Apple fix to iPhone security flaw

Discussion in 'Latest Tech News and Rumors' started by iLINUX, Aug 1, 2009.

  1. iLINUX

    iLINUX New Member

    Joined:
    Nov 27, 2008
    Messages:
    235
    Likes Received:
    0
    Device:
    iPad 2 (White)
    Apple fix to iPhone security flaw
    Saturday, 1 August 2009 08:16 UK

    Please Register or Log in to view images




    Apple has released a software patch to address a recently described security flaw in the iPhone.


    Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network or hijacked altogether.

    Apple said phones incorporating other mobile operating systems, such as Windows Mobile and Google Android, were also potentially vulnerable.

    It added that no-one had actually used the flaw to gain access to an iPhone.

    A spokesperson for O2, the iPhone's service provider in the UK, said: "We will be communicating to customers both through the website and proactively. We always recommend our customers update their iPhone with the latest software and this is no different."

    Access all areas

    Charlie Miller and Collin Mulliner told the Black Hat conference in Las Vegas that the hack works by slightly modifying the data - sent by the network and which the user does not see - that arrives as part of a text message.

    The system that processes such messages is similar across different operating systems and can, once compromised, gain access across a range of applications including a phone's address book or camera.

    The team say that hackers could develop programs to exploit the weakness in as little as two weeks, but told the conference that publicising the means of attack was necessary to ensure the problem was addressed.

    "If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mr Mulliner, an independent security expert, said.

    The team wrote software to exploit the weakness, targeting iPhones on four networks in Germany as well as AT&T in the US. However, they believe it would work equally well in any country.

    The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.

    The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code.

    The researchers said they had informed Google of the hack and that the company had already taken steps to address the problem.

    The Black Hat gathering, part of a leading series of conferences for information and computer security experts, took place from 25 to 30 July.

    Apple were not available to comment on the flaw.

    Source: http://news.bbc.co.uk/2/hi/technology/8177755.stm

Share This Page