Hacking the iPhone as easy as sending an SMS

Source: International Business Times.

A Mac security expert has discovered a technique that hackers could use to take control of Apple Inc. computers and iPhone's in order to steal data, disproving the long believed theory that Apple products are more secure than PCs.

Charlie Miller, a noted security researcher, discovered the hack a month ago and contacted Apple, but the company has yet to release a software update fixing the security hole. Miller and fellow researcher Collin Mulliner will make the exploit public at today's Black Hat cyber security conference in Las Vegas, where hosts and attendees exchange information on Internet threats.

The hack involves sending a series of SMS messages to hijack the iPhone. At that point, the hacker could make calls, steal data, send text messages, and basically control all functions of the phone. The hacker could even use it to hijack more iPhones.

Earlier this month, the iPhone was shown to not be as safe as users had expected. Forensics expert Jonathan Zdziarski recently bypassed the iPhone 3GS's passcode PIN and backup encryption with relative ease.

Attacks on Apple computers are extremely rare, but security experts believe this will soon change as Macs gain market share on PCs running Microsoft Corp's Windows operating system.

Dai Zovi, who is the co-author of "The Mac Hacker's Handbook," said that once hackers start to put substantial resources into targeting Apple's computers, they will be at least as vulnerable as Windows machines, according to Reuters.

"There is no magic fairy dust protecting Macs," he said.

Miller, co-author of "The Mac Hacker's Handbook," said that the Mac OS will be easier to crack than Windows as it is bigger and less concisely written. This means that there is more room for vulnerabilities and bugs.


Read more: http://www.ibtimes.com/articles/20090730/iphone-hack-sms-virus-macs-apple-black-hat-conference.htm

What does the acronym stand for?

:hi:

I've never texted in my life; probably never will. An old Fuddy Duddy, and proud of it, I am!

:rofl:

texted "text-ted" (two syllables) rather than the correct way of "texed" (one syllable). That drives me up a wall, along with 90% of the population who thinks you have to dial "1" first on a cell before the area code (on any cell network, you NEVER have to dial 1 first to make a call in the US, NEVER!).

Used in a sentence, "I just texted someone."

End of rant! :)

on edit: this question is poised without malice. trying to come up with another example without much success.... :shrug:

Did you know about the never having to press "1" first when making a call anywhere in the US on a cell? Maybe one day I'll start a topic on it in the Lounge. :)

http://www.howjsay.com/index.php?word=texted&submit=Submit

The most common variant seems to be "Tex'd."

Some people don't speak English.

Been around for years...

http://community.zdnet.co.uk/blog/0,1000000567,10013351o-2000440756b,00.htm

Thursday 30 July 2009, 4:43 PM

iPhone Security: Latest Hack Not So Scary
Posted by MobileTech

iPhone Security: Latest Hack Not So Scary
Author: Eric Everson, Founder MyMobiSafe.com

To read the headlines, one would think that the “hack of hacks” had emerged on the iPhone. While there are some vulnerabilities within the iPhone OS, this latest scare is not likely to affect the masses.

This attack wherein hundreds (and yes, that is an “s” on the end of hundreds) of SMS control messages must be sent to an individual handset, is a hack that is best demonstrated in a controlled environment. To this avail if any one of these hundreds of SMS messages is removed or otherwise deleted from the handset before all the commands are in place, this entire hack is defunct. This hack works very similarly to the old fashioned DoS (Denial of Service) hacks that have been around for decades, the primary point of differentiation is simply that this one takes place on the iPhone.

The likelihood of your iPhone being subjected to this labor intensive attack today is seemingly implausible. In all reality you are way more likely to destroy your iPhone by dropping it today than by losing it to this latest hack.

One of the more interesting pieces of tomorrow’s mobile security puzzle is embedded in the physical architecture of tomorrow’s handsets. Today, touch-screens are considered relatively new technology, thus they use the same power supply and “sand box” (the brain of the handset) as the rest of the handset. In turn this makes them way more susceptible to attacks as a hacker’s first target is to disable user control via attacking the touch-screen. Differentiating the core operating components for touch-screen technology is one way to keep mobile users in control of their handsets even under the worst attacks.

I've seen them before on DU, and they are, for some bizarre reason, the most virulent of all.

I clicked to see a pc vs mac fight and was disappointed!
:shrug:

I will check back...

:popcorn:

of course I'm kidding!!

It is true that the more they start integrating the functions of syncing files, instant messaging, security shutdowns, etc, the more hackers will be able to make use of the software. I can't imagine all of the personal data that exists on one's iphone right now - security question answers, lock combinations, school schedules, passwords, notes on bank accounts, etc - people need to be careful.

As a note, if you have a password you need a reminder for, make sure you still have a way of scrambling it so only YOU know what it is by looking at it, but the actual version in your reminder is not the actual password. Like reminder 'passwd=ifeedthecat' means your 'passwd= wifewalksthedog' - if that makes any sense at all. No need in giving people direct access to any actual password text or keys to your personal accounts that you can protect with your brain! (until they hack that as well)

Fixed

I like to know sources.