Sponsor Message:
Non Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
Is This IPhone Threat Real?  
User currently offlineJetjack74 From United States of America, joined Jul 2003, 7407 posts, RR: 50
Posted (5 years 3 weeks 3 days 16 hours ago) and read 3254 times:
Support Airliners.net - become a First Class Member!

So I got this email today from a friend, and I was wondering if this is real or if this will end up on another Snopes.com page? Have you heard of this or is this a stunt?
"July 29, 2009

Your iPhone: Soon to be iPwned?



If you own a smartphone, chances are you've got a lot of important information stored on it. The typical handheld computer contains data ranging from e-mail to contact information to passwords to credit card numbers.

What if all that information could be accessed by cyberscum merely by receiving a tainted text message? According to security researcher Charlie Miller, there's no "what if" about it. If you've got an iPhone, it can happen, and on Thursday he promises to prove it to you.

In an article on Forbes' Web site, Miller claims that a flaw in Apple's popular handheld could allow "every iPhone in the world" to be hijacked:

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."

Miller says he told Apple about the vulnerability more than a month ago, but the company has yet to issue a patch. In 2007, he discovered you could gain remote control over an iPhone by tricking a user into downloading software from an infected Web site via Mobile Safari, but Apple issued a patch before Miller demonstrated that exploit publicly.

And you Windows Mobile and Android users can wipe those smug looks off your faces, because Miller's got some surprises for you, too.

The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices. Another pair of SMS bugs in the iPhone and Google's Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.

OK, so the Android bug is patched. You T-Mobile G1 guys can smirk all you like. And that's fine, because most of you do, anyway. It's kind of annoying.

At any rate, if Miller's revelation is real, this is not good news - particularly since, at this writing, Apple's not patched the SMS bug, even though the company has known about it for some time. But then, Apple often is slow to patch flaws in both the iPhone and Mac OS X.

If Apple doesn't get a fix out the door quickly, iPhone users need to be vigilant. I certainly don't want my iPhone to become iPwned."



Made from jets!
11 replies: All unread, jump to last
 
User currently offlineNIKV69 From , joined Dec 1969, posts, RR:
Reply 1, posted (5 years 3 weeks 3 days 16 hours ago) and read 3245 times:



User currently offlineTUNisia From United States of America, joined Aug 2004, 1844 posts, RR: 5
Reply 2, posted (5 years 3 weeks 3 days 16 hours ago) and read 3245 times:

If people only realized there are far superior phones on the market (see Nokia series 60 devices) than the iPhone.


Someday the sun will shine down on me in some faraway place - Mahalia Jackson
User currently offlineAustinAirport From United States of America, joined Feb 2007, 643 posts, RR: 1
Reply 3, posted (5 years 3 weeks 3 days 14 hours ago) and read 3164 times:



Quoting TUNisia (Reply 2):
(see Nokia series 60 devices

I saw a video on youtube, it was a Nokia text exploit. But I think it only applies to the N Series.

As to the iPhone. Hehe. Losers, Apple better get it together.
It's a pretty open platform, even after upgrading to 3.0 firmware on my iPod Touch, it took like no time to jailbreak it. Easy.



Whoever said you can do anything you set your mind to has obviously never tried to slam a revolving door!!!
User currently offlineAero145 From Iceland, joined Jan 2005, 3071 posts, RR: 21
Reply 4, posted (5 years 3 weeks 3 days 11 hours ago) and read 3093 times:

I’m pretty sure this Miller has something to do with this hacking of the phone.
And also pretty sure that all smartphones can easily be hacked.


User currently offlineMadameConcorde From San Marino, joined Feb 2007, 10893 posts, RR: 37
Reply 5, posted (5 years 3 weeks 3 days 11 hours ago) and read 3076 times:



Quoting Aero145 (Reply 4):

I would not go paranoid over it but nothing is 100% safe.



There was a better way to fly it was called Concorde
User currently offlineAero145 From Iceland, joined Jan 2005, 3071 posts, RR: 21
Reply 6, posted (5 years 3 weeks 3 days 9 hours ago) and read 3043 times:



Quoting MadameConcorde (Reply 5):
I would not go paranoid over it but nothing is 100% safe.

Doesn’t sound like an excuse to me, but I’m not going paranoid, just saying facts*. And if I needed a smartphone I would anyways buy the iPhone.

* yeah I don’t have any evidence but you folks that don’t believe me can find it yourselves Big grin


User currently offlineKlaus From Germany, joined Jul 2001, 21442 posts, RR: 54
Reply 7, posted (5 years 3 weeks 3 days 8 hours ago) and read 3019 times:



Quoting Jetjack74 (Thread starter):
So I got this email today from a friend, and I was wondering if this is real or if this will end up on another Snopes.com page? Have you heard of this or is this a stunt?

Many presumable vulnerabilities are actually not exploitable under normal conditions. so the relevance of this claim remains unclear as long as it has not been validated.

The iPhone OS X 3.1 update is imminent, so I doubt there is much of a window of opportunity even it it should be a viable vulnerability.

