Researchers take control of iPhone via SMS
Summary
Two security researchers have discovered a way to take complete control over an iPhone simply by sending a text message.
Topics
Researchers have discovered a way to take complete control over an iPhone simply by sending special SMS messages.
An attacker could exploit the hole to make calls, steal data, send text messages, and do more or less anything a person can do on their iPhone, researchers Charlie Miller and Collin Mulliner claimed at the Black Hat security conference in Las Vegas on Wednesday.
The attack is enabled by a serious memory corruption bug in the way the iPhone handles SMS messages, said Miller, a senior security researcher at Independent Security Evaluators. There is no patch, despite the fact Apple was notified of the problem about six weeks ago, he said.
The attack is similar to an SMS attack demonstration CNET News.com wrote about in April in which mobile security firm Trust Digital was able to send an SMS to a phone that opened up a web browser and directed the phone to a malicious website where malware could be downloaded.
In the more recent research, Android-based phones were found to be similarly susceptible to an SMS attack. However, while an attacker could temporarily knock the phone off the cell network, they could not take control, according to Mulliner, who is getting his PhD at the Technical University of Berlin. Google patched the hole last week within a day or two of being notified of the problem, he said.
Meanwhile, a bug in the code written by HTC that controls the user interface on Windows Mobile devices could also be exploited via the SMS messages to create a situation where there are no buttons to push, so the phone cannot be used, said Miller.
For the attack to work, an attacker must send hundreds of SMS control messages, which are different from regular SMS messages, according to Miller. Only the initial SMS may be seen, he said.
The researchers will demonstrate the attack on an Android phone and an iPhone during their presentation on Thursday.
Previous iPhone attacks required an attacker to lure the iPhone user to visit a malicious website or open a malicious file, but this attack requires no effort on the part of the user and requires only that an attacker have the victim's phone number, Miller said.
Once inside a victim's phone, the attacker could then send an SMS to anyone in the victim's address book and spread the attack from phone to phone, he said.
Previously, Miller discovered a hole in the mobile version of Safari shortly after the iPhone was launched in 2007, and earlier this year he won a contest at CanSecWest by exploiting a hole in Safari.
Researchers Collin Mulliner and Charlie Miller plan to demo the attack on an Android phone and an iPhone during their presentation on Thursday.
This article was originally posted on CNET News.
Just In
Would the start menu still be accessablebecause the htc interface (TouchFlo) does not block this and it remains in its normal form even if touch flo is turned on.
so you thought software produced by Microsoft were the only insecure ones? This is just reality, nothing is really secure
Apple has horrendous security. And it's only time before they are going to get whacked. Other than the US at less than 10% marketshare, Apple has virtually nothing around the world... no one wants to hack Macs.
Time and time again, it's proven to be quite easy. And now the iPhone can be totally taken over, by what, an SMS message. Lol.
Silly Apple fanboys.
Time and time again, it's proven to be quite easy. And now the iPhone can be totally taken over, by what, an SMS message. Lol.
Silly Apple fanboys.
Read the article - google fixed it almost immediately after being notified, apple still hasn't after almost two months.
The holes in SMS may not directly be apple's fault, but their slow response shows that apple really doesn't care about security.
It has been pretty well acknowledged by experts that Apple products are not inherently safer than non Apple products, but there is less incentive to create a virus.
Remember - viruses are like computer terrorist attacks. If a farm in Nebraska has never been hit by a terrorist attack does that mean it's got more security than the pentagon?
Apple is subscribing to the line of thought that, yes, the farm in Nebraska has much higher security than the pentagon, simply because there've been no attacks.
The holes in SMS may not directly be apple's fault, but their slow response shows that apple really doesn't care about security.
It has been pretty well acknowledged by experts that Apple products are not inherently safer than non Apple products, but there is less incentive to create a virus.
Remember - viruses are like computer terrorist attacks. If a farm in Nebraska has never been hit by a terrorist attack does that mean it's got more security than the pentagon?
