Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

iPhone Vulnerability Yields Root Access Via SMS

timothy posted about 5 years ago | from the tweet-hack dept.

Security 186

snydeq writes "Pwn2Own winner Charlie Miller has revealed an SMS vulnerability that could provide hackers with root access to the iPhone. Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a DDoS attack or botnet, Miller said. Miller did not provide detailed description of the SMS vulnerability, citing an agreement with Apple, which is working to fix the vulnerability in advance of Black Hat, where Miller plans to discuss the attack in greater detail. 'SMS is a great vector to attack the iPhone,' Miller said, as SMS can send binary code that the iPhone processes without user interaction. Sequences can be sent to the phone as multiple messages that are automatically reassembled, thereby surpassing individual SMS message limits of 140 bytes."

cancel ×

186 comments

iPhone needs to cool down before you can use it (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#28570685)

Shit hardware. Shit software. Apple: think shit

easy to stop on att just have them block txt. (1)

Joe The Dragon (967727) | about 5 years ago | (#28570863)

easy to stop on att just have them block txt.

the real bad part about this is that if you don't have a txt plan some one can spam you and you pay $0.20 per in coming txt how ever this may be a good thing as if this goes big time then they may be forced to make incoming free.

Re:easy to stop on att just have them block txt. (1, Interesting)

Anonymous Coward | about 5 years ago | (#28570911)

It still never ceases to amaze me that US carriers get away with charging for INCOMING text messages.

Here in the UK we don't always get the best or cheapest service plans, but one thing that every plan from every provider has in common is that incoming standard text messages are free.

Re:easy to stop on att just have them block txt. (1)

FTWinston (1332785) | about 5 years ago | (#28571099)

Yikes, I had no idea they charged to [i]receive[/i] ... thats crap! Do they charge you to receive calls too?

Re:easy to stop on att just have them block txt. (1)

GeorgeStone22 (1532191) | about 5 years ago | (#28571213)

I think so. I have some american friends who bought a pay & go mobile to use here in the UK. When I would phone them they would almost always hang up on me. When I asked why they said they only had a little credit left and they needed it. I explained that over here incoming anything is free. Only costs to send.

Re:easy to stop on att just have them block txt. (0)

Anonymous Coward | about 5 years ago | (#28571901)

Yes, in general, carriers in the US do charge to receive calls (they count against the pool of minutes for which you pay each month).

There are some "free incoming" plans available with some carriers.

Ouch! (1)

thomasdn (800430) | about 5 years ago | (#28570693)

We do not know the details of this yet, but if this is really an "sms to root" exploit, it can be used for sms-based virusses that can spread very fast.

Re:Ouch! (5, Funny)

Canazza (1428553) | about 5 years ago | (#28570813)

1) Hacker Sends SMS to target phone
2) Phone gets virus, virus looks up address book and sends itself to everyone in their address book
3) Phone with virus does evil stuff to phone

Damn, that's excellent... erm, I mean... too bad... for... you know... California... and Art Students...
Phones are for phoning people
PDAs/Netbooks/Laptops are for doing business on the move
Laptops/Gameboys are for mobile gaming

The only combination I'll accept are mobile phones that play my MP3's... since it's a small, simple extension of the already availible 'ringing' feature of phones :P
Oh, and cameras... I'll accept camera phones... They're useful.
And Skype access
And Wifi for the Skype...
and while we've got Wifi we might as well have a browser
and maybe the ability to put other apps on it too...

*damnit* I've fallen for feature creep... someone help!

Re:Ouch! (1, Funny)

Comatose51 (687974) | about 5 years ago | (#28570941)

Well, I hope you removed the air conditioner and the stereo from your car because A/C is for cooling and stereo is for listening. They have no purpose in the car. While we're at it, let's take out the headlights too. Oh that starter motor is just a total dead weight. Talk about feature creep! Wheel, brakes, and an engine should be all you have in your car.

Re:Ouch! (1)

Canazza (1428553) | about 5 years ago | (#28571151)

1) I don't own a car
2) You missed the point
3) You really think that Grindr [apptism.com] is as essential to a phone as a wheel is to a car?