Quoting AustinAirport (Reply 3):
It's a pretty open platform, even after upgrading to 3.0 firmware on my iPod Touch, it took like no time to jailbreak it. Easy.

Jailbreaking works through a physical USB connection and wipes out the information stored on the iPhone previously. That is not a vulnerability – although jailbreaking it will in fact remove most of the security mechanisms from the iPhone (in order to manipulate it in ways Apple has not sanctioned) and thus makes it quite a bit more vulnerable to attacks.

Quoting AustinAirport (Reply 3):
As to the iPhone. Hehe. Losers, Apple better get it together.

So how many actual exploits are active at this time?

It is quite possible that the Apple developers analyzed the attack, found that it cannot actually be exploited and filed the fix for the next regular update. Finding an effect which does something unexpected is one thing – actually exploiting it in a directed way is quite another.

Quoting TUNisia (Reply 2):
If people only realized there are far superior phones on the market (see Nokia series 60 devices) than the iPhone.

You're joking, right? Big grin


User currently offlineDiamond From United States of America, joined Apr 2004, 3279 posts, RR: 63
Reply 8, posted (5 years 3 weeks 2 days 12 hours ago) and read 2797 times:

There are quite a few stories about this virus hitting the web today.

But the original story is that two cybersecurity experts planned to demonstrate the security flaw Thursday at a conference in Las Vegas on . . . cybersecurity.

It looks like a scheduled demonstration of this flaw has morphed into widespread fear that the flaw was going to be spread worldwide on the same date.

Even the title of the linked article is misleading:

http://www.nbcbayarea.com/news/tech/...ease-Predicted-Today-52081377.html


" ... It isn't clear why today would be the trigger for the bug, other than the fact that there is a conference in Las Vegas today that gives the two a platform to speak ... "





Google list of related stories:

http://news.google.com/news?um=1&ned...2Biphone+%2Bvirus&cf=all&scoring=n



Blank.
User currently offlineKlaus From Germany, joined Jul 2001, 21442 posts, RR: 54
Reply 9, posted (5 years 3 weeks 1 day 19 hours ago) and read 2628 times:

Apple Addresses Hacker Threat to iPhone - Digits - WSJ

Quote:
A day after security experts demonstrated a way to hack into Apple’s iPhone, the company released a software upgrade to fix the problem.

Researchers at the Black Hat computer security conference in Las Vegas on Thursday showed how hackers could take control over iPhones simply by sending special codes via SMS messages.

In response, Apple on Friday made available a software upgrade, iPhone OS 3.0.1, designed to fix the vulnerability. Users can download it through iTunes when they plug their iPhones into their computers.

“This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone,” said Tom Neumayr, an Apple spokesman, in a statement. He said “no one has been able to take control of the iPhone to gain access to personal information using this exploit.”



User currently offlineKen777 From United States of America, joined Mar 2004, 8220 posts, RR: 8
Reply 10, posted (5 years 3 weeks 1 day 14 hours ago) and read 2564 times:



Quoting AustinAirport (Reply 3):
As to the iPhone. Hehe. Losers, Apple better get it together.

Took Apple about 24 hours to get the fix out for downloading.

And it is fairly simple for a user to get the fix. Hook your iPhone up to your computer and when iTunes comes up for the sync click on "Check For Updates". You have to enter your password and agree to the license, but then you can go get a cup of coffee while Apple takes care of you.

And how is MS doing on their emergency fixes for IE? And how many emergency and urgent fixes has IE had over the years? We don't even need to talk about Windows, now do we?


User currently offlineAustinAirport From United States of America, joined Feb 2007, 643 posts, RR: 1
Reply 11, posted (5 years 3 weeks 1 day 11 hours ago) and read 2544 times:



Quoting Ken777 (Reply 10):
And how is MS doing on their emergency fixes for IE? And how many emergency and urgent fixes has IE had over the years? We don't even need to talk about Windows, now do we?

...Was that a shot at me?
LOL. I'm happy switching completely away from Windows. I have Ubuntu in a dual boot config on my laptop. Really its only a matter of rebooting.  Smile



Whoever said you can do anything you set your mind to has obviously never tried to slam a revolving door!!!
Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
Is This Guy For Real? posted Sat Feb 5 2005 03:18:22 by AsstChiefMark
Is This Pic Real Or Photoshop? posted Sat Jun 6 2009 22:58:15 by Alberchico
Is This For Real?! Genoa G8 Police Brutality posted Wed Jul 23 2008 10:52:19 by CPH-R
Is This Video Real? (No, It's Not That Model A320) posted Sun Oct 29 2006 02:56:18 by Kaneporta1
Is This Real Or A Prop? posted Mon Jul 31 2006 05:47:05 by Alberchico
Is This Real Or Special Effects? posted Mon Jul 24 2006 01:48:20 by Alberchico
Is This For Real? (Bill Gates Mug) posted Wed Apr 5 2006 03:44:14 by Derico
Is This For Real? *Pol. Correctness Warning* posted Mon Mar 13 2006 02:30:36 by Derico
Is This For Real? Very Funny posted Mon Mar 28 2005 16:31:55 by Horus
Is This Real? posted Fri Dec 10 2004 23:32:04 by Rjpieces