Thu, 02 Jul 2009 Apple patching serious SMS vulnerability on iPhone (UPDATED)
iPhone is more secure than MacOS X-based computers, but SMS may be a critical weakness
Apple is working to fix an iPhone vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the phone.
The attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said security researcher Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday. He didn't provide a detailed description of the SMS vulnerability, citing an agreement with Apple.
Miller, the principal security analyst at Independent Security Evaluators, is an authority on MacOS X security, and is a co-author of The Mac Hacker's Handbook. He and another security researcher, Colin Mulliner, discovered the SMS vulnerability together.
The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network.
"I don't have a working exploit for it, just a suspicious looking crash," Miller said.
The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet, Miller said.
Apple is working to patch the vulnerability and expects to have a fix ready later this month, before Miller discusses the attack in greater detail during a planned presentation at the Black Hat USA conference in Las Vegas.
Despite the SMS vulnerability, the stripped-down version of MacOS X used in the iPhone makes it more secure than computers running the full-blown operating system, Miller said.
For starters, the stripped-down version of the OS presents fewer options for attackers, removing applications and features such as support for Adobe Flash and Java, which they might otherwise be able to exploit for vulnerabilities. In addition, the iPhone includes hardware protection for data stored in memory and the phone is designed to only run software code that has been digitally signed by Apple.
The iPhone also requires applications to run in a sandbox, a security feature that isolates them from other applications and limits their access to the phone's capabilities. But SMS offers a way for attackers to get greater access to the phone's capabilities, Miller said.
"SMS is a great vector to attack the iPhone," he said.
Most often used to send brief text messages between cell phones, SMS can also send binary code to an iPhone, which then processes the code without any user interaction. Each SMS message is limited to 140 bytes, but longer sequences can be sent to the phone as multiple messages that are automatically reassembled.
This feature allows larger programs to be delivered to a phone, Miller said.
In addition, vulnerabilities found in the iPhone's SMS function give an attacker root access to the handset, Miller said. That's not the case for the iPhone's other applications, such as its browser, where vulnerabilities only give an attacker access to the application's sandbox.
"The iPhone is more secure than OS X, but SMS could be a critical vulnerability," Miller said.
Check out our new Macworld Mobile site.
Follow Macworld UK on twitter: www.twitter.com/macworlduk
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/mac/news/index.cfm?RSS&NewsID=26490
<<prev article | back to news index | next article>>
Latest News
- Is Apple testing a new iPhone model?
- Simon's Cat and ustwo intros Purrfect Pitch iPhone app
- Pub fined over illegal downloads via public open Wi-Fi connection
- iPod zombies blamed for UK road deaths
- XChange adds MadeToPrint with Imposition to Quark BOGOF deal
- Next gen iPhone seeks to take maps to "the next level"
- LogMeIn preview beta version of LogMeIn Pro2 for Mac, seeks user feedback
- European ISPs hit out at secret ACTA negotiations
- Incipio join iLounge Pavilion line-up for CES 2010
- Reminder: Apple live web seminar with Virtual Aviation, 2 December
- Apple moves to kill second Psystar lawsuit
- Borders start closing down sales, put 1150 jobs at risk
iPhone 3G S Video Review
Related News
- OFT: Apple agrees to improve terms and conditions
- Black Friday - Apple Store UK one-day sale starts, up to £71 off (Updated)
- Apple Store down as Black Friday starts
- Almost half of US desktop PC revenue is Mac
- Apple posts guidelines on 27-inch iMac’s Target Display mode
- Psystar promised investors huge clone sales
- Apple asks judge to shutter Psystar's clone business
- Apple's Schiller talks App Store, approval process
- Apple confirms special one-day shopping event this Friday - 27 Nov
- Health risks of second hand smoke voids Apple warranty claims report
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Macworld reader poll
Based on the rumoured features, will you be buying an Apple Tablet?:
Have your say in the
Macworld forums!
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Orbitsound |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
 |
Latest Version of Final Cut Studio and Final Cut Server now available - Special Offer !! |
 |
World's most secure PIN protected portable hard drive |
 |
FREE 30-day trial. Announcing New FileMaker Pro 10. Sleek new look. Intuitive new design. |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
 |
50% off ebooks |
Comments received
James said on Fri, 03 Jul 2009
What's the point of marking this as "(UPDATED)" when you don't even tell us what the updates are?
Michael said on Fri, 03 Jul 2009
Would you not need to know the address you are sending a SMS to in the first place? You can't be a security researcher if you cannot find anything.
Click here for the latest reader comments
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.