Re:Ouch! (2, Interesting)

GeorgeStone22 (1532191) | about 5 years ago | (#28571265)

I don't get your mindset. The phone has obviously sold millions upon millions. It's doing something right. It's called usability and the iPhone has it by the bucket loads. Before the iPhone came about putting apps onto a phone was annoying and awkward for the average user. You had to download the .sis (On symbian OS) then put it on a memory card, then finally install it. Apple have made mobile applications accessible to the masses, and Grindr is proof of that. I don't agree with everything Apple has done with the iPhone, but I agree with enough of it to have just ordered a 3Gs. My previous phone was a Nokia 6600 which was probably more feature rich, but using it was torture.

Mobile homebrew gaming? (1)

tepples (727027) | about 5 years ago | (#28571021)

Laptops/Gameboys are for mobile gaming

What do you recommend for mobile gaming that meets my cousin's criteria?

  1. Smaller than an Eee PC. Laptops are harder to carry than something that fits in a pocket.
  2. Allows students, hobbyists, and small companies to develop for the platform. Nintendo and Sony take stances against homebrew.
  3. Can be purchased with cash in the United States. Please don't shut out children who have saved their birthday and lawn mowing money.

Laptops fail 1, Game Boy fails 2, and GP2X fails 3. The only video gaming platform we could find that meets all these criteria is a Texas Instruments graphing calculator, so he bought a TI-84 Plus Silver.

Re:Mobile homebrew gaming? (1)

SomeNoob (1437583) | about 5 years ago | (#28571253)

I see G1 phones on craigslist all the time for not much more than the TI-84.

Re:Mobile homebrew gaming? (1)

tepples (727027) | about 5 years ago | (#28571713)

Can be purchased with cash in the United States.

G1 phones on craigslist

Is craigslist open to children or cash payments?

Re:Mobile homebrew gaming? (1)

SomeNoob (1437583) | about 5 years ago | (#28571983)

Anybody can use craigslist, and cash is preferred. Just don't send the kid alone to meet somebody.

Re:Mobile homebrew gaming? (0)

Anonymous Coward | about 5 years ago | (#28571987)

Can be purchased with cash in the United States.

G1 phones on craigslist

Is craigslist open to children or cash payments?

About as open to children and cash payments as your local newspaper classifieds would be.

Re:Mobile homebrew gaming? (1)

pwfffff (1517213) | about 5 years ago | (#28571527)

Keep your eye on http://www.openpandora.org/ [openpandora.org]

Pandora is like the GP2X in this regard (1)

tepples (727027) | about 5 years ago | (#28571701)

Can be purchased with cash in the United States [...] GP2X fails

Keep your eye on http://www.openpandora.org/ [openpandora.org]

I am aware of the Pandora PDA, expected to be out by the fourth quarter of 2009, but I am not aware of a U.S. retail chain that has committed to stock it. As I understand it, it will be available exclusively through mail order, an option that isn't open to children who are paying with accumulated cash.

Re:Mobile homebrew gaming? (1)

dunkelfalke (91624) | about 5 years ago | (#28571739)

Any Windows Mobile PDA will do actually.

Re:Ouch! (0)

Anonymous Coward | about 5 years ago | (#28571231)

1) Hacker Sends SMS to target phone
2) Phone gets virus, virus looks up address book and sends itself to everyone in their address book
3) Phone with virus does evil stuff to phone

4) ??????
5) Profit!

Re: why skype and not SIP (voip) (1)

SpzToid (869795) | about 5 years ago | (#28571395)

Please don't promote skype in this space. It is too proprietary, and consumes too much battery power running as a 3rd party app.

Why not buy a true SIP phone? Then you can set it up like an extension at your office/PBX, or configure it directly to a service like www.voipcheap.com. Personally, I won't buy a phone unless it is supported on a list like this one:
http://www.forum.nokia.com/Technology_Topics/Mobile_Technologies/VoIP/Nokia_VoIP_Framework/VoIP_support_in_Nokia_devices.xhtml [nokia.com]

In the US, T-mobile sells uncapped (AFAIK) mobile internet for $40 a month. Another 'perk' under such a plan is A-GPS (combined cell-tower plus true GPS for speed).

This makes your mobile device much closer to being a standardized 'client' to web services. In fact I even turn my N95 into a 3g router, using www.joikuspot.com (so I don't have to swap the SIM with my USB modem).

