Jul 3, 2009

Serious SMS vulnerability discovered for the iPhone

Apple is hard at work to patch a serious vulnerability that could allow a hacker to perform malicious acts unknowingly on the iPhone platform.

The attack, which hasn't been described in detail, works when the attacker sends the victim an SMS that could cause the phone to run malicious code or programs without the phone operator's permission.

"The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet"

The good news is that the person who discovered the vulnerability, Charlie Miller, has been working with Apple and he will not discuss in detail the vulnerability until Apple has patched the exploit. This is a good step because if this exploit reached those with malicious intent, millions of iPhone users' phones could be compromised very quickly because of how fast text messages spread.

Shaz3e recently reported that Apple has delivered the next beta of the iPhone OS to developers which may include a patch for this exploit. Apple is currently working to amend the problem so there is no need to worry if you're an iPhone user but as Apple's market share grows more and more people will start looking to attack the iPhone.

No comments:

Boorkmark & Share

Bookmark Options