As we reported earlier today, security experts Charlie Miller and Collin Mulliner have exposed an iPhone virus that could allow criminals to control your phone just by sending a single text message (SMS). Their presentation, at the Black Hat conference in Las Vegas, is making a lot of waves, but the details are scattered or overly technical for most iPhone owners.
That’s why we’ve done some research on the information that has come out on this security vulnerability. The technical detail involved in the hack can be overwhelming, so we’re synthesizing it down to the key points – as well what you can expect. Don’t be alarmed, but be vigilant. Here’s the security breakdown:
1. The major issue is a security flaw involving SMS. Specifically, the hack can control an iPhone remotely, including your iPhone’s camera, Safari, and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.
2. The hack works by sending you code in an SMS message (or a series of messages) that crashes your iPhone. After that, your iPhone is theirs to use.
3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.
4. You only have to receive the message to get hacked; you don’t even have to do anything with the text message.
5. The flaw was discovered by noted security expert Charlie Miller, who has hacked everything from MacBook Airs to Second Life, and partner Collin Mullinger.
6. The attack was presented publicly at the Black Hat conference. The duo decided to do this after Apple gave them no response back in July, when they provided Apple with information on the security flaw. The goal is to bring attention to the flaw (which they are clearly getting).
7. According to Reuters, now that the vulnerability is exposed, hackers could build software that mounts this SMS attack within the next two weeks.
8. Apparently Google Android, Windows Mobile phones, and Palm Pres are vulnerable to similar hacks. The team demonstrated the attack on an Android phone and a Windows Mobile phone.
While we’re still sifting through very technical information on this attack, it’s a clear reminder that no software, no computer, and no phone is safe from thieves, hackers, and harm. We’ll provide additional updates as they come from either Black Hat or Apple.
Update: For now, your phone isn’t in immediate danger, as it will take time before malicious individuals can build the necessary code to mount this type of SMS attack. We’ll update you if that changes. Here’s Miller and Mullinger’s paper on the subject if you’d like to check it out: