Frosstbyte

I have read in a few reputable and not so reputable lcations that there is a major SMS security flaw in the iPhone 3.X software. It would potentially allow someone to hijack many phone functions including spamming other phones with SMS and infecting them as well. Allegedly this can be done wihout the knowledge of the phone user and without the use visitng any malware infected websites. A few sources indicate that apple is aware of the flaw and have failed to act to fix it for over a month.

I wanted to know if anyone here has head anything about this and if people knwo or think it is a real threat. I can't find a whisper about it on anything officially apple and a few sites I regularly visit which have frequent apple news haven't mentioned this even to dismiss it. anyone have any ideas? Is this a bad Internet rumor or should I be turning off my phone?

Thanks as always, titled comrades.

MontanaXVI

I seen it come up almost a month ago on Engadget.

It is getting more press now because the guy who found the hack is revealing it to the world at Black Hat conference today.


Here is a link to the Endgadget article from July 2

Apple patching nasty iPhone SMS vulnerability

__________________
Spank you very much

Psycho Dad

The patch (3.0.1) was released yesterday or the day before.

__________________
Don't always trust the opinions of experts.

allaboutmusic

As Psycho Dad said, it has been released. Check for Software Update in iTunes - the notes specifically say "Fixes SMS hack", IIRC.

Rekna

The hack is real and is quite disturbing. Also it was just released today that apple keyboards can fairly easily be hacked on the hardware side to log all keystrokes. This means someone could unplug your keyboard, apply the hack, plug your keyboard back in and you would not know what is going on. They would need no login access to the computer.

MontanaXVI

SAY WHAT?!?!

Since when does the iPhone have a keyboard you can unplug?!?!?!

__________________
Spank you very much

allaboutmusic

I think he means the ones for Macs. This is worrying:

Apple Keyboards Vulnerable to Firmware Hack

I might look around for a third-party Mac keyboard...

ratbastid

If you've got physical access, you can plug a physical keylogger in. More detectable, if you're looking, but easier. In the security world, once somebody's got physical access, you've already lost the game.

Rekna

I would agree that physical access is a problem but it seems the keyboard problem is still a major issue. Here are a couple of ways it could be easily exploited:

1) University Labs, log into a public terminal and your login credentials are saved. Gaining physical access to this would be simple.

2) Individuals could easily buy brand new mac keyboards, reflash them, and then sell them as new either in a shop, on ebay, etc. Even worse employees for the manufacture could do this during the manufacturing process.

The problem with this hack is the peripheral itself which is generally a trusted device can be reprogrammed to do very bad things and no one would know better.

Frosstbyte

Tampered returns and manufacturing were my first thoughts when I heard about it. That's a pretty big fucking deal, though. I don't know how Apple leaves such huge holes sometimes.

MontanaXVI

Besides me not using a mac.

Physical access is something no one gets around here, NO one and I mean NO ONE touches my computer. Wife included.

__________________
Spank you very much