Cybersecurity researchers Charlie Miller and Collin Mulliner claim they can bring down your iPhone by sending it just a single “unusual” character, according to Forbes, which first published news of the exploit earlier this week.
A single square character or a series of “invisible” messages can be used to confuse an iPhone, leaving it open to hackers. The exploit affects all models of iPhones, running all versions of the iPhone OS. The only way to protect the phone from attack is to shut it down.
“Someone could pretty quickly take over every iPhone in the world with this,” said Miller. After running the exploit, a hacker has control over any of the iPhone’s features. According to Forbes, this includes “dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.”
Unlike previous exploits, this one doesn’t require the user to do anything, and can strike at any time. The only prerequisite is that the iPhone is connected to a cellular network. Miller and Mulliner say they informed Apple (s aapl) of the exploit “more than a month” ago, but so far, the company has not issued a patch to close it. Forbes adds that Apple didn’t respond to “repeated calls” seeking comment.
“I’ve given them more time to patch this than I’ve ever given a company to patch a bug,” Miller told Forbes. “As a researcher, I can only show [Apple] the bugs. It’s up to them to fix them.”
Miller is no stranger to exposing security flaws in the iPhone. In 2007, he identified a browser exploit that also gave hackers similar control over a user’s iPhone. Miller and Mulliner are expected to publicize details of the latest flaw today at the Black Hat digital security conference in Nevada.