Forbes is reporting that two researchers plan to reveal an un-patched iPhone bug that could virally infect phones via SMS.
The hijack was discovered by iPhone hacker Charlie Miller. Miller is a well known security researcher, famous for hacking a Macbook within seconds earlier this year at Pwn2Own 2009.
Miller plans to unveil the attack methods during a talk he is holding at tomorrow's Blackhat security conference in Las Vegas. Miller claims he is able to take over the iPhone with a series of malicious SMS messages. "This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."
The flaw
The flaw exploits an issue with the way the phone handles SMS messages. The attack developed by Miller works by exploiting a missing safeguard in the phones' SMS software that prevents code in the messages' text from overflowing into other parts of the device's memory where it can run as an executable program. Miller and his colleague Collin Mulliner plan to demonstrate how a series of 512 SMS messages can exploit the bug, with only one of those messages actually appearing on the phone, showing a small square. If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Miller advises turning the phone off as soon as possible.
The series of SMS messages will give hackers complete power over any of the smart phone's functions. This includes dialing the phone, visiting Web sites and sending SMS messages.
According to Miller, Apple has been made aware of the issue but no patch has been put in place.
Windows Mobile affected too
Miller also claims he has found a bug in Microsoft's Windows Mobile devices that that allows complete remote control of the device. Miller discovered the bug last Monday and it's currently un-patched by Microsoft. It's not clear whether Miller plans to unveil full details of the Windows Mobile bug tomorrow or limited details until Microsoft has been made aware.
54 Comments - Add comment