iPhone bug to hijack phone by SMS will be revealed tomorrow

Forbes is reporting that two researchers plan to reveal an un-patched iPhone bug that could virally infect phones via SMS.

The hijack was discovered by iPhone hacker Charlie Miller. Miller is a well known security researcher, famous for hacking a Macbook within seconds earlier this year at Pwn2Own 2009.

Miller plans to unveil the attack methods during a talk he is holding at tomorrow's Blackhat security conference in Las Vegas. Miller claims he is able to take over the iPhone with a series of malicious SMS messages. "This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."

The flaw

The flaw exploits an issue with the way the phone handles SMS messages. The attack developed by Miller works by exploiting a missing safeguard in the phones' SMS software that prevents code in the messages' text from overflowing into other parts of the device's memory where it can run as an executable program. Miller and his colleague Collin Mulliner plan to demonstrate how a series of 512 SMS messages can exploit the bug, with only one of those messages actually appearing on the phone, showing a small square. If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Miller advises turning the phone off as soon as possible.

The series of SMS messages will give hackers complete power over any of the smart phone's functions. This includes dialing the phone, visiting Web sites and sending SMS messages.

According to Miller, Apple has been made aware of the issue but no patch has been put in place.

Windows Mobile affected too

Miller also claims he has found a bug in Microsoft's Windows Mobile devices that that allows complete remote control of the device. Miller discovered the bug last Monday and it's currently un-patched by Microsoft. It's not clear whether Miller plans to unveil full details of the Windows Mobile bug tomorrow or limited details until Microsoft has been made aware.

Report a problem with article
Previous Story

Windows 7 Ultimate cracked and activated with OEM master key

Next Story

Microsoft confirms Yahoo deal, Bing to power Yahoo! search

54 Comments

Commenting is disabled on this article.

and here apple goes to warn people about jailbreaking causing the cellphone towers to crash... when they have more important things like a buffer overflow to worry about

That's true but even that's charged some times, I know for a fact that O2 in UK charges for that service, I think it's 10p a text.

It seems in the rush to bash Apple people are missing this:


Miller also claims he has found a bug in Microsoft's Windows Mobile devices that that allows complete remote control of the device. Miller discovered the bug last Monday and it's currently un-patched by Microsoft. It's not clear whether Miller plans to unveil full details of the Windows Mobile bug tomorrow or limited details until Microsoft has been made aware.

I'll bet it's more work to exploit than "send a text message to the victim". Probably an exploit in Internet Explorer or Media Player requiring somebody to navigate to a site or follow an email link.

The iPhone vulnerability is just about as bad as a remote exploit problem can get, with the only mitigating factor being that the cell carriers will likely be able to filter it. If they don't, this will likely result in the world's first serious mobile device worm.

evo_spook said,
It seems in the rush to bash Apple people are missing this:


Miller also claims he has found a bug in Microsoft's Windows Mobile devices that that allows complete remote control of the device. Miller discovered the bug last Monday and it's currently un-patched by Microsoft. It's not clear whether Miller plans to unveil full details of the Windows Mobile bug tomorrow or limited details until Microsoft has been made aware.

No, Apple has been notified and done nothing, that has not been established in the second case. And it is hardly worthy of note that an MS product has a hole.

schubb said,
No, Apple has been notified and done nothing, that has not been established in the second case. And it is hardly worthy of note that an MS product has a hole.

Thats not even established in the first case. In the Forbes article he simple says,
"I've given them more time to patch this than I've ever given a company to patch a bug,"

And how long is that? A week? 2 weeks? Apple doesn't spend 10 minutes, fix the problem and post a new update on their website to download, theres more involved than that.

so 512 SMS messages at 20 cents per message at cost to the reciever... so $102 later your iPhone is hacked yay for people without unlimited messaging plans! umm yea

Lechio said,
Erm... You pay to RECEIVE SMS...? That sucks...

Yup. Here in the US you get charged for receiving text messages. If you have a 500 text message/month every text message you receive and send counts against that.

Depending on the circumstances, if someone were to spam you or you were receiving a copious amount of text messages one month that caused you to go over your allowed limit a phone call to your provider can usually clear things up. I had to call Verizon once when I receiving a bunch of text messages that I did not want and they didn't charge me.

Unlimited plans are the way to go. In fact unlimited should be the only option for text messaging IMO.

Shadrack said,
Yup. Here in the US you get charged for receiving text messages. If you have a 500 text message/month every text message you receive and send counts against that.

Depending on the circumstances, if someone were to spam you or you were receiving a copious amount of text messages one month that caused you to go over your allowed limit a phone call to your provider can usually clear things up. I had to call Verizon once when I receiving a bunch of text messages that I did not want and they didn't charge me.

Unlimited plans are the way to go. In fact unlimited should be the only option for text messaging IMO.

I send/receive about 150 messages a month combined. Tops. The 200 message plan for 5 bucks is perfect. I don't want to pay 20 bucks a month for unlimited texting when I don't need it.

shockz said,
I send/receive about 150 messages a month combined. Tops. The 200 message plan for 5 bucks is perfect. I don't want to pay 20 bucks a month for unlimited texting when I don't need it.

Oh, I completely agree with you. I guess I wasn't suggesting that everyone with a text messaging plan should be spending the $20/month for unlimited. More like, the $5/month should be unlimited.

shockz said,
I send/receive about 150 messages a month combined. Tops. The 200 message plan for 5 bucks is perfect. I don't want to pay 20 bucks a month for unlimited texting when I don't need it.

I don't know how many I send and receive, probably a hundred or so. Not much of an issue to me since I gave AT&T the finger and switched to MetroPCS. I have found the service superior in every way but one, roaming availability - and that doesn't matter to me since I don't roam. I get better service and pay $56 bucks a month, after taxes, for unlimited EVERYTHING.

