funsec mailing list archives

How to hijack 'every iPhone in the world'

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 30 Jul 2009 11:01:28 +0300 (EEST)

"On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square 
character,
Charlie Miller would suggest you turn the device off. Quickly.

That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller
and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity 
conference in Las Vegas.
Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate
how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's 
functions.
That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and,
most importantly, sending more text messages to further propagate a mass-gadget hijacking.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes.
"Someone could pretty quickly take over every iPhone in the world with this""
--clip--

From the end of the article:

"The researchers' concerns aren't merely theoretical. Finnish security firm F-Secure says it's found nearly 500
different variants of mobile phone malicious software since 2004, mostly using Bluetooth to hop between phones in close 
proximity.
But in the last 18 months, cybercriminals have begun using text messages to send links to malicious Web sites that 
infect the phone with malware,
says Mikko Hyppönen, an F-Secure researcher."

This talk mentioned is 'Fuzzing the Phone in your Phone' at
http://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html

More at
http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html

Juha-Matti

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

How to hijack 'every iPhone in the world' Juha-Matti Laurio (Jul 30)
- Re: How to hijack 'every iPhone in the world' der Mouse (Jul 30)
- <Possible follow-ups>
- Re: How to hijack 'every iPhone in the world' Juha-Matti Laurio (Jul 31)
  - Re: How to hijack 'every iPhone in the world' Dragos Ruiu (Jul 31)
- Re: How to hijack 'every iPhone in the world' Juha-Matti Laurio (Jul 31)