Hijacking All iPhones via SMS

[Cody Overcash]

Cybersecurity researchers Charlie Miller and Collin Mulliner discovered how to completely hijack any iPhone via SMS. Tomorrow (Thursday) they plan on publicize and reveal the vulnerability at the Black Hat cybersecurity conference in Las Vegas. They will be demonstrating how to send a series of SMS burst to the iPhone which will allow them to take complete control of EVERYTHNIG on the device and then propagate the attack by sending more SMS messages via the hijacked iPhone. According to Miller

This is serious. The only thing you can do to prevent it is turn off your phone . . . Someone could pretty quickly take over every iPhone in the world with this.

Since Apple has yet to address this iPhone vulnerability even though Miller and Mulliner notified Apple over a month ago. Miller suggests that if you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character you should turn the device off immediately.

This vulnerability should be heeded and patched by Apple asap (3.1 firmware anyone?). Miller knows his stuff, he was the first one to remotely hjack the iPhone in 2007 via the former bug in iPhone Safari -- old skool, as in jailbreakme.com old skool

via forbes thx steven and jcrod73 for the tip

[PhoneLine]

I read up on it a bit and it seems that it gives the sender of the sms root access. Any chance perhaps those that jailbroke and have changed the root/mobile passwords would be a little safer?

This is not my cup of tea, just since the jailbreakers have more access to the phone then the regular user, I'm thinking maybe there is a way for us to combat this before the apple patch is released?

[dale1v]

Errr well that sucks.

[kingskid07]

I wonder... after turning it off, will rebooting it fix the problem?

[Bernie-Mac]

I read up on it a bit and it seems that it gives the sender of the sms root access. Any chance perhaps those that jailbroke and have changed the root/mobile passwords would be a little safer?

That makes sense. It sounds like it would work and if it does it would be a big "suck it" to all the non-jailbroken jailbreak bashers out there. At least my jailbroken 3GS isnt going to be hacked and used towards world domination

[PhoneLine]

I wonder... after turning it off, will rebooting it fix the problem?

Well, it will probably disconnect their access till they send you another SMS with the flaw again. But if you get the text at 3am and your sleeping, the person can have full access till you notice the message.

Maybe AT&T can block the text from coming through, since they seem to be so good at blocking things. Not a help to those unlocked, but its a start

[DjPrayz]

This is not good.

[Sniper366]

can anyone point me to a tutorial or forum regarding changing the root password on a 3GS. so long, alpine!

[chaingang54]

LOL I posted this first I should get credit!
http://www.modmyi.com/forums/general...r-hackers.html

[fungusfeet]

credit? what can you buy with this credit?

[zoolander369]

Yikes.

[GregTheWang]

OMGWTFBBQ OUR iPHONES ARE AT RISK. ARM THE NUCLEAR WEAPONS!

[ianbroste]

the drug dealers and cell tower destroyers are one step closer!!!!!!!!!!!!!

[JedixJarf]

can anyone point me to a tutorial or forum regarding changing the root password on a 3GS. so long, alpine!

Just install terminal on your phone or SSH into it and su root, then type passwd and it will prompt you for a new pass.

[blkcadi]

Scary, just scary. OMG

[PhoneLine]

I'm guessing we won't know if changing the root password will help until after the exploit is made public.

I've always thought changing it from the default was a good thing though either way.

[Melech518]

im changing my password to binary

[StealthBravo]

I don't think changing the password will help. LMAO

[Rescuer]

LOL I posted this first I should get credit!
http://www.modmyi.com/forums/general...r-hackers.html

[mobsta]

if u get that text will removing the sim card stop it???

instead of turning off cuz taking out the sim is quicker