[scorpiodsu]

Already a patch out for the hack. Wonder when the other GSM device manufacturers will release theirs.

http://www.theiphoneblog.com/2009/07...os-301-itunes/

[armedtank]

I downloaded it, but it breaks the PurpleRa1n jailbreak so i'm going to wait a while. I think the RedSn0w jailbreak is working, but I need a few more people to check it out first. If I get a text message with a little square, then i'll get worried.

[berryquest]

great thread

[avt123]

Just installed it. I really love how Apple gets fixes out in a timely fashion.

[armedtank]

Used And Enthused � Blog Archive � Completely Impractical Smartphone SMS Attack Panics Nation.

A huge buzz preceded the presentation by Charlie Miller and Collin Mulliner at the famous �Black Hat� cybersecurity conference in Las Vegas. The pair claim to have discovered a way to take over a smartphone, such as an iPhone or Windows Mobile phone, using nothing more than SMS. According to the San Francisco Chronicle, �A pair of security experts have found a vulnerability in the iPhone that allows a hacker to take control of an iPhone through a text-message attack.� Even scarier, the attack uses �a series of mostly invisible SMS . . . bursts,� the Chronicle said.
Here are the real facts:

1. Yes, in theory, a hacker could take over your smartphone. Could be an iPhone, as the Chronicle�s lead paragraph and headline said. Could be a Windows Mobile phone.
2. There is no such thing as a �mostly invisible� SMS message. You would receive a normal-seeming SMS message that should show up on your phone just like any other.
3. You would know you are being hacked because you will receive SMS messages that contain empty square characters (I guess this is what the Chronicle means by �mostly invisible�; by that standard, the letter o is mostly invisble). If at that point you delete the messages or turn off your phone or go into Airplane mode, the attack will not succeed.
4. The attack requires 512 SMS messages, presumably delivered rapid-fire. That makes an attack against a single victim fairly noticeable and possibly expensive. An attack against more than a small number of smartphone users would be cost-prohibitive. Even �unlimited� SMS plans have their limits.
5. The attacker needs the phone numbers of enough smartphones to make this worth his while. Sending the attack to landlines or regular cellphones would merely run up his costs and raise his profile. This effectively limits the attack to �whales.�
6. The 512 SMS messages must all survive until all of them have been received by the victim. If the victim deletes even one of these messages, the exploit fails.
7. Cell phone companies actually care about SMS spam and have countermeasures in place. Leaky, lousy countermeasures, to be sure, but they would be foolish to allow their networks to be take over by zombie phones. Surely they could filter out all �mostly invisible� messages.

It is disturbing that this attack is possible, even given these constraints. You just don�t think of SMS as a security hole. Thank goodness Apple has already patched against this exploit. But get a grip, people.

[Zipster]

Just installed it. I really love how Apple gets fixes out in a timely fashion.

You do know that the two guys who found this exploit did it 6 weeks ago, right? Black Hat was just the first official forum where they could get all the major players in a room together.

Not here to troll but to provide information.

[stuaw11]

So? Was ANY device ever hacked with this in the wild?

Everyone wants to make a big stink like this is the next Y2K about how many days vs. weeks, yet not one person in the public has proven to have been harmed or attacked with this bug on any platform. So how does time frame really matter honestly? Fixed is fixed.

I dont know where I read it now, but the one researcher was quoted saying it took him, with knowledge of the exploit, over 2.5 weeks to write the code for the demo. Meaning it would have been weeks before someone out there could replicate it. So how long it took Apple or how short it took Google is really a moot argument

[Zipster]

So? Was ANY device ever hacked with this in the wild?

Everyone wants to make a big stink like this is the next Y2K about how many days vs. weeks, yet not one person in the public has proven to have been harmed or attacked with this bug on any platform. So how does time frame really matter honestly? Fixed is fixed.

I dont know where I read it now, but the one researcher was quoted saying it took him, with knowledge of the exploit, over 2.5 weeks to write the code for the demo. Meaning it would have been weeks before someone out there could replicate it. So how long it took Apple or how short it took Google is really a moot argument

True that now fixed is fixed, there isn't anything more to say about it. But remember, hindsight is 20 / 20. I just remember reading that the two original guys made a stink about it to Apple all the time ago and Apple just ignored them. Google patched Android in about a day after they were notified back then.

If someone told me they found a security problem that had the potential of ruining one of my most important products, I'd rather explore what they had to say than sit on my *** and wait for an official forum to roll around. Maybe it's just me, but I'd rather error on the safe side.

[stuaw11]

We also dont know how long Apple was working on it. Remember the update here is a whole new OS image, while Android I believe was just a small patch file. Theres a big preparation time difference between the 2 methods, and we have no way to know when each began to work on it. Its like putting together a 150kb security patch for your desktop vs compiling it into XP and releasing a whole new OS upgrade. The latter is a lot more difficult and time consuming.

Could Apple have done a small patch file? I dont know. I dont know much about OSX or the iphone's platform to know if that's possible or what else was fixed in the 3.0.1 update in addition.

[Zipster]

We also dont know how long Apple was working on it. Remember the update here is a whole new OS image, while Android I believe was just a small patch file. Theres a big preparation time difference between the 2 methods, and we have no way to know when each began to work on it.

Could Apple have done a small patch file? I dont know. I dont know much about OSX or the iphone's platform to know if that's possible or what else was fixed in the 3.0.1 update in addition.

I was just about to ask you that when you noticed your updated reply!

If all 3.0.1 fixes is this hole, the theoretically, all Apple needed to do was unpack the OS image, make the small edit in the code and then repackage it.

Hopefully a programmer can step in and shed some more light.

[stuaw11]

Yeh no one knows yet what else was changed, but people love to pass judgment before knowing all the facts of course.

[Zipster]

Yeh no one knows yet what else was changed, but people love to pass judgment before knowing all the facts of course.

As far as I've been reading, it's only to fix this hole and as a side-effect, kills 1 of the 2 jailbreaks.

But for something that had the potential to cause a lot of damage, it usually is better to handle it as a big issue and then learn later that it might not have been as bad as you thought.

512 texts (I've only read that one source so far)? Sure it might seem impossible for this hack to work. But 512, single character texts really isn't that hard for an automated program to push out.

I have a lot of friends who leave their iPhone charging at night on silent to keep the dings of texts from disturbing them. An attack at 3 am would easily go unnoticed.

[slaming]

Plus don't forget lot of people don't do the minor updates so I would say it still leaves a vast majority of the iphone users with the flaw in programing this isn't apples fault but if apple did a press release that a flaw in security had been found in the system and that they advise all iphone users to update to the latest os imediatly to avoid this problem. I recon all iphone users would then update and the problem would be completely solved.

Posted from my CrackBerry at wapforums.crackberry.com

[Zipster]

Plus don't forget lot of people don't do the minor updates so I would say it still leaves a vast majority of the iphone users with the flaw in programing this isn't apples fault but if apple did a press release that a flaw in security had been found in the system and that they advise all iphone users to update to the latest os imediatly to avoid this problem. I recon all iphone users would then update and the problem would be completely solved.

Posted from my CrackBerry at wapforums.crackberry.com

That's actually a good point...

I have 3 roommates with iPhones. They don't sync up their phones with iTunes all that often, so I'm wouldn't be surprised if they didn't even know that this exploit exists and a patch is out to fix it.

[slaming]

I mean I know releasing that info would give apple a bad rep but not releasing that info then getting load of hacked phones when they knew about this all along would give them and even worse rep.

Posted from my CrackBerry at wapforums.crackberry.com

[stuaw11]

Plus don't forget lot of people don't do the minor updates so I would say it still leaves a vast majority of the iphone users with the flaw in programing this isn't apples fault but if apple did a press release that a flaw in security had been found in the system and that they advise all iphone users to update to the latest os imediatly to avoid this problem. I recon all iphone users would then update and the problem would be completely solved.

Posted from my CrackBerry at wapforums.crackberry.com

I agree thats a good point. Most people dont install the small patch updates, but if they know a new OS is out, theyll be more prone to install it.

Plus Apple pushes the liability off of them if they say well theres a new OS to fix that, were not responsible if you didnt update to the newest OS. It was right there in itunes to auto download and install.

Its a lot harder when theres some little patch you have to expect the novice users to understand.

[slaming]

I understand how apple can say the patch was there but if I was in charge of apple now I would have as many thing out there to try and help my coustomers. Surely this is simple buisness because if u don't treat your costomers well they will move to another brand unless apple belive there product is so good that people don't care about customer service surely the can add something to the begging of when app store open or something that would easily work and people are always going into app store and if one iphone user saw it s/he would tell their fellow iphone buddies and the problem would be completely cleared.

Posted from my CrackBerry at wapforums.crackberry.com

[armedtank]

Yeh no one knows yet what else was changed, but people love to pass judgment before knowing all the facts of course.

I've read that it gives Safari a noticeable speed boost.

[Zipster]

I've read that it gives Safari a noticeable speed boost.

If that's true, I can see Apple spinning it like:

Apple Rep: SMS hack exploit fix? What SMS hack exploit? 3.0.1 is to improve the rendering capabilities of our Safari browser.

[slaming]

So apple do have good buisness tactics they had probly fixed this ages ago just were thinking of something to improve it to cover it up. But surely they can make up some bugs and say they were fixed

Posted from my CrackBerry at wapforums.crackberry.com

[Card Storm]

I think apple has a great business strategy that allows them to cover up there mistakes and lose all liability. Just because they quickly made this new patch means nada. In my eyes apple has failed to actuality reach out to there consumers and publicly speak to them about this hack, it potential harm, and how EXACTLY the patch works to fix the issue. Rather than just throwing out something to keep customers mouths shut. In my eyes when a company waits that long to put out a patch for a security flaw eventually their slow responses to issues with their "perfect" phone will come to bite them in the *** down the road. The phone is still vulnerable despite your claims. I won't be surprised if a new hole is discovered in the next few months.

[slaming]

Its kinda like smashing ya mams best vase then buying a new vase to put where she used to keep it. It won't take her long to find out. So sooner or later this will be in the news probly first the techy mags and show then the papers and news. Its just a matter of time. Soon as this can hit any phone everyone needs to know this as that leaves the biggest market "dumb phones" soon as these don't come with updateable firmware there is no way to protect these from the bug.

Posted from my CrackBerry at wapforums.crackberry.com

[avt123]

You do know that the two guys who found this exploit did it 6 weeks ago, right? Black Hat was just the first official forum where they could get all the major players in a room together.

Not here to troll but to provide information.

I know that, but didn't no one know how to do it until they announced how to do it at Black Hat?

[shawnomega]

It's good they fixed it. Way to be on the Ball Apple.

[Zipster]

I know that, but didn't no one know how to do it until they announced how to do it at Black Hat?

If two leading hacking experts called or knocked at my door telling me I have a security issue, I'd want to hear what they had to say ASAP.

It's just by good fortune that no one else in that period found out how to do it. Lets say, for the sake of argument, that some one else did and used it. Apple had its warning, but didn't do anything. That would be a big hit on both their product and credibility to the customer.

It's good they fixed it. Way to be on the Ball Apple.

Fixed, but it still requires the user to go an do the update. Until they do that, the hole still exists on their phones. I believe the vast majority of the iPhone users have no idea that this exists and will carry on their merry way. Though the media is starting to report this more, so that should help.