iPhone SMS Security Hole
Shortcut URL: http://t.conquent.com/L600
This isn't really an iPhone rant -- lots of smartphones have had security holes which could be exploited with the right kind of attack, and honestly this problem isn't limited to the iPhone (Google's Android platform is apparently affected, too).
Apple describes it like this:
A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling.
In plain English, a hacker could basically get root access (super user) by sending a series of text messages that would cause the phone to almost crash, and then the hacker can run programs while the phone is dazed.
Of course I find it ironic that the iPhone is vulnerable to a text messaging attack while it doesn't even support Multimedia Messaging.
If you want a little ranting, when I went to update the iPhone (which Markie never synchronizes) it didn't just install a quick security patch, but instead wanted to install around 150MB of updates for Quicktime, Safari, and some kind of My Mobile platform.
The Android update, by comparison, was small and painless. We actually had to go check that it had happened it was so quick and easy.
And, perhaps surprisingly, my Windows Mobile 6 phone wasn't affected at all.
Share this article:
Teagan Drumheller: Re: iPhone SMS Security Hole
<A href=http://news.zdnet.com/2100-9595_22-326501.html> http://news.zdnet.com/2100-9595_22-326501.html</A>
Check this out- it may be a problem on more phones than you might think.
This article states that Windows Mobile and Android phones are vulnerable to something rather similar to what you're describing- different effects on the various phones though. Windows Mobile phones can be effectively disabled whereas Android phones may be able to be disconnected from the network temporarily.
Glad I'm running the latest firmware on my G1 though- doesn't sound fun, heh.
Michael Bissell: Re: iPhone SMS Security Hole (In response to Teagan)
I think one thing that makes this different is that iPhone users are, by and large, pretty unsophisticated technology consumers.
This is their first smartphone, and a lot of them never synchronize them, never update patches, and don't even realize that they might be at risk. At least no one seems to have actually orchestrated an attack with this exploit, but if someone does, my guess is that the iPhone market will remain much more vulnerable than the geekier Android market.
Be sure to see my blog over at Cloudenity. This week's topic:
The Physical Impossibility of Migrating to the Cloud