6 Comments

Summary:

Cybersecurity researchers Charlie Miller and Collin Mulliner claim they can bring down your iPhone by sending it just a single “unusual” character, according to Forbes, which first published news of the exploit earlier this week. A single square character or a series of “invisible” messages can […]

security_shield

Cybersecurity researchers Charlie Miller and Collin Mulliner claim they can bring down your iPhone by sending it just a single “unusual” character, according to Forbes, which first published news of the exploit earlier this week.

A single square character or a series of “invisible” messages can be used to confuse an iPhone, leaving it open to hackers. The exploit affects all models of iPhones, running all versions of the iPhone OS. The only way to protect the phone from attack is to shut it down.

“Someone could pretty quickly take over every iPhone in the world with this,” said Miller. After running the exploit, a hacker has control over any of the iPhone’s features. According to Forbes, this includes “dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.”

Unlike previous exploits, this one doesn’t require the user to do anything, and can strike at any time. The only prerequisite is that the iPhone is connected to a cellular network. Miller and Mulliner say they informed Apple of the exploit “more than a month” ago, but so far, the company has not issued a patch to close it. Forbes adds that Apple didn’t respond to “repeated calls” seeking comment.

“I’ve given them more time to patch this than I’ve ever given a company to patch a bug,” Miller told Forbes. “As a researcher, I can only show [Apple] the bugs. It’s up to them to fix them.”

Miller is no stranger to exposing security flaws in the iPhone. In 2007, he identified a browser exploit that also gave hackers similar control over a user’s iPhone. Miller and Mulliner are expected to publicize details of the latest flaw today at the Black Hat digital security conference in Nevada.

  1. Scary, a single character can compromise my iphone. Ummm, not exactly that simple by why confuse the world with facts.

    Share
  2. Re-read the article. It’s not a single character, but a series of SMS messages. It’s just that the single character is the only thing a victim will see during the attack. All other messages won’t even show up in your list of received messages if I’m reading it correctly.

    And the researcher also believes that with some extra effort, even that single character display can be hidden.

    Share
  3. This is just a verbatim repeat almost word for word of the FT article from day before yesterday, which has been proven to be inaccurate. Like that article, it also fails to mention that this bug is not iPhone specific and that similar bugs are to be found in Android and Windows mobile. All the articles you can find on this thing are just verbatim repeats of “what Charlie Miller” says and he has a long history of making inflammatory anti-Apple statements.

    Share
  4. Im pretty sure Apple will get a patch out before it does any real harm.

    Share
  5. There is one character that already controls all the iPhones in the world and his name is Steve Jobs ;-)

    Share
  6. [...] Written on July 31, 2009 by Charles Jade and No one has commented Days after the SMS vulnerability was reported, in which a single character could be used to crash or even take over an iPhone, Apple [...]

    Share

Comments have been disabled for this post