iHacker Charlie Discloses iPhone SMS Security Vulnerability
In an ideal world, Mac and iPhone hacker Charlie Miller would discover vulnerabilities, inform Apple, and Apple would then patch them before they had any chance of being exploited “in the wild”.
Miller, however, prefers to keep them to himself so he can win MacBooks and detail them at Black Hat conferences. The good of the hacker obviously outweighs the good of the users, every one. So be it.
Miller’s latest iPhone-related find was disclosed at SyScan in Signapore:
a hole that would let attackers “run software code on the phone that is sent by SMS over a mobile operator’s network in order to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.”
Apple, for their part, is hoping to have this patched before Miller’s upcoming Black Hat gig.
We hope so too.
[via Engadget. Thanks Travis for the tip!]
July 3rd, 2009 at 6:49 am
That hacker is an idiot. Get a life and a real job.
July 3rd, 2009 at 8:16 am
Considering Apple’s ham-fisted and heavy-handed approach with developers I suspect that they wanted a six month period during which they could, at their own pace, fix this problem and maybe figure out how to sue someone for messing with their baby.
Now, Miller hasn’t fully published this exploit. He HAS informed Apple of it. He is supposed to fully publish it at the upcoming Black Hat/DEF CON conference.
Apple has plenty of time to push a fix out. And since Miller isn’t necessarily the world’s foremost code-explorer you can probably safely bet that there are others who have independently discovered this vulnerability.
So, do you want Apple to take their sweet time or would you prefer that the “black hats” put a fire under Apple so we all get patched sooner rather than later?
July 3rd, 2009 at 9:29 am
@Joe. Yeah he sure is an idiot finding these holes that apples entire sec team couldn’t, and letting them know so they can be patched.
July 3rd, 2009 at 9:44 am
The “good of the many” is never served by pretending a problem does not exist. Good security auditors that if an exploit is discovered, you must assume is present in the wild, and act accordingly. Rene’s entire premise is based on the assumption that Miller is the first and only person to discover this vulnerability. That assumption is a fool’s approach to security, a comforting illusion only.
This vulnerability — a process that runs at root (!) executing arbitrary code in response to an unsolicited message from the outside — is far too severe to pretend Miller is the only one who noticed, and wait until Apple gets around to patching it.
Apple has demonstrated time and time again their willingness to use NDAs and gag orders to stifle everything from software discussion to contract issues, rather than fix the issue at hand promptly. If anything, Miller has done our community the best possible favor — by announcing it publicly, he pushes Apple’s only known motivational button to fix the issue promptly, and by not announcing implementation details, he does not give script kiddies a head start. Kudos to Miller.
Apple — the ball is in your court. You have a severe vulnerability in your most popular platform. Prove that this time you will not plug your ears and blame others. Fix your problem. Now.
July 3rd, 2009 at 10:39 am
Thanks for the mention Rene… And yea get a life seriously
July 3rd, 2009 at 12:48 pm
The likelihood that simply receiving a text message could compromise the phone seems infantessimily small to me.
After all, the message is simply TEXT, its DATA, and a good operating system never EXECUTES data.
To do so would be a monumental blunder, and I just don’t think Apple programmers are that stupid.
So my bet is that the SMS has to launch something else (probably Safari) by a physical action of the user, like when you get a URL in a SMS and you launch it.
This seems far more likely to be a bug in Safari, and sms is simply a way to get lots of people to click a link.
That being said, I agree with @Dev re:
All too often, the only way you can get Apple to do the right thing is embarrass them in the mainstream press.
If I were wearing my TinFoil hat, AND if we were talking about Microsoft, I would speculate on a back door access method based on specific SMS message structure having been intentionally built into the software.
But my tinfoil hat is at the cleaners, and Apple “would never be evil”…. http://mooseyard.com/Jens/?p=163
July 3rd, 2009 at 7:32 pm
@icebike
I hope it does require user interaction, but, if it was a some type of protocol exploit in Safari you would think Miller would have framed it as such, or at least indicated it was exploitable through Safari, rather than single out SMS. Or maybe it was a sensationalist hook – we will find out soon enough. Or better yet, we won’t until after it has been patched
July 13th, 2009 at 4:28 pm
@Dev
Not likely. Consider what two parts do: GPS location, turn microphone on. Law Enforcement snooping, anyone?