iPhone executes SMS binary code as root
Summary: A security flaw has been discovered in the iPhone OS that could allow attackers to gain root access to the iPhone OS and allow them to install and execute malicious programs at will.Charlie Miller announced the discovery of the vulnerability during a presentation at the SyScan conference in Singapore on Thursday.
A security flaw has been discovered in the iPhone OS that could allow attackers to gain root access to the iPhone OS and allow them to install and execute malicious programs at will.
Charlie Miller announced the discovery of the vulnerability during a presentation at the SyScan conference in Singapore on Thursday. DailyTech explains:
The iPhone apparently automatically executes binary code sent in SMS messages. Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles. While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.
Miller wouldn't provide specific details nor would he demonstrate the vulnerability stating that he has entered under an agreement with Apple. He'd only say, "SMS is a great vector to attack the iPhone."
Update: Apple said that it will release a fix by the end July and Miller has agreed to hold off on releasing details of his attack until then. He will present the attack at the Black Hat USA 2009 conference which runs from July 25-30 in Las Vegas. Miller is the author of The Mac Hacker's Handbook
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
why people go down the path
You're such a geek LOL :D
Don't listen to the voices in your head! :)
No need to worry
This guy, Miller, is clearly overstating the severity of this issue.
No, iPhone is NOT UNIX based
We also know that iPhone OS [b]is[/b] OS X.
Therefore, iPhone OS isn't just UNIX based, it [b]is[/b] UNIX.
Therefore, it is immune to all malware.
At least I think that is how the logic goes.
[i]This guy, Miller, is clearly overstating the severity of this issue.[/i]
I agree. By breaking into OS X within seconds at each PWN2OWN, it is obvious that Miller is just an M$ $hill who hates Apple.
Therefore he must be lying about this issue.
At least I think that is how the logic goes.
Actually, I think the logic is...
Carl Rapson
Good point
Of course, then you need to come to grips with the fact that this brilliant guy hates Apple. :)
NZ Of course you know Charlie Miller is a Mac User right?
You say "Of course, then you need to come to grips with the fact that
this brilliant guy hates Apple. "
But of course you know C. Miller is Mac User.
Tom's Hardware article:
Charlie Miller:
"I usually work on a pretty old MacBook that I've upgraded the hard
drive on. Its been the computer that I had both times at Pwn2Own and
its been in many countries with me like Korea, Japan, Australia,
Malaysia, and of course, Canada"
" I don't know what I?ll do with my new MacBook Pro, but I definitely
won't retire my trusty MacBook."
Alan (the interviewer) : " I recently switched to a Mac myself and wrote
about it for Tom's Hardware (and had a lot of angry readers)"
-----
and of course he's stated many times over the reason he could so
quickly hack into Safari in pwn2own was because he had spent a lot of
time preparing his exploit.
Charlie M:
"Yes, I took down the Mac in under a minute each time. However, this
doesn't show the fact that I spent many days doing research and
writing the exploit before the day of the competition. It only looks
Hollywood because you don't see the hard work in the preparation. If
you set me down in front of an application I've never seen before and
told me I have 2 minutes to hack it, as is often the case in movies, I'd
have no more luck than your grandma at accomplishing it. Well,
maybe a little more of a chance, but not much!"
Running as root is like opening the door
permissions is like opening the door and walk away.
ONE reason this will probably not attack is that SMS'es cost money and
can easily be stopped at service provider level.
No OS is secure, particularly when running as Root
naw....
Does this mean that iPhone OS is flawed by design?
Just a flawed feature I think
of view. You actually could SMS one or a bunch of phones to change
some settings or something without direct interaction with iTunes.
However this "feature" can easiy be misused, it is like logging in to root
in Terminal and then walk away. Actually, leaving the front door open as
anyone is able to send you an SMS.
In other words its a huge oversight and yet another Apple security fail
That's just common sense.
Bingo! Give the man the prize.
One documented security issue
Per my post later in this thread, I'm curious as to how many other similar issues the other mobile platforms have had... Let's not single out just one, let's examine ALL of them just to be fair.
No, <b>96</b> (this will be 97th) documented security issues
Similar issues on Windows Mobile:
WM 6.x: 2 less critical: http://secunia.com/advisories/product/14717/?task=advisories
WM 5.x: 0 vulnerabilities: http://secunia.com/advisories/product/14716/
I think I would get a little suspicious
SMS messages. This is not exactly a stealth attack.
Nothing to see, move along now!
Whay appologize for Apple