Re:Ouch! (1)

Meneth (872868) | about 5 years ago | (#28571525)

You failed at "Skype". :)

Re:Ouch! (5, Insightful)

Jurily (900488) | about 5 years ago | (#28570847)

Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?

Re:Ouch! (2, Funny)

Joce640k (829181) | about 5 years ago | (#28570909)

He used to work for Microsoft where he spent his time adding "can execute code" to all their media file formats. Now he's at Apple (and continuing the good work...)

Re:Ouch! (0, Flamebait)

dna_(c)(tm)(r) (618003) | about 5 years ago | (#28570919)

The only plausible explanation is that Microsoft must have bought Apple...

Re:Ouch! (1, Funny)

El Lobo (994537) | about 5 years ago | (#28571171)

I know you are joking/trolling but this is telling us that no system is really that safe, be it windows basex, unix based, you name it. The IPhone is so popular that it's now an important target for spam/virus makers. Windows has been the only **'important enough** target in the desktop until today. But let OZX have the same share than Windows and you will see root escalation viruses comming out from the sky every single day, no matter what the filosophy of the OS is.

Re:Ouch! (2, Insightful)

fmobus (831767) | about 5 years ago | (#28571425)

Yeah, because the same happened in the webserver market. Apache installations get rooted every single minute.

Re:Ouch! (1)

forand (530402) | about 5 years ago | (#28571353)

My best guess would be the cell providers. They want someway to control the devices on their network or update them remotely if so needed.

Re:Ouch! (2, Informative)

Nerdfest (867930) | about 5 years ago | (#28571393)

That would be Steve Jobs ... but he's a sick man.

Re:Ouch! (4, Interesting)

L4t3r4lu5 (1216702) | about 5 years ago | (#28571489)

This might be linked to the MobileMe Find My iPhone, Remote Wipe, and remote message facilities. If these are commands sent by SMS message from MobileMe, then perhaps they can be overflowed to run arbitrary commands.

After all, if you can wipe the phone remotely, then that system has root access, does it not?

N.B. I am not a security researcher.

Not likely (1, Informative)

Anonymous Coward | about 5 years ago | (#28572075)

The way it probably works (I am not 100% sure) is with the persistent Internet connection the phone maintains for push notifications support.

Re:Ouch! (0)

jdion (664108) | about 5 years ago | (#28571495)

Who the fuck though it would be a good idea to automatically execute the content of a message you have no control over whatsoever?

I would guess that this has more to do with the push features of the phone, including the new 'remote wipe' or 'find my phone' features if you happen to be using MobileMe. I would venture to guess the same functionality was provided to developers of any push application to execute commands for an applicable application.

I would venture to guess that the reason for this would be that SMS messages do not have any code signing, and in order to implement would have pushed out the deadline for Push based responses even further. Apple screwed the pooch by taking the path of least resistance, and gambled that this vulnerability wouldn't have been found for a good time (maybe iPhone OS 4.0).

Pure speculation on my part, but my $0.02.

Re:Ouch! (1)

FlyingBishop (1293238) | about 5 years ago | (#28571705)

The second link describes a general vulnerability in the SMS protocol. It sounds like you may need to have a wireless transmitter in general proximity to the phone. You then send a spoofed ("fuzzed") message which the phone interprets poorly, with the end result that it executes some code you have chosen.

It also doesn't necessarily look like this would result in the sort of viral behavior we usually see from exploits, since the SMS does not show up on the carrier's radar (which I interpret to mean that it cannot pass through the carrier tower.)

Though I don't know if phone-to-phone direct could be used to do this.

Re:Ouch! (1)

rts008 (812749) | about 5 years ago | (#28570901)

...it can be used for sms-based virusses that can spread very fast.

A blackhat could have a field day with this on Twitter!

Re:Ouch! (2, Interesting)

Sockatume (732728) | about 5 years ago | (#28571551)

It's not a true SMS-to-root exploit. So far he's only been able to crash part of the device's software with it, he's still looking into whether it can be used to run arbitrary code.

