as the “airport wireless” exploit last year where you had to load some 3rd party driver… to be able to exploit the Mac.