• Your favorite








    , and
  • Hijacking All iPhones via SMS
    Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the vulnerability at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked iPhone. According to Miller
    This is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.
    Since Apple has yet to address this iPhone vulnerability even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.

    This vulnerability should be heeded and patched by Apple asap (3.1 firmware anyone?). Miller knows his stuff, he was the first one to remotely hjack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool

    via forbes thx steven and jcrod73 for the tip
    This article was originally published in forum thread: Hijacking All iPhones via SMS started by Cody Overcash View original post
    Comments 250 Comments
    1. StealthBravo's Avatar
      StealthBravo -
      Now 4,233 hackers know the exploit. I am not concerned either
    1. metaserph's Avatar
      metaserph -
      [ ] < Copy this to the clipboard and keep it there. It breaks the square. This will prevent anything from taking control of your iPhone, LOL.
    1. qmega's Avatar
      qmega -
      Although changing the root password is a good idea, it wouldn't help in this situation. If buffer overflow runs into a root terminal, it doesn't ask for a password or anything. Remember this works on even non-jailbroken devices, because this hole goes into the root terminal even if you can't, without needing a password.

      That said, if you want to change your root password, use the 'passwd' command. Get into a root terminal one of these ways:
      SSH into your device with your computer. On a Mac, open Terminal (/Applications/Utilities/Terminal.app) and type 'ssh root@[your phone's ip address]', on Windows, use puTTY
      Download MobileTerminal and type 'su root' before executing passwd. Or, if you have sudo installed, you can also use 'sudo passwd' or 'sudo -s' in the place of 'su root'
      Download TouchTerm from the App Store, make a connection to localhost (or as root
      1 and 3 require installation of OpenSSH.
      I don't think I need to mention that the default password is 'alpine'. If you want to change the password for mobile too, use 'passwd mobile'.
    1. kvnhe's Avatar
      kvnhe -
      Seems like we all survived Thursday.
    1. IvanPK's Avatar
      IvanPK -
      Quote Originally Posted by kinjutsu View Post
      seems like we all survived thursday.
    1. Rescuer's Avatar
      Rescuer -
      I didn't get any square text messages. I sorta feel unloved

      pew pew pew
    1. A3gOwner's Avatar
      A3gOwner -
      Anyone have a link to more news on this, I'm on edge on my iPhone right now so searching is out of the question.
    1. StealthBravo's Avatar
      StealthBravo -
      Quote Originally Posted by Rescuer View Post
      I didn't get any square text messages. I sorta feel unloved

      pew pew pew
      What's your number? I will show you some love
    1. Rescuer's Avatar
      Rescuer -
      Quote Originally Posted by stealthbravo View Post
      what's your number? I will show you some love

    1. StealthBravo's Avatar
      StealthBravo -

    1. A3gOwner's Avatar
      A3gOwner -
      Thanks oops. No where in there did they talk about root file system access. From what I get is they are injecting a layer into the software and without having root how are they gonna do this? Mobile user maybe? Is this really possible without physical access to the device? You really gotta piss somebody off to get them to take this much effort just to keep you from using ur phone. I am going to check the date on the plist and back it up now just incase.
    1. Rescuer's Avatar
      Rescuer -
      Quote Originally Posted by StealthBravo View Post

      East bay area, 925

      [ame=http://www.youtube.com/watch?v=axLRUszuu9I]YouTube - 867-5309/Jenny, LIVE[/ame]
    1. StealthBravo's Avatar
      StealthBravo -

      I have family in Berkeley
    1. javiert30's Avatar
      javiert30 -
      They said that iPhones working with AT&T cant be infected. All of this is an iPhone progaganda, read the post about jailbreak is for drug dealers.
    1. Tower72's Avatar
      Tower72 -
      Seems like they ran the tests on 2.2 and 2.2.1..This still pertain to 3.0?
    1. slidingmike's Avatar
      slidingmike -
      Quote Originally Posted by chaingang54 View Post
      LOL I posted this first I should get credit!


      I posted 6 hours before you did!
    1. ugshotgun's Avatar
      ugshotgun -
      Quote Originally Posted by blkcadi View Post
      ^^Didn't realize it was that easy, thanks Chris. lmao

      *shotgun swipes eyes left & right, then enters the room!*

      Whew, it looks like my Code worked; feel so sorry for those who didn't use it...

      Always remember young padawans..."use the code bro, use the code!" The code is strong in this room, I can feel it

      And your welcome blckcadi!!

    1. hackermy2's Avatar
      hackermy2 -
      the fix com on this weekend from apple

      BREAKING NEWS: O2 Confirms SMS Fix This Weekend!
    1. StealthBravo's Avatar
      StealthBravo -
      ^ Hopefully