Apple is subscribing to the line of thought that, yes, the farm in Nebraska has much higher security than the pentagon, simply because there've been no attacks.
there wasn't anything in this article that said MS closed a similar hole... so chill with the hate for Apple.
Maybe because WM didn't have the "hole"?
Why is it that you are on EVERY SINGLE Apple/ iPhone post bashing them like a rejected ZDNet blogger? I think you have iPhone envy issues...
LOLOLOLOLOLOLOL!!
Yet another reason I don't want an iphone.
Yet another reason I don't want an iphone.
So, is this because the iPhone has such big marketshare or because its security is the worst out of all the mobile platforms out there?
Oh, wait, I forgot that this doesn't count because this is only a proof of concept. No "bad guy" could ever figure this one out, only researchers can.
Oh, wait, I forgot that this doesn't count because this is only a proof of concept. No "bad guy" could ever figure this one out, only researchers can.
Android and Windows Mobile phones have a very similar issue. This article decided to focus on the iPhone because it brings in more views.
The issue with all three phone OS's is supposed to be shown.
The issue with all three phone OS's is supposed to be shown.
Let's compare the 3 issues, shall we?
iPhone - Send an SMS and attacker gets complete control over the phone
An attacker could exploit the hole to make calls, steal data, send text messages, and do more or less anything a person can do on their iPhone
Android - Send an SMS and knock the phone off the network but no control could be taken
while an attacker could temporarily knock the phone off the cell network, they could not take control
WM - Send an SMS and make HTC phone unresponsive to button presses but no control could be taken and this issue only affects HTC made phones so it isn't even correct to label this one as a WM flaw.
a bug in the code written by HTC that controls the user interface on Windows Mobile devices could also be exploited via the SMS messages to create a situation where there are no buttons to push
And you think these 3 issues are similar?!?! ROFL ROFL ROFL!!!
Stuka, do me a favour and from now on, whenever you see an article that highlights a flaw in an Apple product, I want you to think: How would I react if this was a Microsoft flaw? and go from there.
ROFL!!! I still can't get over how you think that taking complete control over a device is "similar" to being able to make a device unresponsive. To add insult to injury, check out this quote:
Once inside a victim's phone, the attacker could then send an SMS to anyone in the victim's address book and spread the attack from phone to phone, he said.
So this is a self replicating worm that requires no user interaction!!! But yeah, other than that, it is similar to making buttons unresponsive!
ROFL ROFL ROFL!!!
And finally we have the coup de grace:
There is no patch, despite the fact Apple was notified of the problem about six weeks ago, he said.
SIX WEEKS AND NO RESPONSE FROM APPLE!
iPhone - Send an SMS and attacker gets complete control over the phone
An attacker could exploit the hole to make calls, steal data, send text messages, and do more or less anything a person can do on their iPhone
Android - Send an SMS and knock the phone off the network but no control could be taken
while an attacker could temporarily knock the phone off the cell network, they could not take control
WM - Send an SMS and make HTC phone unresponsive to button presses but no control could be taken and this issue only affects HTC made phones so it isn't even correct to label this one as a WM flaw.
a bug in the code written by HTC that controls the user interface on Windows Mobile devices could also be exploited via the SMS messages to create a situation where there are no buttons to push
And you think these 3 issues are similar?!?! ROFL ROFL ROFL!!!
Stuka, do me a favour and from now on, whenever you see an article that highlights a flaw in an Apple product, I want you to think: How would I react if this was a Microsoft flaw? and go from there.
ROFL!!! I still can't get over how you think that taking complete control over a device is "similar" to being able to make a device unresponsive. To add insult to injury, check out this quote:
Once inside a victim's phone, the attacker could then send an SMS to anyone in the victim's address book and spread the attack from phone to phone, he said.
So this is a self replicating worm that requires no user interaction!!! But yeah, other than that, it is similar to making buttons unresponsive!
ROFL ROFL ROFL!!!
And finally we have the coup de grace:
There is no patch, despite the fact Apple was notified of the problem about six weeks ago, he said.
SIX WEEKS AND NO RESPONSE FROM APPLE!
...that they actually wanted to promote the iPhone for enterprise...
