Gadgetell | Tech News, Reviews, and Interesting Things

For all the time we’ve been using cell phones, we’ve never had to worry about someone else trying to control them, unless they steal them, that is.  It’s just not something one would think about, especially not when using the iPhone.  Apple has a history of security with its desktops, so why not the iPhone?  Turns out they’ve been a bit lazy with the security updates.

Thursday, at the start of Black Hat, the annual cybersecurity convention, Charlie Miller, the man who was able to control an iPhone back in 2007 with a malicious website, and Collin Mulliner will show the latest issue they’ve found with the iPhone.  Turns out they can take full control of any iPhone through SMS messages.  The only thing the user would see is a single notification displaying a single block character.  At that point the phone is pretty much already hacked, with the only solution being to turn it off.

Miller alerted Apple to the security flaw months ago, as he does when he finds these vulnerabilities.  Apple, however, has yet to patch the SMS insecurity.  Apple has patched previous security flaws, most of which required some action by the user to even activate.  This attack, however, can be accomplished at any time as long as the iPhone is on and connected to the network, with no action from the user.  Seems like this would be something Apple would want to patch up as quickly as possible.

The iPhone isn’t the only phone with SMS vulnerabilities.  Many cell phones and platforms, including Symbian, which runs on about half the world’s phones, Windows Mobile, and Android (though Google has patched the flaws) will be shown to have similar vulnerabilities via SMS.  It could potentially lead to an influx of SMS worms eventually, unless companies patch them up.  Some have already begun sending SMS messages to malicious sites, though there is potential for much worse, as Miller and Mulliner are going to show us.

Read [Forbes]