Iphone security alert

antijoke

antijoke

antijoke

Caporegime
Joined
28 Jan 2003
Posts
39,928
Location
England
Source

Not sure how big an issue this actually is in the real world, but it seems there is a major flaw that could allow hackers into every single Iphone out there and control it.
 
"Someone could pretty quickly take over every iPhone in the world with this."
Click to expand...

Hardly. They'd have to first find out all the phone numbers and then send everyone a text. That's not exactly practical, how long would it take to send millions of texts?
 
Feek said:


Hardly. They'd have to first find out all the phone numbers and then send everyone a text. That's not exactly practical, how long would it take to send millions of texts?
Click to expand...

Once they have access to the phone they could send a message to everyone in the address book.. and so on, and so on...
 
Considering the UK processes 1 billion text messages a week it wouldn't take too long.
Plus the flaw allows an infected handset to send the messages on - look how quickly the Nimda virus spread around the world, this could have the potential to do that.

However, I think it's unlikely to hit in the way they predict.
 
Surely O2 should be blocking messages that contain this hack at their end? They must scan their content?
 
JAMAL said:
Surely O2 should be blocking messages that contain this hack at their end? They must scan their content?
Click to expand...

Thats a fair point actually, although with the problems O2 have had of late with their network I doubt they will have time to implement any kind of fix :(
 
Text messages have a variety of classes - this particular issue may not appear with simple text.

The only other way this could happen is if OS vendors are using the SMS protocol incorrectly.

Scanning of messages is costly - I know I used to product manage this area. It's a handset vendor issue rather than a network issue - do you look to your ISP to block viruses?
 
Fillado said:
Google patched the flaw within 2 days of being notified (not sure how this translates to actual phones being patched mind). Apple... not so much :p
Click to expand...

I think the G1 gets the update pushed to the handset automatically.
 
NickK said:
Scanning of messages is costly - I know I used to product manage this area. It's a handset vendor issue rather than a network issue - do you look to your ISP to block viruses?
Click to expand...

Thas a fair point but my computer isn't tied in with my ISP contract, and the iphone is an O2 exclusive which has done very well for them.
 
We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms. This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.
Click to expand...

Congratulations Apple! You've lost all my respect in the area of security and telling the *full* truth. I knew they would spin this patch as "really soon after it was demonstrated" not "it took us over 6 weeks after being notified".
 
You must log in or register to reply here.
Back
Top Bottom