....its amazing how they can take something solid like BSD and put so many holes in it. So much for the so called ease of use the supposedly brought to *nix.
There was a story a while back about how Apple had coded the SMS parsing routines to run as "root". The kernel is faithfully doing everything it is asked to do within the security context that it has been passed. To do anything else would mean the kernel was broken. There are no holes in the kernel, it is working perfectly.
It was pointed out that the bug with WM was related to the HTC UI code.
And Google patched the issue within 2 days. Apple's is still running wild after weeks.
And Google patched the issue within 2 days. Apple's is still running wild after weeks.
Maybe if you left them out you might have sounded knowledgeable.
All depends on how you look at it. If a memory hole caused the problems, then I guess you could call the 3 cases similar... At least to that extent.
All depends on how you look at it. If a memory hole caused the problems, then I guess you could call the 3 cases similar... At least to that extent.
I'm glad this only happens to "unjailed" phones ....
Oh! Wait!
I'd better re-read the article and get the "facts" straight!
Oh! Wait!
I'd better re-read the article and get the "facts" straight!
OK, thanks for scaring us. But what should an IPhone owner do? Is there any work around - does the user have to open the SMS, or does the phone receiving it do the trick? Will disabling SMS messaging in your phone (which is probably used more than the voice capabilities for most of us now), stop the problem?
Switch to a more secure mobile platform. I would recommend Android, Pre, Symbian, or Windows Mobile.
To phones that suck??? Android, Pre, Symbian, or Win-Blow??? No way... The iPhone is a "dead-finger" device and those other phones don't even come close... Not gonna happen.
At a minimum Android and WebOS have long past the IPhone in functionality. If you're looking for a pretty phone then stick with the IPhone...oh I forgot...thats not even their selling point anymore after the HTC Hero drops. There simply isn't a point to using a phone that can only do one thing at a time anymore. And when they next Android update comes that adds VPN and Enterprise WEP...... Sorry IPhone. It'll still be a toy for the IPhools but the rest of us will be using real phones.
It can be completely taken over through SMS!
Oh, and its encryption can be completely broken in 2 minutes!
So let's give the iPhone credit where credit is due, none of those other "lousy" phones have either of those iFeatures.
Oh, and its encryption can be completely broken in 2 minutes!
So let's give the iPhone credit where credit is due, none of those other "lousy" phones have either of those iFeatures.
http://www.wmexperts.com/ihacker-charlie-says-winmo-risk-too
Windows Mobile is said to be equally effected, and in fact the WinMo
Experts state that it could be a bigger issue on the MS side because
they lack the streamlined update system incorporated into iTunes
Clearly this is bad, for everyone-iPhone, WinMo, AT&T and T-Mobile.
The only ones who look good in this seem to be the Freetards at
Google ( Cupcake patched the problem in Android) and the CDMA
carriers Verizon and Sprint (the problem is limited to GSM SMS). In
addition, Apple is probably making a mistake by remaining silent, but
in their defense we still haven't heard any specifics about which
versions of the iPhone OS are effected. IF they're still mum when we
know exactly who's at risk I'll be screaming on the phone at
AppleCare immediately
Windows Mobile is said to be equally effected, and in fact the WinMo
Experts state that it could be a bigger issue on the MS side because
they lack the streamlined update system incorporated into iTunes
Clearly this is bad, for everyone-iPhone, WinMo, AT&T and T-Mobile.
The only ones who look good in this seem to be the Freetards at
Google ( Cupcake patched the problem in Android) and the CDMA
carriers Verizon and Sprint (the problem is limited to GSM SMS). In
addition, Apple is probably making a mistake by remaining silent, but
in their defense we still haven't heard any specifics about which
versions of the iPhone OS are effected. IF they're still mum when we
know exactly who's at risk I'll be screaming on the phone at
AppleCare immediately
The issue with the WinMo is via the HTC software. There is also another issue which allows you to trick the phone via spoofing the source address of an SMS message but that is a carrier problem. None of these are anywhere close to how bad the iPhone bug is
"And when they next Android update comes that adds VPN and Enterprise WEP...... Sorry IPhone. It'll still be a toy for the IPhools but the rest of us will be using real phones."
