As we reported earlier today, security experts Charlie Miller and Collin Mulliner have exposed an iPhone virus that could allow criminals to control your phone just by sending a single text message (SMS). Their presentation, at the Black Hat conference in Las Vegas, is making a lot of waves, but the details are scattered or overly technical for most iPhone owners.

That’s why we’ve done some research on the information that has come out on this security vulnerability. The technical detail involved in the hack can be overwhelming, so we’re synthesizing it down to the key points – as well what you can expect. Don’t be alarmed, but be vigilant. Here’s the security breakdown:

1. The major issue is a security flaw involving SMS. Specifically, the hack can control an iPhone remotely, including your iPhone’s camera, Safari, and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.

2. The hack works by sending you code in an SMS message (or a series of messages) that crashes your iPhone. After that, your iPhone is theirs to use.

3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.

4. You only have to receive the message to get hacked; you don’t even have to do anything with the text message.

5. The flaw was discovered by noted security expert Charlie Miller, who has hacked everything from MacBook Airs to Second Life, and partner Collin Mullinger.

6. The attack was presented publicly at the Black Hat conference. The duo decided to do this after Apple gave them no response back in July, when they provided Apple with information on the security flaw. The goal is to bring attention to the flaw (which they are clearly getting).

7. According to Reuters, now that the vulnerability is exposed, hackers could build software that mounts this SMS attack within the next two weeks.

8. Apparently Google Android, Windows Mobile phones, and Palm Pres are vulnerable to similar hacks. The team demonstrated the attack on an Android phone and a Windows Mobile phone.

While we’re still sifting through very technical information on this attack, it’s a clear reminder that no software, no computer, and no phone is safe from thieves, hackers, and harm. We’ll provide additional updates as they come from either Black Hat or Apple.

Update: For now, your phone isn’t in immediate danger, as it will take time before malicious individuals can build the necessary code to mount this type of SMS attack. We’ll update you if that changes. Here’s Miller and Mullinger’s paper on the subject if you’d like to check it out:

Tags: apple, hack, hacker, iphone, security, SMS

Free tools for breaking into Oracle databases will be released at Black Hat and Defcon next week.

Over the past decade, the world has seen advances in rootkits running on Windows and Unix operating systems that few would have thought possible. Now, it's Mac OS X's turn, as a security researcher plans to share a variety of techniques for developing the ultra-stealthy programs for the Apple platform.

A user can save their login information by ticking off a checkbox in the login form and AutoLogin will store their information in a cookie to automatically log them in (using the Auth Component) on their next visit.

snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."

Read more of this story at Slashdot.