According to a recent Forbes report (and many other reports all over), two researches will plan on revealing a major security hole in iPhones this afternoon (Thursday, July 30th) at the Black Hat cybersecuirty conference. SMS text messages are apparently the culprit as detailed below:
If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.
That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they’ve found in the iPhone’s handling of text messages, the researchers say they’ll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone’s functions. That includes dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.
“This is serious. The only thing you can do to prevent it is turn off your phone,” Miller told Forbes. “Someone could pretty quickly take over every iPhone in the world with this.”
The problem has been reported to Apple; however, I have yet to see any official statement from them, but I will continue to look for them throughout the day. The best I have seen so far is an article from AppleInsider stating that Apple is indeed working on a fix and was supposed to be out at the end of this month (July) and before the conference reveals the bug too all.
Charles Miller is the one primarily responsible for finding this nice little loophole, and he’s done it before. So I would definitely believe this exploit is legit.
Being an iPhone owner myself, I will definitely be staying on top of this as best as possible. In the meantime, if you see any strange characters in a SMS text message, shut your iPhone off. Of course, if you don’t even want to risk it, you can try keep your iPhone off until this problem is resolved.
Although I’m sure that route will be as easy and trying to cut off a heroine addict cold turkey.
Quick little update: Found a CNET article that describes in detail what this hack can do.