Dude... Cisco had VPN software for the iPhone before it was officially launched. And WebX was out within a few months... Where?s the software for the HTC??? How many useful apps do they have... Yeah ?useful apps?? Or business administration tools that let you push config and wipe the phone remotely??? How many doctors will have Pharmacy apps or diagnostic Apps running on the HTC or any other phone for that matter? How many Doctors will send prescriptions to the pharmacy via an Andriod? There are more high end business Apps for the iPhone than all the rest of the phones put together. The iPhone is smoking everyone and more Apps are coming out daily.
Dude... Cisco had VPN software for the iPhone before it was officially launched. And WebX was out within a few months... Where?s the software for the HTC??? How many useful apps do they have... Yeah ?useful apps?? Or business administration tools that let you push config and wipe the phone remotely??? How many doctors will have Pharmacy apps or diagnostic Apps running on the HTC or any other phone for that matter? How many Doctors will send prescriptions to the pharmacy via an Andriod? There are more high end business Apps for the iPhone than all the rest of the phones put together. The iPhone is smoking everyone and more Apps are coming out daily.
I'm going to assume you have the username storm because of the BB storm... yes, the BB that RIM made as their answer to the iPhone and failed...
A real phone? Define a real phone.
Its it a mobile device that makes and receives phone calls? Funny my iPhone does both... so it sounds like a real phone so far.
Let's take it further and instead of the generic "phone" label, let's call it what it is - a smartphone. So is the iPhone a "real" smartphone?
A smartphone runs an OS something like WM, Andriod, WebOS, Symbian, iPhone OSX... wait, my iPhone runs iPhone OSX - looks like a real smartphone thus far.
Also a smartphone is capable of texting, MMS, tethering, mobile web useage, playing music, viewing movies and podcasts, GPS and turn by turn navigation, PIM, and just about anything that can be thrown at it... So far with the exception of MMS my iPhone does all of the above - tethering is accomplished by jailbreak and MMS is beign held up by AT&T so that part isn't quite Apple's fault... they DO share some blame for not including it initially but now the ball for that is with AT&T. So looks like my iPhone is indeed a real smartphone and a real phone.
Your post sir is completely irrelevant to the topic at hand and exists solely to troll the topic and rile up the Apple Faithful. As for me, I'm not an Apple fanboi, I just really love my iPhone.
A real phone? Define a real phone.
Its it a mobile device that makes and receives phone calls? Funny my iPhone does both... so it sounds like a real phone so far.
Let's take it further and instead of the generic "phone" label, let's call it what it is - a smartphone. So is the iPhone a "real" smartphone?
A smartphone runs an OS something like WM, Andriod, WebOS, Symbian, iPhone OSX... wait, my iPhone runs iPhone OSX - looks like a real smartphone thus far.
Also a smartphone is capable of texting, MMS, tethering, mobile web useage, playing music, viewing movies and podcasts, GPS and turn by turn navigation, PIM, and just about anything that can be thrown at it... So far with the exception of MMS my iPhone does all of the above - tethering is accomplished by jailbreak and MMS is beign held up by AT&T so that part isn't quite Apple's fault... they DO share some blame for not including it initially but now the ball for that is with AT&T. So looks like my iPhone is indeed a real smartphone and a real phone.
Your post sir is completely irrelevant to the topic at hand and exists solely to troll the topic and rile up the Apple Faithful. As for me, I'm not an Apple fanboi, I just really love my iPhone.
But then again when you pay alot of money for no clothes, you have to continue walking around naked.
Blackberry? They didn't mention any flaw allowing this in Blackberry.
I love how any story about an issue with an Apple product brings
out all the haters. Anyone who assumes their device (phone,
computer, whatever) is secure because of the logo etched on it is
a fool and should be treated as such.
This really is a story about MMS exploits on mobile devices, but
directing it at the highest profile device brings out the most
viewers to your talk if you are at the conference, the most media
coverage (and thus revenue for your company) and most views to
news sites.
