User avatar
jetjack74
Posts: 6580
Joined: Sun Jul 27, 2003 6:35 am

Is This IPhone Threat Real?

Thu Jul 30, 2009 2:25 am

So I got this email today from a friend, and I was wondering if this is real or if this will end up on another Snopes.com page? Have you heard of this or is this a stunt?
"July 29, 2009

Your iPhone: Soon to be iPwned?



If you own a smartphone, chances are you've got a lot of important information stored on it. The typical handheld computer contains data ranging from e-mail to contact information to passwords to credit card numbers.

What if all that information could be accessed by cyberscum merely by receiving a tainted text message? According to security researcher Charlie Miller, there's no "what if" about it. If you've got an iPhone, it can happen, and on Thursday he promises to prove it to you.

In an article on Forbes' Web site, Miller claims that a flaw in Apple's popular handheld could allow "every iPhone in the world" to be hijacked:

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."

Miller says he told Apple about the vulnerability more than a month ago, but the company has yet to issue a patch. In 2007, he discovered you could gain remote control over an iPhone by tricking a user into downloading software from an infected Web site via Mobile Safari, but Apple issued a patch before Miller demonstrated that exploit publicly.

And you Windows Mobile and Android users can wipe those smug looks off your faces, because Miller's got some surprises for you, too.

The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices. Another pair of SMS bugs in the iPhone and Google's Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.

OK, so the Android bug is patched. You T-Mobile G1 guys can smirk all you like. And that's fine, because most of you do, anyway. It's kind of annoying.

At any rate, if Miller's revelation is real, this is not good news - particularly since, at this writing, Apple's not patched the SMS bug, even though the company has known about it for some time. But then, Apple often is slow to patch flaws in both the iPhone and Mac OS X.

If Apple doesn't get a fix out the door quickly, iPhone users need to be vigilant. I certainly don't want my iPhone to become iPwned."
Made from jets!
 
NIKV69
Posts: 10889
Joined: Wed Jan 28, 2004 4:27 am

RE: Is This IPhone Threat Real?

Thu Jul 30, 2009 2:29 am

Hey that guy with the private jet can bail us out! Why? HE CAN AFFORD IT!
 
TUNisia
Posts: 1515
Joined: Thu Aug 19, 2004 3:24 am

RE: Is This IPhone Threat Real?

Thu Jul 30, 2009 2:29 am

If people only realized there are far superior phones on the market (see Nokia series 60 devices) than the iPhone.
Someday the sun will shine down on me in some faraway place - Mahalia Jackson
 
austinairport
Posts: 613
Joined: Wed Feb 21, 2007 10:56 am

RE: Is This IPhone Threat Real?

Thu Jul 30, 2009 4:39 am



Quoting TUNisia (Reply 2):
(see Nokia series 60 devices

I saw a video on youtube, it was a Nokia text exploit. But I think it only applies to the N Series.

As to the iPhone. Hehe. Losers, Apple better get it together.
It's a pretty open platform, even after upgrading to 3.0 firmware on my iPod Touch, it took like no time to jailbreak it. Easy.
Whoever said you can do anything you set your mind to has obviously never tried to slam a revolving door!!!
 
aero145
Posts: 2867
Joined: Tue Jan 04, 2005 4:59 am

RE: Is This IPhone Threat Real?

Thu Jul 30, 2009 7:25 am

I’m pretty sure this Miller has something to do with this hacking of the phone.
And also pretty sure that all smartphones can easily be hacked.
 
MadameConcorde
Posts: 9201
Joined: Fri Feb 23, 2007 5:08 pm

RE: Is This IPhone Threat Real?

Thu Jul 30, 2009 7:57 am



Quoting Aero145 (Reply 4):

I would not go paranoid over it but nothing is 100% safe.
There was a better way to fly it was called Concorde
 
aero145
Posts: 2867
Joined: Tue Jan 04, 2005 4:59 am

RE: Is This IPhone Threat Real?

Thu Jul 30, 2009 9:45 am



Quoting MadameConcorde (Reply 5):
I would not go paranoid over it but nothing is 100% safe.

Doesn’t sound like an excuse to me, but I’m not going paranoid, just saying facts*. And if I needed a smartphone I would anyways buy the iPhone.

* yeah I don’t have any evidence but you folks that don’t believe me can find it yourselves Big grin
 
Klaus
Posts: 20594
Joined: Wed Jul 11, 2001 7:41 am

RE: Is This IPhone Threat Real?

Thu Jul 30, 2009 10:55 am



Quoting Jetjack74 (Thread starter):
So I got this email today from a friend, and I was wondering if this is real or if this will end up on another Snopes.com page? Have you heard of this or is this a stunt?

