Blog:iPhone vulnerability

Blog:iPhone vulnerability

From Evan Sultanik

Jump to: navigation, search

This is a blog entry for 31 July 2009 08:30.
See the list of recent entries or the archive.

iPhone Vulnerability via SMS

The gist of the story is that there is a new vulnerability that affects all iPhone models/firmware. An attacker can compromise a phone simply by sending a series of specially formed SMS (i.e., text) messages, only the first of which is visible to the victim. All that is needed by the attacker is the victim's phone number; no action on the part of the victim is required. Once a phone is compromised, an attacker can almost instantaneously read the victim's contact list and subsequently automatically attack all of the victim's contacts. More details can be found here.

Apple, having known about this for almost two months, have done nothing.

The only known workaround is to:

  1. Jailbreak your phone;
  2. SSH into your phone; and
  3. $ chmod 000 MobileSMS.app

This will obviously disable all SMS, which is less than ideal for most users.

Previous:
iPhone development 		Blog Entries Next:
None

Name (required):

Website:

Comment:

Facts about Blog:iPhone vulnerabilityRDF feed
Date 31 July 2009 08:30  +
Title iPhone Vulnerability via SMS
Retrieved from "http://www.sultanik.com/Blog:iPhone_vulnerability"