Apple is probably working (secretly as always and unnecessarily)
on a fix. In the mean time every iPhone user should shut theirs off
and store it until a fix is released.
out all the haters. Anyone who assumes their device (phone,
computer, whatever) is secure because of the logo etched on it is
a fool and should be treated as such.
This really is a story about MMS exploits on mobile devices, but
directing it at the highest profile device brings out the most
viewers to your talk if you are at the conference, the most media
coverage (and thus revenue for your company) and most views to
news sites.
Apple is probably working (secretly as always and unnecessarily)
on a fix. In the mean time every iPhone user should shut theirs off
and store it until a fix is released.
I love how any story about an issue with an Apple product brings out all the haters.
Anyone who uses the word "haters" in their argument, has already lost.
Anyone who uses the word "haters" in their argument, has already lost.
spewed over and over by the same people toward any Apple product, or
anyone who uses any Apple product, I'd say "hater" is a pretty mild word,
and is, in fact, pretty accurate.
Anyone who uses the following words, however, are obviously have no
facts to discuss: Mactard, iTard, fanboy (or fanboi), Micro$oft, Wintard,
Windoze, Winblows, Microsloth,
anyone who uses any Apple product, I'd say "hater" is a pretty mild word,
and is, in fact, pretty accurate.
Anyone who uses the following words, however, are obviously have no
facts to discuss: Mactard, iTard, fanboy (or fanboi), Micro$oft, Wintard,
Windoze, Winblows, Microsloth,
"Anyone who uses the following words, however, are obviously have no facts to discuss: Mactard, iTard, fanboy (or fanboi), Micro$oft, Wintard,
Windoze, Winblows, Microsloth"
I won't say that such a person has NO facts to discuss, but his or her credibility is immediately lost when anyone uses the aforementioned terms. That's totally childish and irritating.
Windoze, Winblows, Microsloth"
I won't say that such a person has NO facts to discuss, but his or her credibility is immediately lost when anyone uses the aforementioned terms. That's totally childish and irritating.
should be prepared to be at the receiving end of ridicule.
Apple has tried hard to generate a perception of Apple software as the epitome of security. Through deceitful marketing and by using ridicule themselves.
They had this coming. And more.
Apple has tried hard to generate a perception of Apple software as the epitome of security. Through deceitful marketing and by using ridicule themselves.
They had this coming. And more.
Through all their lying and misleading advertising about how "secure" their products are.
Their smug "I'm a Mac, I'm an unsecure crappy PC" ads... and yet Apple is being shown left and right to be the least secure OS available right now.
If they weren't so smug and didn't spend all their time putting down other companies products, maybe they wouldn't experience so much ridicule and backlash.
I will never support a company whose entire advertising model revolves around trashing other companies products.
Their smug "I'm a Mac, I'm an unsecure crappy PC" ads... and yet Apple is being shown left and right to be the least secure OS available right now.
If they weren't so smug and didn't spend all their time putting down other companies products, maybe they wouldn't experience so much ridicule and backlash.
I will never support a company whose entire advertising model revolves around trashing other companies products.
and Macs aren't. iPhone has a big market share and goes to people with $$$. Who woudn't want to take over that phone? Especially since it is the end all - who cares about the phone numbers in the contacts list - wait until it finds the credit card numbers. BTW if they turn off their phone how will they know the fix has been released? Isn't the iPhone the end all for web access too?
The simple fact is that no one cared when it was an Android or any other win-blow phone. But if there is anything going on with an iPhone, THEN it's news and people want to know...
It's just more proof to how much the iPhone rocks and how all the rest suck.
Include that in your comparrison Zealot... ROFL ROFL ROFL!!!
It's just more proof to how much the iPhone rocks and how all the rest suck.
Include that in your comparrison Zealot... ROFL ROFL ROFL!!!
An attacker can send a simple SMS to take control of an iPhone, the message then directs the phone to send similar SMS messages to all contacts in the address book.
Soon the attacker will own (pwn) every iPhone on the planet.
If that doesn't scare you, it should. It is definitively newsworthy!
