How to hack an iPhone using SMS

happygeek 1 Tallied Votes 501 Views Share

There are two things you can be sure of about the annual Las Vegas Black Hat security conference: nobody will use the free wifi as they are all too worried about being hacked, and someone will demonstrate an exploit that will scare the living bejesus out of you. The latter has just happened for iPhone users.

One well known discoverer of such things, Charlie Miller from Independent Security Evaluators, has revealed how a vulnerability can give savvy attackers the ability to gain complete control over your iPhone without any action on the part of the victim. Yep, this is the mother of all mobile remote hijack exploits by the look of it. Using nothing more complicated than a specially constructed text message, Miller says that malicious code can be executed in order to crash the device at the lesser evil end of the scale or take complete control for the more malicious attacker. It is even possible to use the attack to send text messages on to everyone in the victim's contacts list so spreading the hijack quickly to many more handsets.

Miller has been able to demonstrate the vulnerability courtesy of weaknesses in the iPhone CommCenter service that has responsibility for SMS and wireless functionality. Amazingly this runs as root but is not limited by any kind of application sandbox, so Miller realised it was ripe for use as a remote control hacking vector. All that is required is a slight modification of the data that arrives on the iPhone with the SMS text message itself. So far Miller and his team have managed to write software that can exploit the weakness on four different mobile networks in Germany and AT&T in the USA.

Apple has yet to publicly respond to news of the vulnerability, although it has known about it for weeks now. Given its track record on fixing security problems I am not hopeful of a speedy resolution.

In the meantime iPhone users are being urged to keep an eye open for any text message which arrives containing a single square character. Miller reckons this is a giveaway to the exploit and users should immediately turn off their handset if they notice such a message to prevent falling victim to it.