Get Better Gear!

Premier Sponsors

TechRestore

Other World Computing

Top 5 Free Apps

Sheep Launcher Free!
Kronos Games
Release Date: August 05, 2009
Genre: Games
Boxed In
Dennis Mengelt
Release Date: May 22, 2009
Genre: Games
Ninjas Live
Storm8
Release Date: August 29, 2009
Genre: Games
Bump
Bump Technologies LLC
Release Date: March 27, 2009
Genre: Social Networking
Discovery Channel
Discovery Channel
Release Date: August 07, 2009
Genre: Entertainment

iTunes New Music Releases

Black Gives Way To Blue
Alice In Chains
Release Date: September 29, 2009
Genre: Rock
Backspacer
Pearl Jam
Release Date: September 20, 2009
Genre: Alternative
The Resistance
Muse
Release Date: September 15, 2009
Genre: Alternative
Awake (Deluxe Version)
Skillet
Release Date: August 25, 2009
Genre: Rock
Ellipse (Deluxe Version)
Imogen Heap
Release Date: August 25, 2009
Genre: Alternative

Top 5 Paid Apps

The Moron Test $0.99
DistinctDev
Release Date: April 22, 2009
Genre: Entertainment
StickWars $0.99
John E. Hartzog
Release Date: March 31, 2009
Genre: Games
Bloons $0.99
Digital Goldfish Ltd
Release Date: April 05, 2009
Genre: Games

Discover New Music

  • Velocifero

    • 6 out of 10
    • Ladytron

    • "Back to the future" isn't the right turn of phrase for Ladytron's newest album,

  • The Printz

    • 8 out of 10
    • Bumblebeez 81

    • Part white rap, part alternative, part pop, and part rock, the Bumblebeez grabbed a hold of me with "Pony Ride," and didn't let go.

      This group does a marvelous job of moving seamlessly be

  • Cocked & Loaded

    • 8 out of 10
    • Revolting Cocks

    • It's hard to believe it's been more than a decade since Ministry founder and front man Al Jourgensen's side project Revolting Cocks released any new material. 2006 brings us Cocked and Loaded

  • Whatever People Say I Am, That's What I'm Not

    • 8 out of 10
    • Arctic Monkeys

    • Get on your dancing shoes
      You sexy little swine
      -Arctic

  • Machine Gun Etiquette

    • 8 out of 10
    • The Damned
    • Punk rock is mostly associated with three chords and a bad attitude, but the Damned were one of the few bands of the era bent on bringing musicianship and a good sense of humor to the scene. And while

Reader Specials

Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!

iPhone

Charlie Miller to Unveil Unpatched iPhone SMS Hole

Wednesday, July 29th, 2009 at 4:00 PM - by Bryan Chaffin

Security researchers Charlie Miller and Collin Mulliner have announced that they will unveil a security hole that could allow the bad guys to hack "every iPhone in the world," and do so with relative ease. The issue involves an unpatched SMS Texting -- the technology used to send text messages between mobile phones -- buffer overflow hole that would allow a hacker to take over your iPhone by sending you 512 SMS messages, only one of which would be seen.

Worse, the visible message would show up as a single square character, and even that is subject to improvement (from the bad guys' perspective) to invisible characters, or something more benign.

Mr. Miller told Forbes magazine that he told Apple more than a month ago, but that the hole still had not been patched. He intends to demonstrate and publish it on Thursday at the Black hat cybersecurity conference in Las Vegas.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."

He added, "I've given them more time to patch this than I've ever given a company to patch a bug."

Once in control, the hacker could make phone calls with your phone (for instance, to 1.900 numbers that cost by the minute), send e-mails, or perpetrate the same attack against everyone in your Address Book, allowing it to spread quickly and easily.

Until the hole is patched, the only solution once you are infected is to turn your iPhone off.

Mr. Miller also said that a similar hole exists in the Windows Mobile, but that he had only discovered that on Monday, and had not yet notified Microsoft.

Mr. Miller has often made headlines in the Mac and iPhone press for publishing and demonstrating security holes in Mac OS X and the iPhone, and by winning multiple pwn2own contests that challenge hackers to take over a computing device remotely.

11 comments from the community.

You can post your own below.

SMSGuys said:

July 29th, 2009 at 3:29 PM

WTF! This is serious! What the F is SMS?

   Quote

Sir Harry Flashman said:

July 29th, 2009 at 3:32 PM

I get the feeling that Charlie is on a Harley with a loud exhaust, “Hey look at me!”

   Quote

Bryan Chaffin said:

July 29th, 2009 at 3:36 PM

I added a line explaining what SMS is.

Harry, I don’t see Mr. Miller as the bad guy here. I believe Apple needs to do a better job of embracing the independent security community and do a better job of communicating with them. It took Microsoft years to learn that lesson, and I wish Apple would, too.

In other words, I appreciate the efforts of people like Mr. Miller to push Apple, Microsoft, Google, the Linux community, etc. to pay more attention to these security issues.

   Quote

Sir Harry Flashman said:

July 29th, 2009 at 3:47 PM

Harry, I don’t see Mr. Miller as the bad guy here. I believe Apple needs to do a better job of embracing the independent security community and do a better job of communicating with them. It took Microsoft years to learn that lesson, and I wish Apple would, too.

He told Apple about it a month ago and it hasn’t been fixed fast enough for him so he is going to show the World how it works.

Maybe Apple wants to fix it so that it doesn’t break somewhere else and is taking the necessary time to do that. Or maybe there is no way that the exploit will work in the wild. But either way, he should keep it between him and Apple.

   Quote

daemon said:

July 29th, 2009 at 4:08 PM

Sir Harry Flashman,

The quote was “more than a month ago” not “a month ago.”

Apple has a piss poor track record of patching security holes in a timely manner.

   Quote

Sir Harry Flashman said:

July 29th, 2009 at 4:27 PM

Apple has a piss poor track record of patching security holes in a timely manner.

That does not change my opinion of Miller.

   Quote

Tiger said:

July 29th, 2009 at 5:19 PM

Is he aware that OS 3.1 is imminent and a probable fix is likely?

   Quote

Sir Harry Flashman said:

July 29th, 2009 at 6:05 PM

See this story at CNET. Some of the security experts who were to speak at Black Hat had their websites hacked.

   Quote

Sir Harry Flashman said:

July 30th, 2009 at 8:22 AM

Miller showed a reporter how it is done, see this story at CNET

   Quote

b9bot said:

July 30th, 2009 at 10:24 AM

Bryan is right, if he was so concerned about security then why would he threaten Apple and release the information to the world. He’s looking for attention, that’s all. He doesn’t give a hoot about security, he’s only trying to get some kind of pay off for not telling.
Apple isn’t into BLACKMAIL Miller.
If there is an issue like Bryan said, Apple is working on it. But also making sure they don’t open another door in the process and that takes time.

   Quote

b9bot said:

July 30th, 2009 at 10:28 AM

Apple has a piss poor track record of patching security holes in a timely manner.

Really? Then why is it that Apple has never had a real breach in security unlike Microsoft who has had millions of them!

   Quote

Page 1 of 1 pages

Post Your Comments

  Remember Me  Forgot your password?

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.

Commenting is not available in this section entry.