Wonder how this goes together .. (3, Insightful)

Anonymous Coward | about 5 years ago | (#28570727)

Wondering if this can be combined with iPhone's ability to heat red hot while in your pocket

Re:Wonder how this goes together .. (0)

Anonymous Coward | about 5 years ago | (#28570773)

Wondering if this can be combined with iPhone's ability to heat red hot while in your pocket

Step one: place pinky / little finger at the corner of your mouth
Step two: put on your best Dr. Evil voice
Step three: Turn to your evil henchman and say "Mini Me, ya hungry?" "Something to eat? Not even a SMS hot pocket?"

Can't Carriers Stop this? (3, Insightful)

forand (530402) | about 5 years ago | (#28570739)

So this is bad news for the iPhone but it seems like any carrier of the iPhone should want to implement a simple filter to remove any malicious SMSs from the system.

Re:Can't Carriers Stop this? (0)

Anonymous Coward | about 5 years ago | (#28570853)

And the carriers not officially supporting the iPhone might just not do it. Which will spell doom for desimlocked devices.

In fact, that is a very efficient way to force people to upgrade their firmware. Now how can this benefit Apple ? mhhh....

Re:Can't Carriers Stop this? (1)

Joce640k (829181) | about 5 years ago | (#28570917)

Ummm, carriers stand to profit from this so why would they?

Re:Can't Carriers Stop this? (1)

Rogerborg (306625) | about 5 years ago | (#28571249)

Ummm, carriers stand to profit from this so why would they?

Humanity </Zarkov>

Re:Can't Carriers Stop this? (1, Informative)

Anonymous Coward | about 5 years ago | (#28571079)

if any of you had RTFA:

allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices. This method does not use the carrier and so is free (and invisible to the carrier). .

the key is "this method does not use the carrier"

you're welcome

Re:Can't Carriers Stop this? (1)

forand (530402) | about 5 years ago | (#28571367)

How the heck does this method send an SMS without using the carrier?

Re:Can't Carriers Stop this? (1)

FlyingBishop (1293238) | about 5 years ago | (#28571717)

I assume you take a transmitter, and you send it to the phone. I don't know what sort of proximity that would require.

Re:Can't Carriers Stop this? (0)

Anonymous Coward | about 5 years ago | (#28571725)

if you read the other article cited you would have seen "The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network."

get off your high horse d-bag

Re:Can't Carriers Stop this? (1)

SpzToid (869795) | about 5 years ago | (#28571365)

Actually this type of exploit has been known to effect Nokia phones for awhile already. It seems only normal someone would figure out how to do it to an iPhone, (unless Apple was proactive in thwarting such an attack, which hasn't been the case)

http://www.google.com/search?q=nokia+malformed+sms&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=firefox-a [google.com]

Are you proposing an SMS evil bit? (0)

Anonymous Coward | about 5 years ago | (#28571953)

it seems like any carrier of the iPhone should want to implement a simple filter to remove any malicious SMSs from the system

This is a serious sentence?

iPhone Vulnerability Yields Root Access Via SMS (5, Funny)

Anonymous Coward | about 5 years ago | (#28570743)

"...Malicious code sent by SMS to run on the phone could include commands to monitor location using GPS, turn on the phone's microphone to eavesdrop on conversations,..."

Cool now my wife can have that iphone she always wanted.

Oh crap... (1)

bezking (1274298) | about 5 years ago | (#28570747)

Now where did I leave my Dynatac???

So I assume a buffer overflow? (1, Insightful)

Anonymous Coward | about 5 years ago | (#28570753)

Wow, buffer overflows in 2009.

I guess ARM needs to implement No Execute Bit in their CPUs. You can't protect against dumb programmers.

If it wasn't a buffer overflow, then how in the name of all that is chocolate did some binary data get to be executable?!

--
Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment.
It's been 13 minutes since you last successfully posted a comment

LOL.

Great (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#28570759)

Next thing you know, someone discovers some fault in the battery configuration and he can get Nokia to pay him to blow up every single iPhone user on the planet. Awesome.

Prevention/Defense (5, Funny)

InsertWittyNameHere (1438813) | about 5 years ago | (#28570767)

If any of you iPhone users wants to know how to prevent this attack, please reply with your cellphone number and I will TXT you the details.

You're welcome!

Re:Prevention/Defense (0)

Anonymous Coward | about 5 years ago | (#28570865)

555-STEVE-JOBS

Thx !

