Danger! Your Apple iPhone can be targeted by hackers! They can break into your iPhone and deliver malware, intercept messages, or track your keystrokes. This is achieved by launching a Denial of Service (DoS) attack through the SMS protocol. Through this DoS attack, the hacker can take control of any iPhone. Why? To steal sensitive information, send spam and malware, or just keep you off the network.
“Its lots of fun to kick friends off the network, but it’s even more fun to own their phone,” – Charlie Miller, Independent Security Evaluators researcher. It seems that some memory flaws in how Apple’s iPhone manages the SMS protocol have enabled this hack. Attackers can deface text, reconfigure the keys, and even shut down the iPhone indefinitely.
By flooding the victim’s iPhone with hundreds and even thousands of SMS control messages, hackers are able to keep it from accessing the network indefinitely. The worst news is that this hack is working on the Google Android and the Windows Mobile platforms. “Basically what happens, you send a bad SMS, you can’t use your phone,” Miller said. “Literally the phone is working, you just can’t press any of the buttons on your iPhone.”
Most of the hacks work only if the user opens a website, email attachment, or any similar item. However, with this hack, iPhone users could be infected without doing anything. One of the dangers is information theft. You could give away your credit card information among other things! It seems that attackers are very versatile these days.
Another danger is spam. SMS messages are cheap, but not free. Think what your bills would be if an attacker would send tens of thousands of spam messages from your Apple iPhone! This hack can also be used to transmit malware through SMS. For example, once an iPhone is infected, it can spread the malware to all of the contacts in the Contact List.
Until Apple doesn’t fix this issue, our iPhones are definitely not safe! We hope to see Apple’s response in the next couple of days.
Unlike some other large American technology corporations (see: Microsoft IE exploit), Apple were quick off the mark with this one. Not long after the story was breaking around the web, Apple release iPhone OS 3.0.1. The new update is a fix for the malicious SMS exploit. Brilliant work Apple, it’s times like this I’m glad my phone runs OS X and not Windows Mobile.