Apple patches iPhone text message vulnerability

By Dan Kaplan

June 18, 2010 Updated Aug 4, 2009 at 12:31 PM EDT

Apple has fixed a vulnerability in the iPhone that could have enabled hackers to send malicious text messages to either knock the device offline or execute remote code.The patch arrived Friday, one day after researcher Charlie Miller and German Ph.D. student Collin Mulliner presented details on the flaw at the Black Hat conference in Las Vegas -- in one of the most attended talks of the show. Miller described the memory corruption issue as a bug that could enable an attacker to launch a denial-of-service attack against a victim phone, preventing users from making phone calls, sending texts or accessing the internet and effectively downgrading their "iPhone into an iPod Touch." All a hacker would need to do is send a single, specially crafted SMS message, which would appear invisible to the user.The vulnerability also could be exploited to do much more harm, Miller said. A barrage of malicious messages could enable an attacker to take complete control of the device. In his and Mulliner's test run, they sent 519 texts to a phone and were able to obtain control.Miller did not reveal the complete exploit code at his talk but estimated that hackers will use the partial information he provided to develop working attack code within a couple of weeks.Apple was notified of the flaw on June 18, and Miller said he expected a fix before the show. The delay prompted some security observers to question whether Apple is as committed to security as it should be."Unfortunately, it looks like the security problems with [the] iPhone will continue to grow until Apple makes security a higher priority," said Andrew Storms, director of security operations at vulnerability management firm nCircle. "If there is a silver lining for iPhone users, it's that all of the security research attention it is getting could eventually turn the iPhone into one of the most secure mobile platforms."An informal poll conducted at Black Hat by nCircle, in which 94 people voted on which mobile device would be most vulnerable to attack for the remainder of 2009, 56 percent of respondents chose the iPhone. An Apple spokesman could not be reached for comment.Miller and Mulliner presented similar vulnerabilities affecting Google's Android, which has been patched, and Windows Mobile, which has not.Apple, in a security advisory, said the patch is available for iPhone versions 1.0 through 3.0.




What are your thoughts CLICK HERE to leave us a "Your2Cents” comment.

Want to be in the know for the next weather event, the next school closing or the next big breaking news story?

TextCaster alerts from Indiana's NewsCenter are your defining source for instant information delivered right to your cell phone and email. It's free, easy and instant. Sign-Up Now!

Powered by Summit City Chevrolet



© Copyright 2014, A Granite Broadcasting Station. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

To submit a comment on this article, your email address is required. We respect your privacy and your email will not be visible to others nor will it be added to any email lists.