Re:Prevention/Defense (2, Funny)

Comatose51 (687974) | about 5 years ago | (#28570959)

9-1-1 I'm going to disable SMS for now just to be safe so just call it and tell me. If my hot blonde, high libido girlfriend picks up, say some obscene things to her. Just act out your fantasy right over the phone. She loves that.

I, for one, would like to say... (0)

Anonymous Coward | about 5 years ago | (#28570787)

DERRRRRRRRRRRRRRRRHHHH!!!!! Steve Jobs derrhrhhhhhhhhhhhhhh.

Run up your bill too (3, Insightful)

nurb432 (527695) | about 5 years ago | (#28570799)

Nice little dDos attack device, with one hell of a use fee at the end of the month ...

Re:Run up your bill too (3, Funny)

Joce640k (829181) | about 5 years ago | (#28570937)

Even better: 1) Record a crappy song, upload it to iTunes 2) Get every iPhone in the USA to "buy" a copy. 3) Babeland

Well there's your problem! (5, Insightful)

Anonymous Coward | about 5 years ago | (#28570815)

"as SMS can send binary code that the iPhone processes without user interaction"

Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?

Re:Well there's your problem! (1)

TheRaven64 (641858) | about 5 years ago | (#28570955)

Why would it do that? When you only have a small number of bytes, you want a character set that uses them all. SMS originally used a 7-bit character set, where every 7-bit sequence was a valid printing character. Now you can use 8-bit or 16-bit encodings, but every value is valid. Or do you think there is some magical difference between text and binary? Text is just binary where there is a well-defined mapping from numbers to characters.

Re:Well there's your problem! (3, Funny)

Peregr1n (904456) | about 5 years ago | (#28570983)

Yeah! Ban the characters '0' and '1' from text messages and stop this binary nonsense!

Re:Well there's your problem! (0, Redundant)

martas (1439879) | about 5 years ago | (#28572085)

common misconception. the characters '0' and '1' aren't binary, they in fact correspond to the numbers 48 and 49. you'd have to send NULL and SOH for 0 and 1.

sorry, couldn't help myself...

Re:Well there's your problem! (1)

sam0737 (648914) | about 5 years ago | (#28571057)

"as SMS can send binary code that the iPhone processes without user interaction"

Why is it even possible to send raw binary? Shouldn't it allow only a heavily-filtered subset of characters?

you mean allows only Chinese or Russian to pass through?

The unicode used is UTF-16, not UTF-8, which almost means every binary code is valid except for some range.

Re:Well there's your problem! (0)

Anonymous Coward | about 5 years ago | (#28571247)

SMS is a hack, it's actually a control channel that was eventually repackaged and resold as the now prevalent SMS.

I guess they forgot to disable the control functionality when they stopped using the control channel for actual, you know, control messages.

Re:Well there's your problem! (1)

goodtim (458647) | about 5 years ago | (#28571411)

I don't have an iPhone, so I'm not sure if you can do this, but my Blackberry can send SMS's with embedded pictures/videos/sounds. Commonally called MMS. According to wikipedia, its an exension of the SMS standard. I would assume this is where the vulnerabilities lie.

http://en.wikipedia.org/wiki/Multimedia_Messaging_Service [wikipedia.org]

Re:Well there's your problem! (0)

pwfffff (1517213) | about 5 years ago | (#28571583)

No.

A) iPhones don't do MMS (which is hilarious)
B) MMS is done over HTTP, with only the URL actually being sent over SMS, so nothing should ever really be executed (of course, you'd think the same would go for SMS...)

Re:Well there's your problem! (2, Informative)

topham (32406) | about 5 years ago | (#28571605)

Actually, they do MMS just fine.

But I wouldn't expect you to know that.

Re:Well there's your problem! (1)

pwfffff (1517213) | about 5 years ago | (#28571715)

Yeah, once you hack it and fool AT&T into thinking you don't actually have an iPhone.

But I wouldn't expect you to admit that.

Re:Well there's your problem! (0)

Anonymous Coward | about 5 years ago | (#28571841)

Because iPhones are only sold with AT&T worldwide????

Mine works perfectly with T-Mobile.

Re:Well there's your problem! (0)

Serious Callers Only (1022605) | about 5 years ago | (#28571909)

Yeah, once you hack it and fool AT&T into thinking you don't actually have an iPhone.

