When it comes to smartphone security, the iPhone still has a long way to go to bring itself up to levels of RIM’s BlackBerry. Sure, there is the new Remote Wipe feature via MobileMe, but if you’re looking for security the iPhone might not make the cut.
One SMS Could Take Over Your Entire iPhone
Yesterday Forbes had an article about how an exploit via SMS can enable a hacker (or some miscellaneous weird dude) take full control of your iPhone. When I mention full control, here’s a snippet of what someone could do, according to Charlie Miller and Collin Mulliner:
“…dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.”
How do you know your iPhone has been hijacked? You receive a SMS message with a small square as the only character. At this point in time, the instructions by these analysts were to turn off your iPhone to prevent further exploits. Personally, I’d just smash my iPhone and upload it to YouTube instead if I ever received such a text!
Apple Has Known About This Exploit for Over One Month
Charlie and Colin plan to release the details of this exploit today at the Black Hat Technical Security Conference in Las Vegas. As for why Apple has not released a fix for this exploit yet? One would think that if there was such a grave security concern, Cupertino would immediately patch it up.
Miller responded with “I’ve given them more time to patch this than I’ve ever given a company to patch a bug,”. So there you have it. Apple knows, but they haven’t released a fix yet. With reports that iPhone 3.1 firmware is around the corner, we just might see a patch released very soon.
It’ll be interesting to know just how the SMS exploit works when it’s revealed today. Anyone out there scared to death about this new SMS-little-square-of-death exploit?