An SMS vulnerability is the most critical issue

Jul 31, 2009 08:51 GMT  ·  By

Security experts announced recently that they would demonstrate a series of vulnerabilities that Apple's iPhone came to the market with, among which an SMS flaw that would enable an attacker to take control of the device by sending a special text message to the phone. The software breach issue was demonstrated by researchers Charlie Miller and Colin Mulliner at the Black Hat conference in Las Vegas.

The two showed that attackers could exploit the flaw to make calls, steal data send messages, or use any of the applications that are installed on the iPhone. According to the researchers, Apple was contacted about the problem six weeks ago, yet the company hasn't updated the software on its devices, although it said it would do so before the end of the month.

“This is serious. The only thing you can do to prevent it is turn off your phone,” Miller recently told Forbes. “Someone could pretty quickly take over every iPhone in the world with this.” According to the security experts, the only warning one would receive about the iPhone being attacked is a text message containing a single square character.

On the other hand, it seems that this is not the only SMS issue that the iPhone comes with. Miller and Mulliner also demonstrated another bug in the device, one that would enable a hacker to block the handset's connectivity to the wireless network for around 10 seconds. This issue has been spotted in Android as well, yet it seems that Google has patched the flaw. A similar issue comes with Microsoft's Windows Mobile operating system as well.

Furthermore, other SMS message attacks were showcased at the conference, including one that affects almost all GSM handsets and wireless carriers in the world. Security researchers Zane Lackey and Luis Miras demonstrated an iPhone application that could send digital attacks against vulnerable phone models, including Apple's handset or Windows Mobile 5-powered phones.

As many of you might already know, Miller showed some problems with the iPhone software back in 2007, when he managed to hack an iPhone using a website via a browser vulnerability. Back then, in July 2007, Apple patched the vulnerability before it was publicized at the Black Hat conference that year.