Control iPhone via SMS
Analysts have discovered a technique to take total control over an iPhone only by sending special SMS messages and demonstrated it on my iPhone at the Black Hat security meeting on Wed. . Though an assailant could exploit the hole to make calls, thieve information, send texts, and do essentially anything that I should do with my iPhone, the analysts were kind and simply rendered it temporarily inoperable.
Here’s what occurred : While I was speaking on the telephone to Charlie Miller, his partner, Collin Mulliner, sent me a text from his telephone. One minute I’m chatting to Miller and the following minute my telephone is dead, and this time it’s not ATT’s fault. After some seconds it came back to life, but I wasn’t ready to make or receive calls till I rebooted.
The assault is enabled by a major memory corruption bug in the way the iPhone handles SMS messages, expounded Miller, a senior security analyst at Independent Security Evaluators. There’s no patch, notwithstanding the undeniable fact that Apple was alerted of the problem about 6 weeks back, he expounded.
All current versions of the iPhone operating system are influenced. In the more latest research, Android-based telephones were revealed to be in a similar fashion susceptible to an SMS attack, only an assailant could briefly knock the telephone off the cell network but not gain control, according to Mulliner, who’s getting his PhD at the Technical University of Berlin.
Google patched the hole last week inside a day or two of being alerted of the difficulty, he related. For the assault to work, an assailant must send tons of SMS control messages, which are dissimilar from regular SMS messages, according to Miller. Only the first SMS could be seen, he announced.
The analysts will demonstrate the attack on an Android telephone and an iPhone during their show on Thu. Prior iPhone attacks needed an assailant to lure the iPhone user to go to a malignant site or open a malicious file, but this attack needs no effort on the part of the user and needs only that an assailant have the victim’s telephone number, Miller expounded.
Once within a victim’s telephone, the assailant could then send an SMS to any one in the victim’s address book and spread the assault from phone to telephone, he announced. Formerly , Miller discovered a hole in the mobile version of Safari right after the iPhone was launched in 2007 and early on in the year he won a contest at CanSecWest by exploiting a hole in Safari. Asked what an iPhone user can do when attacked, Miller replied : “Rebooting wouldn’t be a bad concept.
It might stop all but the most up-market assailant. However, it doesn’t take but a 2nd to snatch all of your private data from the device, and as fast as you turn it back on, the bad guy could attack you again. That’s why I suspect this is so serious.