1. The United States != The World
2. iPhones now do MMS, AT&T doesn't (at present) allow it

So if you want to bore us all about hilarious deficiencies in the iPhone, and how you're proud not to own one, I'm afraid you'll need to find something else (I'm sure you'll think of something).

Re:Well there's your problem! (1)

CrashandDie (1114135) | about 5 years ago | (#28571413)

Yes, because nobody has ever thought of something like base64 to represent binary with printable characters...

Re:Well there's your problem! (1)

noelhenson (691861) | about 5 years ago | (#28572059)

Shouldn't SMS messages only contain SMS TEXT?! The worst that should happen is that you have a binary SMS message in your inbox.

Re:Well there's your problem! (1)

sp332 (781207) | about 5 years ago | (#28572161)

You've never heard of the EICAR.COM virus? (not the website, the win16, 100% ASCII virus)

i sense a disturbence in the force (3, Funny)

timmarhy (659436) | about 5 years ago | (#28570837)

it was as if 1000 apple fanbois cried out and then were silent...

Re:i sense a disturbence in the force (0)

Anonymous Coward | about 5 years ago | (#28570889)

it was as if 1000 apple fanbois cried out and then were silent...

Non only apple fanboys

From: http://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Miller

We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices.

Re:i sense a disturbence in the force (1)

TheRaven64 (641858) | about 5 years ago | (#28571019)

I note Symbian is conspicuously absent from that list. Interesting, considering that it has around 70+% of the market (isn't market share the excuse MS apologists always give for exploits?). Still a large enough installed base for a very irritating SMS-spam botnet though.

Re:i sense a disturbence in the force (1, Flamebait)

Oktober Sunset (838224) | about 5 years ago | (#28571217)

if only... even if every mac on the planet turned into a robot and killed a baby before collapsing into a pile of toxic debris, it would only shut the fanboys up for 5 minutes before they resumed bleating on about garage band and iphoto...

Re:i sense a disturbence in the force (1)

schon (31600) | about 5 years ago | (#28571585)

even if every mac on the planet turned into a robot and killed a baby before collapsing into a pile of toxic debris, it would only shut the fanboys up for 5 minutes

This is blatantly false and you know it!

If that happened, every true fanboy would immediately start talking about how awesome it was that Jobs had his own robot army.

Next thing ... (5, Funny)

Stavr0 (35032) | about 5 years ago | (#28570841)

Could the iPhone be jailbroken via SMS?

Re:Next thing ... (0)

Anonymous Coward | about 5 years ago | (#28571003)

Actually, it is [iphone-dev.org]

SMS? (1, Insightful)

yourassOA (1546173) | about 5 years ago | (#28570867)

Seems more like a back door than anything and now that it has been discovered Apple will try to fix (hide it better) the problem. Seems to me like most of the vulnerabilities would benefit law enforcement the most, weird huh? It not like this never happened with Microsoft, encryption key, and the FBI.

Jobs to the rescue (0)

Anonymous Coward | about 5 years ago | (#28570931)

Surely, the awesomeness of the iPhone protects it users? No? Hmm.. wait, but you know, it is *shiny*, and does get very hot, so hot you can't hold it. Yeah, this phone is the biz.
SMS crashes phone? Epic Fail Apple. What sort of crappy programmer doesn't know how to handle and parse text safely.

At least SOMEBODY has full access to my iPhone! (5, Informative)

just fiddling around (636818) | about 5 years ago | (#28570957)

That's just great. I can't use all the features of the iPhone because it is crippled by the providers, but any dumbass can get root by SMS?

If I had "bought" one (I consider the current way of getting it as rent-to-own), I would be pissed.

SMS limit isn't 140 characters (5, Informative)

praseodym (813457) | about 5 years ago | (#28571005)

SMS has a limit of 160 characters, not 140. Twitter has a 140-character limit because of its SMS-interface which leaves 20 characters for commands etc. in addition to the message.

Re:SMS limit isn't 140 characters (1)

FlyingBishop (1293238) | about 5 years ago | (#28571187)

I suspect the iPhone format uses exactly the same space for data about the message. Number of messages, message id, something else. Those two should only take 8 characters tops, but I'm sure they're going to need all 20 of them by the time they're done patching this exploit.

Or they could just ditch this stupid distinction between data and SMS. But that would take up entirely too much bandwidth...