Soon the attacker will own (pwn) every iPhone on the planet.
If that doesn't scare you, it should. It is definitively newsworthy!
But no, it doesn't scare me at all...
The attack is extremely complex and sounds like it would be extremely easy to filter out at the carrier level.
"For the attack to work, an attacker must send hundreds of SMS control messages, which are different from regular SMS messages, according to Miller. Only the initial SMS may be seen, he said."
I don't think this attack / vulnerability is going anywhere on anyones phone. I don't see the profit to effort ratio and the attack is lost when the user kills the power on their phone or AT&T drops the connection...
The attack is extremely complex and sounds like it would be extremely easy to filter out at the carrier level.
"For the attack to work, an attacker must send hundreds of SMS control messages, which are different from regular SMS messages, according to Miller. Only the initial SMS may be seen, he said."
I don't think this attack / vulnerability is going anywhere on anyones phone. I don't see the profit to effort ratio and the attack is lost when the user kills the power on their phone or AT&T drops the connection...
I think you may need to re-read the article. The attack you are quoting is for the HTC code on the WM system.
The attack for the iPhone only requires a single SMS message. It also sounds like the only way to prevent the attack is to disable SMS or to turn off your iPhone.
All of these holes are newsworthy, but from the damage that could be done is far greater to an iPhone user than to the others.
In my opinion, this is something all iPhone users should be concerned about, even if it has only been done (so far) by researchers.
The attack for the iPhone only requires a single SMS message. It also sounds like the only way to prevent the attack is to disable SMS or to turn off your iPhone.
All of these holes are newsworthy, but from the damage that could be done is far greater to an iPhone user than to the others.
In my opinion, this is something all iPhone users should be concerned about, even if it has only been done (so far) by researchers.
Dropping the connection shouldn't be a big problem for AT&T...that is what they like to call "business as usual". In this case it may be their saving grace.
Good point!
Will your iPhone being attacked become newsworthy? Man, I don't understand the fanboy mentality...
If this were to happen on Windows Mobile, Palm OS, webOS, or Android, and I personally use WinMo right now, I'd want this issue addressed. What difference does it make who the vendor is? Just because it's Apple you don't care enough to have this serious issue addressed? What are you, like 5 years old or something?
If this were to happen on Windows Mobile, Palm OS, webOS, or Android, and I personally use WinMo right now, I'd want this issue addressed. What difference does it make who the vendor is? Just because it's Apple you don't care enough to have this serious issue addressed? What are you, like 5 years old or something?
So, you agree. Only reason people talk about MS security is because MS is popular.
We just heard from Apple how iPhones in particular could be very, very dangerous for the cell towers.
This offers a simple solution. Apple can simply use this "feature" to brick those dangerous weapons before they are used to tear down the telecom infrastructure.
This offers a simple solution. Apple can simply use this "feature" to brick those dangerous weapons before they are used to tear down the telecom infrastructure.
We know that Apple hates jailbroken phones, what if Apple placed this hole there so it could take control of phones, detect the jailbroken ones, and knock those ones out of commission?
if they made it - they would have fixed it once it was 'detected.'
NZ,
Are you suggesting that Apple has the capability to do an Amazon like wipe of its iPhone????
Because of that sneaky and dirty trick on their part, I will never do any business with Amazon. I can not trust them.
Are you suggesting that Apple has the capability to do an Amazon like wipe of its iPhone????
Because of that sneaky and dirty trick on their part, I will never do any business with Amazon. I can not trust them.
as well as the will to do so.
They just pulled Google Voice app from the appstore, even though some of the apps were approved at the highest place just months before; leaving the developer with no avenues of income and all expenses.
They regularly brick jailbreaked iPhones when they push updates.
They push out updates to iTunes with the sole purpose of shutting out competing devices from synching with it.
They just pulled Google Voice app from the appstore, even though some of the apps were approved at the highest place just months before; leaving the developer with no avenues of income and all expenses.
They regularly brick jailbreaked iPhones when they push updates.
They push out updates to iTunes with the sole purpose of shutting out competing devices from synching with it.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