Many presumable vulnerabilities are actually not exploitable under normal conditions. so the relevance of this claim remains unclear as long as it has not been validated.

The iPhone OS X 3.1 update is imminent, so I doubt there is much of a window of opportunity even it it should be a viable vulnerability.

Quoting AustinAirport (Reply 3):
It's a pretty open platform, even after upgrading to 3.0 firmware on my iPod Touch, it took like no time to jailbreak it. Easy.

Jailbreaking works through a physical USB connection and wipes out the information stored on the iPhone previously. That is not a vulnerability – although jailbreaking it will in fact remove most of the security mechanisms from the iPhone (in order to manipulate it in ways Apple has not sanctioned) and thus makes it quite a bit more vulnerable to attacks.

Quoting AustinAirport (Reply 3):
As to the iPhone. Hehe. Losers, Apple better get it together.

So how many actual exploits are active at this time?

It is quite possible that the Apple developers analyzed the attack, found that it cannot actually be exploited and filed the fix for the next regular update. Finding an effect which does something unexpected is one thing – actually exploiting it in a directed way is quite another.

Quoting TUNisia (Reply 2):
If people only realized there are far superior phones on the market (see Nokia series 60 devices) than the iPhone.

You're joking, right? Big grin
 
diamond
Posts: 3000
Joined: Sun Apr 11, 2004 8:01 am

RE: Is This IPhone Threat Real?

Fri Jul 31, 2009 7:08 am

There are quite a few stories about this virus hitting the web today.

But the original story is that two cybersecurity experts planned to demonstrate the security flaw Thursday at a conference in Las Vegas on . . . cybersecurity.

It looks like a scheduled demonstration of this flaw has morphed into widespread fear that the flaw was going to be spread worldwide on the same date.

Even the title of the linked article is misleading:

http://www.nbcbayarea.com/news/tech/...ease-Predicted-Today-52081377.html


" ... It isn't clear why today would be the trigger for the bug, other than the fact that there is a conference in Las Vegas today that gives the two a platform to speak ... "





Google list of related stories:

http://news.google.com/news?um=1&ned...2Biphone+%2Bvirus&cf=all&scoring=n
Blank.
 
Klaus
Posts: 20594
Joined: Wed Jul 11, 2001 7:41 am

RE: Is This IPhone Threat Real?

Sat Aug 01, 2009 12:19 am

Apple Addresses Hacker Threat to iPhone - Digits - WSJ

Quote:
A day after security experts demonstrated a way to hack into Apple’s iPhone, the company released a software upgrade to fix the problem.

Researchers at the Black Hat computer security conference in Las Vegas on Thursday showed how hackers could take control over iPhones simply by sending special codes via SMS messages.

In response, Apple on Friday made available a software upgrade, iPhone OS 3.0.1, designed to fix the vulnerability. Users can download it through iTunes when they plug their iPhones into their computers.

“This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone,” said Tom Neumayr, an Apple spokesman, in a statement. He said “no one has been able to take control of the iPhone to gain access to personal information using this exploit.”

 
Ken777
Posts: 9046
Joined: Thu Mar 11, 2004 5:39 am

RE: Is This IPhone Threat Real?

Sat Aug 01, 2009 4:26 am



Quoting AustinAirport (Reply 3):
As to the iPhone. Hehe. Losers, Apple better get it together.

Took Apple about 24 hours to get the fix out for downloading.

And it is fairly simple for a user to get the fix. Hook your iPhone up to your computer and when iTunes comes up for the sync click on "Check For Updates". You have to enter your password and agree to the license, but then you can go get a cup of coffee while Apple takes care of you.

And how is MS doing on their emergency fixes for IE? And how many emergency and urgent fixes has IE had over the years? We don't even need to talk about Windows, now do we?
 
austinairport
Posts: 613
Joined: Wed Feb 21, 2007 10:56 am

RE: Is This IPhone Threat Real?

Sat Aug 01, 2009 7:41 am



Quoting Ken777 (Reply 10):
And how is MS doing on their emergency fixes for IE? And how many emergency and urgent fixes has IE had over the years? We don't even need to talk about Windows, now do we?

...Was that a shot at me?
LOL. I'm happy switching completely away from Windows. I have Ubuntu in a dual boot config on my laptop. Really its only a matter of rebooting.  Smile
Whoever said you can do anything you set your mind to has obviously never tried to slam a revolving door!!!

Who is online

Users browsing this forum: Aesma, BobPatterson, ThePointblank and 17 guests