IPhone SMS "hack" - Tilted Forum Project Discussion Community

Frosstbyte · 07-30-2009, 12:48 AM

I have read in a few reputable and not so reputable lcations that there is a major SMS security flaw in the iPhone 3.X software. It would potentially allow someone to hijack many phone functions including spamming other phones with SMS and infecting them as well. Allegedly this can be done wihout the knowledge of the phone user and without the use visitng any malware infected websites. A few sources indicate that apple is aware of the flaw and have failed to act to fix it for over a month.

I wanted to know if anyone here has head anything about this and if people knwo or think it is a real threat. I can't find a whisper about it on anything officially apple and a few sites I regularly visit which have frequent apple news haven't mentioned this even to dismiss it. anyone have any ideas? Is this a bad Internet rumor or should I be turning off my phone?

Thanks as always, titled comrades.

MontanaXVI · 07-30-2009, 04:14 AM

I seen it come up almost a month ago on Engadget.

It is getting more press now because the guy who found the hack is revealing it to the world at Black Hat conference today.

Here is a link to the Endgadget article from July 2

Apple patching nasty iPhone SMS vulnerability

Psycho Dad · 08-01-2009, 11:20 AM

The patch (3.0.1) was released yesterday or the day before.

allaboutmusic · 08-01-2009, 11:28 AM

As Psycho Dad said, it has been released. Check for Software Update in iTunes - the notes specifically say "Fixes SMS hack", IIRC.

Rekna · 08-01-2009, 12:48 PM

The hack is real and is quite disturbing. Also it was just released today that apple keyboards can fairly easily be hacked on the hardware side to log all keystrokes. This means someone could unplug your keyboard, apply the hack, plug your keyboard back in and you would not know what is going on. They would need no login access to the computer.

MontanaXVI · 08-01-2009, 01:38 PM

Quote:

Originally Posted by Rekna

The hack is real and is quite disturbing. Also it was just released today that apple keyboards can fairly easily be hacked on the hardware side to log all keystrokes. This means someone could unplug your keyboard, apply the hack, plug your keyboard back in and you would not know what is going on. They would need no login access to the computer.

SAY WHAT?!?!

Since when does the iPhone have a keyboard you can unplug?!?!?!

allaboutmusic · 08-01-2009, 02:36 PM

I think he means the ones for Macs. This is worrying:

Apple Keyboards Vulnerable to Firmware Hack

I might look around for a third-party Mac keyboard...

ratbastid · 08-01-2009, 02:42 PM

If you've got physical access, you can plug a physical keylogger in. More detectable, if you're looking, but easier. In the security world, once somebody's got physical access, you've already lost the game.

Rekna · 08-01-2009, 07:56 PM

Quote:

Originally Posted by ratbastid

If you've got physical access, you can plug a physical keylogger in. More detectable, if you're looking, but easier. In the security world, once somebody's got physical access, you've already lost the game.

I would agree that physical access is a problem but it seems the keyboard problem is still a major issue. Here are a couple of ways it could be easily exploited:

1) University Labs, log into a public terminal and your login credentials are saved. Gaining physical access to this would be simple.

2) Individuals could easily buy brand new mac keyboards, reflash them, and then sell them as new either in a shop, on ebay, etc. Even worse employees for the manufacture could do this during the manufacturing process.

The problem with this hack is the peripheral itself which is generally a trusted device can be reprogrammed to do very bad things and no one would know better.

Frosstbyte · 08-01-2009, 10:49 PM

Tampered returns and manufacturing were my first thoughts when I heard about it. That's a pretty big fucking deal, though. I don't know how Apple leaves such huge holes sometimes.

MontanaXVI · 08-02-2009, 04:16 AM

Besides me not using a mac.

Physical access is something no one gets around here, NO one and I mean NO ONE touches my computer. Wife included.

07-30-2009, 12:48 AM	#1 (permalink)
Frosstbyte Winter is Coming Location: The North	IPhone SMS "hack" I have read in a few reputable and not so reputable lcations that there is a major SMS security flaw in the iPhone 3.X software. It would potentially allow someone to hijack many phone functions including spamming other phones with SMS and infecting them as well. Allegedly this can be done wihout the knowledge of the phone user and without the use visitng any malware infected websites. A few sources indicate that apple is aware of the flaw and have failed to act to fix it for over a month. I wanted to know if anyone here has head anything about this and if people knwo or think it is a real threat. I can't find a whisper about it on anything officially apple and a few sites I regularly visit which have frequent apple news haven't mentioned this even to dismiss it. anyone have any ideas? Is this a bad Internet rumor or should I be turning off my phone? Thanks as always, titled comrades.

07-30-2009, 04:14 AM	#2 (permalink)
MontanaXVI Junkie Location: Go A's!!!!	I seen it come up almost a month ago on Engadget. It is getting more press now because the guy who found the hack is revealing it to the world at Black Hat conference today. Here is a link to the Endgadget article from July 2 Apple patching nasty iPhone SMS vulnerability __________________ Spank you very much

08-01-2009, 11:20 AM	#3 (permalink)
Psycho Dad Mulletproof Location: Some nucking fut house.	The patch (3.0.1) was released yesterday or the day before. __________________ Don't always trust the opinions of experts.

08-02-2009, 04:16 AM	#11 (permalink)
MontanaXVI Junkie Location: Go A's!!!!	Besides me not using a mac. Physical access is something no one gets around here, NO one and I mean NO ONE touches my computer. Wife included. __________________ Spank you very much

08-01-2009, 11:28 AM	#4 (permalink)
allaboutmusic Aurally Fixated	As Psycho Dad said, it has been released. Check for Software Update in iTunes - the notes specifically say "Fixes SMS hack", IIRC.

08-01-2009, 12:48 PM	#5 (permalink)
Rekna Junkie	The hack is real and is quite disturbing. Also it was just released today that apple keyboards can fairly easily be hacked on the hardware side to log all keystrokes. This means someone could unplug your keyboard, apply the hack, plug your keyboard back in and you would not know what is going on. They would need no login access to the computer.

08-01-2009, 02:36 PM	#7 (permalink)
allaboutmusic Aurally Fixated	I think he means the ones for Macs. This is worrying: Apple Keyboards Vulnerable to Firmware Hack I might look around for a third-party Mac keyboard...

08-01-2009, 02:42 PM	#8 (permalink)
ratbastid Darth Papa Location: Yonder	If you've got physical access, you can plug a physical keylogger in. More detectable, if you're looking, but easier. In the security world, once somebody's got physical access, you've already lost the game.

08-01-2009, 10:49 PM	#10 (permalink)
Frosstbyte Winter is Coming Location: The North	Tampered returns and manufacturing were my first thoughts when I heard about it. That's a pretty big fucking deal, though. I don't know how Apple leaves such huge holes sometimes.