07-31-09 10:51 PM
33 12
tools
  1. trucky's Avatar
    Hijacking All iPhones via SMS

    Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked. According to Miller

    Quote:
    This is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.

    Since Apple has yet to address this iPhone even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.

    This vulnerability should be heeded and patched by Apple asap (3.1 anyone?). Miller knows his stuff, he was the first one to remotely hijack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool

    via forbes thx steven and jcrod73 for the tip
    07-30-09 07:18 AM
  2. splinter81's Avatar
    Hm.... Any thoughts?
    07-30-09 07:25 AM
  3. Riders On The Storm's Avatar
    While I would never wish this upon an iPhone user, I would like to see this in action. Surprising Apple has yet to release an update. Apple is generally pretty good about that.
    Last edited by Riders On The Storm; 07-30-09 at 07:44 AM.
    07-30-09 07:39 AM
  4. petaf's Avatar
    thanx for this! scarey.
    07-30-09 07:49 AM
  5. Sith_Apprentice's Avatar
    You never do realize how secure the BlackBerry is until you see something like this. A simple SMS bug that Apple has had for months with no response. Gotta love it. Whats the point in a device if someone else can control it remotely when you dont want them to...
    07-30-09 07:52 AM
  6. fabuloso's Avatar
    Apple probably is making a fix to this already. Has it mentioned if the devoce has to run 2.0 or 3.0 to get hacked?

    Really is a shame that people are creating the iPhone into a joke by doing such things, but again, the iPhone is just a toy, not a business phone.

    Posted from my CrackBerry at wapforums.crackberry.com
    07-30-09 07:53 AM
  7. Sith_Apprentice's Avatar
    Another Story HERE

    You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today.

    iPhone expert Charlie Miller - who was able to control an iPhone two years ago with malformed code on a website - claims to have teamed up with fellow expert Collin Mulliner to highlight a text messaging flaw on the popular Apple mobile.

    If true, then the flaw allows a hacker to gain remote access to an iPhone using a humble text message.

    Reports suggest that the hack requires no input other than viewing the text message from the user, who simply sees a block character on his/her display, at which point the iPhone is under the control of the remote hacker.

    The researchers claim to have alerted Apple to the problem several months ago, but Apple has not patched the alleged security flaw.

    Infosecurity suspects that the security flaw will be patched rather quickly now.
    07-30-09 07:55 AM
  8. trucky's Avatar
    Makes the old bb look better every day, even with all the quirks and shortcomings...
    07-30-09 07:58 AM
  9. splinter81's Avatar
    Oh wow, I didn't think it was actually true until I just read the full article... Apparently WinMo has a similar bug, and Android had one that Google patched already...

    Good job RIM! (Or maybe ours hasn't been found yet...)
    07-30-09 07:59 AM
  10. TheOtherGuy's Avatar
    They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices
    07-30-09 08:01 AM
  11. TheOtherGuy's Avatar
    Apple probably is making a fix to this already. Has it mentioned if the devoce has to run 2.0 or 3.0 to get hacked?

    Really is a shame that people are creating the iPhone into a joke by doing such things, but again, the iPhone is just a toy, not a business phone.

    Posted from my CrackBerry at wapforums.crackberry.com
    This is specifically for 3.0
    07-30-09 08:02 AM
  12. Sith_Apprentice's Avatar
    You do have to love how the "old broken OS" never has these issues. Perfect something in how it works, THEN make it pretty. Symbian had a similar SMS issue where the phones could be frozen remotely with a command sent via SMS
    07-30-09 08:09 AM
  13. avacomputers's Avatar
    Can you imagine if Paris Hilton had an Iphone? Oh the pics. Just Kidding.
    07-30-09 08:18 AM
  14. Sith_Apprentice's Avatar
    Oh wow, I didn't think it was actually true until I just read the full article... Apparently WinMo has a similar bug, and Android had one that Google patched already...

    Good job RIM! (Or maybe ours hasn't been found yet...)
    Closed development system with requiring signing, and not allowing many of the CORE OS features to be accessed helps out on the security aspect
    07-30-09 08:21 AM
  15. MNotar91's Avatar
    That is scary. I bet Apple will have it patched up by the time 3.1 comes out.
    07-30-09 02:36 PM
  16. guitar2989's Avatar
    That is scary. I wonder who came up with the idea to execute a program through a sms text
    07-30-09 02:50 PM
  17. MNotar91's Avatar
    07-30-09 03:05 PM
  18. Wholesalestunna's Avatar
    I can't stand iphones because of the battery being built in. I can carry spares for my blackberry and love it!

    Posted from my CrackBerry at wapforums.crackberry.com
    07-30-09 03:10 PM
  19. Card Storm's Avatar
    Hijacking All iPhones via SMS

    Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked. According to Miller

    Quote:
    This is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.

    Since Apple has yet to address this iPhone even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.

    This vulnerability should be heeded and patched by Apple asap (3.1 anyone?). Miller knows his stuff, he was the first one to remotely hijack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool

    via forbes thx steven and jcrod73 for the tip
    I have a thread in the Rants and Raves section covering this same topic. it is called "iPhone users wetting pants" maybe the mods can merge this along with the other two threads about the same topic.
    07-30-09 03:19 PM
  20. Shake's Avatar
    This is clearly a new feature like cut and paste, right?

    Posted from my CrackBerry at wapforums.crackberry.com
    07-30-09 10:46 PM
  21. rharv3's Avatar
    One more reason why I'm now a CrackHead.
    07-30-09 10:58 PM
  22. FTWrath's Avatar
    Unless it's something actually cooked up by Apple to force users to upgrade to their next OS.
    Perhaps they're making a new OS that will not be so easily jailbreakable and will prevent people from loading apps onto it illegally.
    Maybe it's just a clever scheme.
    07-30-09 11:51 PM
  23. redman213's Avatar
    hijacking an iphone is useless to me however if you could send a txt to someones phone which cause's their phone to turn off that would be awesome!!!!!!!!!
    07-31-09 01:41 AM
  24. Devlyn16's Avatar
    As someone (much smarter than I) said on TBZ just locking a message to the screen that said "iPhone Security. Is there an App for that?" for about 5- 10 minutes would be brilliant.

    Others suggested a windows Logo would get the Mac Fanboys furious.
    07-31-09 09:45 AM
  25. Sighx's Avatar
    That is some seriously..sad..coming from Apple.
    That's what they get for mass producing such useless products ):

    iTOUCH FOR THE WIN LOL
    07-31-09 10:23 AM
33 12
LINK TO POST COPIED TO CLIPBOARD