X
Tech
Home Tech Hardware

iPhone executes SMS binary code as root

A security flaw has been discovered in the iPhone OS that could allow attackers to gain root access to the iPhone OS and allow them to install and execute malicious programs at will.Charlie Miller announced the discovery of the vulnerability during a presentation at the SyScan conference in Singapore on Thursday.
Written by Jason D. O'Grady, Contributor

sms-root.jpg
A security flaw has been discovered in the iPhone OS that could allow attackers to gain root access to the iPhone OS and allow them to install and execute malicious programs at will.

Charlie Miller announced the discovery of the vulnerability during a presentation at the SyScan conference in Singapore on Thursday. DailyTech explains:

The iPhone apparently automatically executes binary code sent in SMS messages.  Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles.  While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.

Miller wouldn't provide specific details nor would he demonstrate the vulnerability stating that he has entered under an agreement with Apple. He'd only say, "SMS is a great vector to attack the iPhone."

Update: Apple said that it will release a fix by the end July and Miller has agreed to hold off on releasing details of his attack until then. He will present the attack at the Black Hat USA 2009 conference which runs from July 25-30 in Las Vegas. Miller is the author of The Mac Hacker's Handbook.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Placeholder product image alt text

The best AI image generators to try right now

Microsoft Copilot

The best AI chatbots: ChatGPT isn't the only one worth trying