Re:SMS limit isn't 140 characters (0)

Anonymous Coward | about 5 years ago | (#28571637)

Several countries also have 140 character limits because the carriers use an 8-bit character set, in some countries they use a 7-bit character set and hence get the "extra" 20 letters per message.

Depends how you define characters (3, Interesting)

multipartmixed (163409) | about 5 years ago | (#28571645)

And the case of binary data, you're dead wrong.

GSM SMS payload is 140 8-bit characters, or bytes, depending how you look at it.

The default SMS text encoding format uses 7-bits, and employs a bit-shifting algorithm to pack 160 7-bit characters in to 140 bytes. Binary formats can't use this compression, as, well, they need all eight bits.

Re:Depends how you define characters (2, Informative)

praseodym (813457) | about 5 years ago | (#28571831)

You're correct. And to complete it:

"Larger content (Concatenated SMS, multipart or segmented SMS or "long sms") can be sent using multiple messages, in which case each message will start with a user data header (UDH) containing segmentation information. Since UDH is inside the payload, the number of characters per segment is lower: 153 for 7-bit encoding, 134 for 8-bit encoding and 67 for 16-bit encoding." -- from Wikipedia [wikipedia.org]

So, in this case it's 134 bytes and not 140 since the payload probably doesn't fit in a single 140 bytes.

Didn't this just happen? (1)

sys.stdout.write (1551563) | about 5 years ago | (#28571049)

How does this compare to the story from two weeks ago? [slashdot.org]

Re:Didn't this just happen? (0)

Anonymous Coward | about 5 years ago | (#28572093)

Well, now we have the details of how it works.

Seems to affect other smart phones as well ... (5, Informative)

FelxH (1416581) | about 5 years ago | (#28571067)

from the second link: "We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices."

Re:Seems to affect other smart phones as well ... (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#28571307)

from the second link: "We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices."

We just assume Windows Mobile to be vulnerable and nobody gives a shit about Android, so the iPhone is the only real news.

Re:Seems to affect other smart phones as well ... (2, Insightful)

El_Muerte_TDS (592157) | about 5 years ago | (#28571813)

No learn to read. The second link says that they have technology to send an SMS Message to a phone without needing a carrier. It doesn't say anything about exploiting bugs in the handling of the SMS Message.

But...but... (0)

Anonymous Coward | about 5 years ago | (#28571097)

"Macs don't get viruses."

Turns out to be a lie. :)

I'm a pc.

Re:But...but... (1)

VulpesFoxnik (1493687) | about 5 years ago | (#28572143)

You are not a PC. You are human being. Stop saying that.

hypocracy (0, Troll)

gripusa (1359573) | about 5 years ago | (#28571123)

I am surprised to see the slashdotter's response, if this is somehow Micorsoft , i might heard long list of moanings that microsoft is this and that and now look if the culprit is their hearty [Pine]Apple this is just a joke or laugh ...

Finally (0)

Anonymous Coward | about 5 years ago | (#28571237)

Maybe we can work this into a way to cripple IPhone enough so that Apple losses its place as the smartphone market dominate hot chick. Then Microsoft or Palm can take the spotlight with a pricier less advanced more restrictive replacement with an even more expensive data plan........

More seriously it will be interesting to see how Apple handles the hacker "attention". Normally its M$ who has to release patch after patch in the interest of security

Outlook all over again? (1)

KlaymenDK (713149) | about 5 years ago | (#28571303)

How the hell can a format that's supposed to be passive plain text yield root access? Just receive and store the damn text, don't try to interpret it! If other apps want to peek into received messages and perform actions on that, fine, but this is just Outlook all over again!

Re:Outlook all over again? (1)

peppepz (1311345) | about 5 years ago | (#28571473)

With the current 3GPP specification SMS can also be concatenated, contain pictures and sounds, configure your phone’s browser, contain "push" links etc.
99% of this functionality is crap and was made obsolete by MMS, but phones still have to support it.

HAHA... (0)

Anonymous Coward | about 5 years ago | (#28571893)

now the manufacturers can patch the vulnerability by sending out a text message to everyone. Gain root access, and do what ever they need to get it fixed. Hopefully the bad guys don't get there first or there could be a bunch of lawsuits waiting at apple's front door.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...