I pay €10 for unlimited calls and SMS. And I don't pay for incoming calls or to receive SMS...

Paying to receive calls or SMS sounds a really bad idea. It should follow the same rules as landline phones.
Just imagine this, a person who doesn't like you that much posts your phone number on a dating site (with a hot babe picture attached), you are absolutely screwed if you are going to have to pay to receive calls or SMS... How about advertisers, don't they use SMS too?

Guess the US, in this case, could use something like the European Commission to regulate the activity of these telecoms...

You pay to recieve text and calls!!??? How is that possible? I pay €10 per month and I, unlimited speaking, can text, mms, call and videocall for free everyone using the same plan! Plus, calls to people not in the same plan (or even in another carrier) are cheap, I'm not changed to incoming communications (be it mms, text, call or video call) and plus, I have free Windows Live service in the mobile. C'mon US mobile users, get together and complain about that, it really suX having it that way!

Lechio said,
I pay €10 for unlimited calls and SMS. And I don't pay for incoming calls or to receive SMS...

Paying to receive calls or SMS sounds a really bad idea. It should follow the same rules as landline phones.
Just imagine this, a person who doesn't like you that much posts your phone number on a dating site (with a hot babe picture attached), you are absolutely screwed if you are going to have to pay to receive calls or SMS... How about advertisers, don't they use SMS too?

Guess the US, in this case, could use something like the European Commission to regulate the activity of these telecoms... ;)

Hum, Optimus Tag!?

Or, put yourself in airplane mode. Sure, you won't get any calls or messages, but you still can use the local applications on it..

Shunik Jan said,
Wrong, when it happens it happens. You never know how it can hijack contact details and such.

If its in airplane mode no data can be sent or received.

I'm guessing the copy and paste functionality may have introduced this.
The fact we can simply e-mail any character, code or script... then just copy and paste into an SMS.

mattnotley2004 said,
I'm guessing the copy and paste functionality may have introduced this.
The fact we can simply e-mail any character, code or script... then just copy and paste into an SMS.

Your right! Except it has nothing to do with that. But kudos to you for randomly picking a feature and deciding its at fault.

Pc_Madness said,
Your right! Except it has nothing to do with that. But kudos to you for randomly picking a feature and deciding its at fault.

I didn't decide it was at fault. I said "I'm guessing". And it wasn't actually random........

Oh and, just for your information... this is what was on AppleInsider today... so I was partially correct :)
You can't send an "unusual text character" without copy and paste.

"The technique involves sending only one unusual text character or else a series of "invisible" messages that confuse the phone and open the door to attack. Because users won't know whose messages to block in advance, there's little iPhone owners can do but to shut off the phone immediately if they suspect they're at risk -- a real problem as the trick could also be used to make an iPhone send more messages of its own."

Source: AppleInsider

SMS pass through cellphone carrier so it can be filtered without patching any device.
Also, i don't think that most carrier allow to send non-standard sms.

LOL thats a pretty epic job to do considering the huge volume of texts sent. It would require a piece of hardware reading all texts sent before they arrive and have a large cost I would imagine, or apple fix the hole....

As per some EU directives, carriers already stock SMS sent by users for up to a year, so no, I don't think it'd be much of a technical problem, more of a political one tho'. I don't see them admit openly they already screen SMS' transmissions that easily...

What would happen to the world if all the iPhones were hijacked? This is more serious than that Y2K thing times 10....that's right it's more serious than Y20000

I wouldn't hold your breathe. Apple, in all their infinite wisdom, has known about this for quite some time and done nothing.

Yeah, this from the company that supposedly takes security seriously. This isn't the first time they've ignored a serious security flaw and denied its existance until it became a serious problem.

What in the name of High School Football is going on? Apple - security - hacked
Now I seen everything
I wonder if you use another SMS app if you are safe?

atari800 said,
What in the name of High School Football is going on? Apple - security - hacked
Now I seen everything
I wonder if you use another SMS app if you are safe?


Another SMS app? *gasp* an app that competes with existing features? apple would never allow this!!!!!!!!!!!

atari800 said,
What in the name of High School Football is going on? Apple - security - hacked
Now I seen everything
I wonder if you use another SMS app if you are safe?

I know, it seems Apple is getting back at Microsoft by copying them for once!

Wish I new someone other than myself with an iPhone, could have some serious fun with this.

On a more serious note, this could let all hell break loose

I like the part "This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."

Can this be true or is it a delayed April Fools story?!

No, it's actually pretty serious. If the exploit got into the wild it'd be possible to create a worm that propagated by sending the payload to everyone on that person's contact list. It wouldn't take long to spread very quickly (since no user interaction is required, I'm guessing).

chAos972 said,
No, it's actually pretty serious. If the exploit got into the wild it'd be possible to create a worm that propagated by sending the payload to everyone on that person's contact list. It wouldn't take long to spread very quickly (since no user interaction is required, I'm guessing).

We don't know if it's serious or not, we just know a mainstream media outlet is quoting same lame hacker and calling him a researcher.

bob_c_b said,
We don't know if it's serious or not, we just know a mainstream media outlet is quoting same lame hacker and calling him a researcher.


That "lame hacker" was the same guy that hacked the Macbook in seconds earlier this year and was the first to remotely hijack the iPhone back in '07. Regardless of whether he's a researcher or not, it's clear his Apple mojo is strong.

hjf288 said,
So why cant the iphone multitask? Security?

Really must be the battery

iPhone can multitask, it runs a number of applications at the same time. What it doesn't do is let you run your own applications in the background. Apple say they don't do this because it uses up lots of batter power, and this has been evidenced by Palm Pre, which has a worse battery life.