Friday, July 31, 2009

In Two Weeks Your iPhone Will Be Hacked



Does the picture on the left look familiar?  Cause I've used it a dozen times in a dozen posts.  In fact,  most recently, about two posts ago.  The article below is justifies it's use once again.  And this is only the tip of the iceberg.  Smartphones use browsers.  Browsers are not safe.  Financial transactions need to be done outside the browser space.  It's the typing.  Researchers at Black Hat exposed a major vulnerability in the iPhone which would allow a hacker to send an SMS message and completely take over not only your iPhone but everybody in your contacts lists phones as well.   

iPhone vulnerable to hacker attacks, experts say


Flaws can be exploited to take complete control over an iPhone (and other smart phones)

LAS VEGAS - Security experts have uncovered flaws in Apple Inc.'s iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

IPhone users needed to be warned that their devices are not secure and Apple should try to repair the vulnerability as soon as possible, they said at the Black Hat conference in Las Vegas, one of the world's top forums for exchanging information on computer security threats.

"It's scary. I don't want people taking over my iPhone," Charlie Miller, a security analyst with consulting firm Independent Security Evaluators, said in an interview.

Miller and Collin Mulliner, a Ph.D. student at the Technical University of Berlin, also discovered a method for hacking the iPhone that lets hackers easily knock a victim's iPhone off a carrier's network.

It prevents users from making calls, accessing the Internet and exchanging text messages, they added.

The two showed how they can disconnect an iPhone from the cellular network by sending it a single, maliciously crafted text message — a message the victim never sees. The messages exploit bugs in the way iPhones handle certain messages and are used to crash parts of the software.

1. The major issue is a security flaw involving SMS. Specifically, thehack can control an iPhone remotely, including your iPhone’s camera, Safari, and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.
2. The hack works by sending you code in an SMS message (or a seriesof messages) that crashes your iPhone. After that, your iPhone istheirs to use.
3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.
4. You only have to receive the message to get hacked; you don’t even have to do anything with the text message.
5. The flaw was discovered by noted security expert Charlie Miller, who has hacked everything from MacBook Airs to Second Life, and partner Collin Mullinger.
6. The attack was presented publicly at the Black Hat conference.The duo decided to do this after Apple gave them no response back inJuly, when they provided Apple with information on the security flaw.The goal is to bring attention to the flaw (which they are clearlygetting).
7. According to Reuters, now that the vulnerability is exposed, hackers could build software that mounts this SMS attack within the next two weeks.
8. Apparently Google Android, Windows Mobile phones, and Palm Presare vulnerable to similar hacks. The team demonstrated the attack on anAndroid phone and a Windows Mobile phone.- Mashable.com



They even said it's possible to remotely control an iPhone by sending 500 messages to a single victim's phone. Those messages contain the necessary commands for the attack and would get executed automatically by exploiting a weakness in the way the iPhone's memory responds to that volume of traffic.

Miller said messaging attacks are so attractive, and are going to become more common, because the underlying technology is a core phone feature that can't be turned off.

"It's such a powerful attack vector," Miller said. "All I need to know is your phone number. As long as their phone's on, I can send this and their phone's going to do something with this. ... It's always on, it's always there, the user doesn't have to do anything — it's the perfect attack vector."



They said the information they presented at Black Hat will give criminals enough information to develop software to break into iPhones within about two weeks. 

Continue Reading



Reblog this post [with Zemanta]

Disqus for ePayment News