Yesterday, we wrote about a serious security flaw that could allow a remote attacker to take control of the victim’s iPhone by sending a specially constructed SMS message. The vulnerability will be publicly demonstrated and explained in a couple of hours at the Black Hat security conference held in Las Vegas, and yet Apple hasn’t released a patch of any sort.
As researchers who had found the bug, Charlie Miller and Collin Mulliner explain at the Black Hat conference website,
“We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices. This method does not use the carrier and so is free (and invisible to the carrier).“
And while security advisories such as this one appear on a monthly basis, often not being very dangerous to the general public, this threat seems to be real. The attack was demonstrated on the iPhone of Cnet’s Elinor Mills; here’s her explanation of how this attack works in practice:
“Here’s what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I’m talking to Miller and the next minute my phone is dead, and this time it’s not AT&T’s fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.“
Although Miller and Mulliner mention Android and Windows Mobile phones as well, it seems they’re actually about to present several SMS-based attacks. A vulnerability in Android was promptly fixed by Google, while another vulnerability in HTC’s code (company that makes Android and Windows Mobile-based phones) can render the phone useless, but it doesn’t allow the attacker to take control of it. iPhone’s security flaw, enabled by a memory corruption bug in the way it handles SMS messages, is by far the most serious.
Currently, the only thing you can do to stop the attack is watch for odd-looking SMS messages (empty or containing a single square character) and turn off your iPhone quickly if you see one. It all sounds quite scary; we’re hoping to see a quick patch from Apple. If this hack spreads – and big ones usually do – it might be a serious risk for every iPhone owner.