• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Hijacking All iPhones via SMS
    Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the vulnerability at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked iPhone. According to Miller
    This is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.
    Since Apple has yet to address this iPhone vulnerability even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.

    This vulnerability should be heeded and patched by Apple asap (3.1 firmware anyone?). Miller knows his stuff, he was the first one to remotely hjack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool

    via forbes thx steven and jcrod73 for the tip
    This article was originally published in forum thread: Hijacking All iPhones via SMS started by Cody Overcash View original post
    Comments 250 Comments
    1. kissdaring's Avatar
      kissdaring -
      dont worrie kids nothing will happen to your phones, this is all BS...
    1. StealthBravo's Avatar
      StealthBravo -
      Quote Originally Posted by pacmac View Post


      iCrap it has begun...


      this sucks..dear apple stop rejecting cool apps GV ect..and get to work
      LMAO. haha

      Quote Originally Posted by kissdaring View Post
      dont worrie kids nothing will happen to your phones, this is all BS...
      awesome. Forward to 830-STEALTH
    1. equlizer's Avatar
      equlizer -
      Quote Originally Posted by Drummr View Post
      Is this going to be sent from another phone or from a computer, because T-Mobile has a setting that blocks texts from email/computers.
      Well for me if its from a computer, a text will pop up saying "click here to accept" before i get anything. Once i do, i get charged $.10 for those types of texts. Guess all i have to do is ignore those
    1. seandiego's Avatar
      seandiego -
      Wouldn't they need my phone number to be able to do this? If they don't have my phone number they CANNOT send me an SMS message.
    1. StealthBravo's Avatar
      StealthBravo -
      What if its a computer that can do mass texts and it just happens to pick your number? Otherwise I don't know how they would do it
    1. Happy Noodle Boy's Avatar
      Happy Noodle Boy -
      Quote Originally Posted by equlizer View Post
      Someone else posted in another thread and iduno why i didnt think about this. How do they know they are sending the text message(s) to an iphone and not a Nokia N95 or whatever? The only way possible i think is if they have access to apples database.
      They'll just mass send text messages. Shoot enough bullets and you're bound to hit what you want.
    1. StealthBravo's Avatar
      StealthBravo -
      ^ +1
    1. Drummr's Avatar
      Drummr -
      So odds are its from a computer? If so anyone on tmobile can go online to their account and somewhere there is an option to block sms from computers. I used to get all kinds of text spam and after i turned that on i haven't gotten any.
    1. oops1975's Avatar
      oops1975 -
      So are you supposed to reboot your phone and then delete the message?
    1. GrandMstrBud's Avatar
      GrandMstrBud -
      Quote Originally Posted by kissdaring View Post
      dont worrie kids nothing will happen to your phones, this is all BS...
      I agree with you.
    1. mobsta's Avatar
      mobsta -
      should i sleep with my phone off?
    1. Rescuer's Avatar
      Rescuer -
      Quote Originally Posted by mobsta View Post
      should i sleep with my phone off?
      no. stay awake with your phone on
    1. equlizer's Avatar
      equlizer -
      Quote Originally Posted by Happy Noodle Boy View Post
      They'll just mass send text messages. Shoot enough bullets and you're bound to hit what you want.
      But wasn't it said it needs 512 continuous messages in order to get through or did i misunderstand somewhere?
    1. StealthBravo's Avatar
      StealthBravo -
      I think you should take your sim out of your iPhone and put it into an old phone and just wait for this whole thing to blow over.
    1. mobsta's Avatar
      mobsta -
      Quote Originally Posted by Rescuer View Post
      no. stay awake with your phone on
      nice..lol....


      but ill sleep with it on... n wake up and have 511 new txts witsh lil scuares L7 square LOL
    1. Rescuer's Avatar
      Rescuer -
      Quote Originally Posted by StealthBravo View Post
      I think you should take your sim out of your iPhone and put it into an old phone and just wait for this whole thing to blow over.
      that's a good idea actually!
    1. iPhoneMuscle's Avatar
      iPhoneMuscle -
      Bring it sucka.... i dare you.
    1. Rescuer's Avatar
      Rescuer -
      darn! i went to the wireless att site to send myself a text message, i sent ■ , which is ascii code ALT+254

      but the text came to my phone with " ??? "




      http://www.theasciicode.com.ar/ascii...codes-254.html
    1. oops1975's Avatar
      oops1975 -
      I just tried the same... went on att site and sent a message [] and got it exactly like that
    1. Mentalikryst's Avatar
      Mentalikryst -
      I think I have an idea (I'll do it once I get home and post the results). Until 3.1 is released, just delete the SMS app. This might prevent the iPhone from processing the text and allowing it to be taken over.

      If this does work by gaining root control, it is possible that simply changing the root password would work. But, if it works on another exploit, it is possible that this could be much harder to combat.