Researchers have discovered a flaw within Apple"s iPhone SMS feature, an exploit that could allow a hacker access to your iPhone, disabling it and rendering it utterly useless. The exploit was publicized today at Black Hat cybersecurity conference in Las Vegas today.
Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how they can disable any iPhone via a simple SMS. The exploit sent consumers into pandemonium, questioning if they should shut off their iPhone"s as of Thursday, when the exploit was demonstrated and documented to the public. The exploit shows up on the victims device as a single square character.
Dwight Silverman from chron.com explains that the risk of consumers iPhone being compromised is very slim. The hacker will only be able to disable your iPhone if they send an SMS directly to your phone, making it harder is that they would need to spam every phone on the market hoping to hit an iPhone.
The report left by the researchers leaves gaps that must be filled in by attempted hackers in order to properly execute the attack, something that will eventually be discovered. Dwight also suggestions that the time needed to write a program to mass attack iPhone"s on the market would require about two weeks to write the code.
Apple has reportedly had a month to fix the hole and release a patch to consumers, but has yet to do so. Since the demonstration and publication of the attack, Apple may delay the release of their new iPhone 3.1 firmware update to include a patch to fix the flaw in the iPhone SMS feature.
In theory, all consumers are safe for at least another two weeks until experts predict they will see this attack surface in the wild, unless Apple can patch the flaw by then.